Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uOsIQqfgiT.exe

Overview

General Information

Sample name:uOsIQqfgiT.exe
renamed because original name is a hash value
Original sample name:a12133b2aadd267558975a8952daac3e.exe
Analysis ID:1567371
MD5:a12133b2aadd267558975a8952daac3e
SHA1:4f770593e992d7423aafdc6a2593d18d46d5f21b
SHA256:bbdd058ce8a5e7ebfcd229b2a6edd562497b4c58f3c7efb30b2cf73be35302a4
Tags:exeuser-abuse_ch
Infos:

Detection

Charity, TrojanRansom
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Charity Ransomware
Yara detected TrojanRansom
AI detected suspicious sample
Connects to many different private IPs (likely to spread or exploit)
Connects to many different private IPs via SMB (likely to spread or exploit)
Deletes shadow drive data (may be related to ransomware)
Found pyInstaller with non standard icon
Performs a network lookup / discovery via net view
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May use bcdedit to modify the Windows boot settings
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • uOsIQqfgiT.exe (PID: 3468 cmdline: "C:\Users\user\Desktop\uOsIQqfgiT.exe" MD5: A12133B2AADD267558975A8952DAAC3E)
    • uOsIQqfgiT.exe (PID: 352 cmdline: "C:\Users\user\Desktop\uOsIQqfgiT.exe" MD5: A12133B2AADD267558975A8952DAAC3E)
      • cmd.exe (PID: 7836 cmdline: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.1" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net.exe (PID: 7888 cmdline: net view \\192.168.1.1 MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
      • cmd.exe (PID: 5544 cmdline: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.2" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net.exe (PID: 7184 cmdline: net view \\192.168.1.2 MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
      • cmd.exe (PID: 7248 cmdline: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.3" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net.exe (PID: 7268 cmdline: net view \\192.168.1.3 MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
      • cmd.exe (PID: 7324 cmdline: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.4" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net.exe (PID: 7336 cmdline: net view \\192.168.1.4 MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
      • cmd.exe (PID: 7588 cmdline: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.5" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net.exe (PID: 7656 cmdline: net view \\192.168.1.5 MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
      • cmd.exe (PID: 7716 cmdline: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.6" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net.exe (PID: 7784 cmdline: net view \\192.168.1.6 MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: uOsIQqfgiT.exe PID: 352JoeSecurity_CharityYara detected Charity RansomwareJoe Security
    Process Memory Space: uOsIQqfgiT.exe PID: 352JoeSecurity_TrojanRansomYara detected TrojanRansomJoe Security

      Sigma Signatures

      Sigma detected: Net.exe Execution
      Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net view \\192.168.1.1, CommandLine: net view \\192.168.1.1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.1", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7836, ParentProcessName: cmd.exe, ProcessCommandLine: net view \\192.168.1.1, ProcessId: 7888, ProcessName: net.exe
      Sigma detected: Share And Session Enumeration Using Net.EXE
      Source: Process startedAuthor: Endgame, JHasenbusch (ported for oscd.community): Data: Command: net view \\192.168.1.1, CommandLine: net view \\192.168.1.1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "net view \\192.168.1.1", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7836, ParentProcessName: cmd.exe, ProcessCommandLine: net view \\192.168.1.1, ProcessId: 7888, ProcessName: net.exe

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability

      Exploits

      barindex
      Connects to many different private IPs (likely to spread or exploit)
      Source: global trafficTCP traffic: 192.168.1.74:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.73:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.76:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.75:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.78:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.77:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.79:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.70:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.72:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.71:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.59:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.63:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.62:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.65:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.64:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.67:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.66:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.69:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.68:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.61:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.60:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.1:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.118:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.119:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.3:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.2:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.114:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.115:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.116:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.117:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.9:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.49:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.110:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.8:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.48:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.111:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.112:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.113:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.5:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.4:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.7:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.6:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.52:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.51:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.54:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.53:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.56:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.55:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.58:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.57:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.50:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.107:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.108:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.109:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.103:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.104:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.105:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.106:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.38:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.37:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.100:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.101:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.39:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.102:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.41:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.40:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.43:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.42:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.45:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.44:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.47:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.46:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.27:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.26:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.29:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.28:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.130:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.30:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.32:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.31:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.34:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.33:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.36:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.35:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.129:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.125:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.126:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.127:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.128:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.16:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.121:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.15:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.122:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.18:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.123:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.17:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.124:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.19:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.120:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.21:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.20:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.23:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.22:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.25:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.24:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.96:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.95:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.10:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.98:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.97:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.12:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.11:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.99:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.14:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.13:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.90:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.92:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.91:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.94:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.93:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.85:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.84:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.87:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.86:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.89:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.88:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.81:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.80:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.83:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.82:445Jump to behavior
      Connects to many different private IPs via SMB (likely to spread or exploit)
      Source: global trafficTCP traffic: 192.168.1.74:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.73:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.76:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.75:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.78:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.77:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.79:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.70:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.72:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.71:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.59:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.63:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.62:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.65:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.64:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.67:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.66:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.69:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.68:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.61:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.60:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.1:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.118:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.119:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.3:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.2:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.114:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.115:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.116:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.117:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.9:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.49:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.110:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.8:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.48:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.111:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.112:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.113:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.5:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.4:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.7:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.6:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.52:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.51:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.54:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.53:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.56:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.55:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.58:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.57:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.50:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.107:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.108:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.109:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.103:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.104:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.105:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.106:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.38:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.37:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.100:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.101:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.39:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.102:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.41:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.40:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.43:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.42:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.45:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.44:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.47:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.46:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.27:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.26:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.29:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.28:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.130:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.30:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.32:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.31:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.34:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.33:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.36:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.35:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.129:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.125:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.126:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.127:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.128:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.16:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.121:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.15:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.122:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.18:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.123:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.17:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.124:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.19:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.120:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.21:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.20:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.23:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.22:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.25:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.24:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.96:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.95:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.10:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.98:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.97:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.12:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.11:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.99:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.14:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.13:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.90:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.92:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.91:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.94:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.93:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.85:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.84:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.87:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.86:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.89:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.88:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.81:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.80:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.83:445Jump to behavior
      Source: global trafficTCP traffic: 192.168.1.82:445Jump to behavior
      Source: uOsIQqfgiT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
      Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
      Source: Binary string: D:\Ransom\Charity-master\Charity-master\Charity\obj\x86\Release\Reader_en_install.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983892174.00007FFE1323C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
      Source: Binary string: .db.dbf.mdb.pdb.sql.dwg.dxf.asp source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983892174.00007FFE1323C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmp, _bz2.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1721791015.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: uOsIQqfgiT.exe, 00000000.00000003.1721791015.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\Ransom\Charity-master\Charity-master\Charity-Decrypt\obj\x64\Debug\Decrypt.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmp, _socket.pyd.0.dr
      Source: Binary string: .db.dbf.mdb.pdb.sql source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2982548664.00007FFDFB87B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr

      Spreading

      barindex
      Performs a network lookup / discovery via net view
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.2
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.3
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.4
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.5
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.6
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.1Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.2Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.3Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.4Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.5Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.6Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019885A0 FindFirstFileExW,FindClose,0_2_00007FF6019885A0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019879B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6019879B0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6019A0B84
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019885A0 FindFirstFileExW,FindClose,1_2_00007FF6019885A0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019879B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6019879B0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6019A0B84
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132057F8 recv,1_2_00007FFE132057F8
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000002.2980413583.00000206433AD000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000002.2980413583.00000206433AD000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000002.2980413583.00000206433AD000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000002.2980413583.00000206433AD000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000002.2980413583.00000206433AD000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
      Source: 341vtfaf.exe.1.drString found in binary or memory: http://tempuri.org/
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drString found in binary or memory: http://tempuri.org/AddInfectionT
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drString found in binary or memory: http://tempuri.org/HelloWorldT
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drString found in binary or memory: http://tempuri.org/T
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1725183603.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1723618048.00000206433AB000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1724431817.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, python311.dll.0.dr, select.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drString found in binary or memory: http://www.google.com/
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drString found in binary or memory: http://www.google.com/Cnetsh
      Source: uOsIQqfgiT.exe, 00000001.00000003.1730499077.00000234DCF73000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
      Source: uOsIQqfgiT.exe, 00000001.00000003.1729964462.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728624628.00000234DAFB1000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
      Source: uOsIQqfgiT.exe, 00000001.00000002.2980556430.00000234DC918000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
      Source: uOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
      Source: uOsIQqfgiT.exe, 00000001.00000003.1729964462.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728638342.00000234DAFBA000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728624628.00000234DAFB1000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
      Source: uOsIQqfgiT.exe, 00000001.00000003.1729964462.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728624628.00000234DAFB1000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981023076.00000234DCE30000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
      Source: uOsIQqfgiT.exe, 00000001.00000002.2982548664.00007FFDFB87B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
      Source: libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
      Source: uOsIQqfgiT.exe, 00000001.00000002.2980556430.00000234DC890000.00000004.00001000.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1729812463.00000234DCDA4000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1729852937.00000234DCD8B000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
      Source: uOsIQqfgiT.exe, 00000001.00000002.2982740122.00007FFDFB918000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drString found in binary or memory: https://www.python.org/psf/license/

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Yara detected Charity Ransomware
      Source: Yara matchFile source: Process Memory Space: uOsIQqfgiT.exe PID: 352, type: MEMORYSTR
      Yara detected TrojanRansom
      Source: Yara matchFile source: Process Memory Space: uOsIQqfgiT.exe PID: 352, type: MEMORYSTR
      Deletes shadow drive data (may be related to ransomware)
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: M/C vssadmin Delete Shadows /All /Quiet
      Source: 341vtfaf.exe.1.drBinary or memory string: M/C vssadmin Delete Shadows /All /Quiet
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A5C740_2_00007FF6019A5C74
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019810000_2_00007FF601981000
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601988B200_2_00007FF601988B20
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601990A600_2_00007FF601990A60
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A8A380_2_00007FF6019A8A38
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601997AAC0_2_00007FF601997AAC
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019912800_2_00007FF601991280
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60199D2000_2_00007FF60199D200
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019991B00_2_00007FF6019991B0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A518C0_2_00007FF6019A518C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601992CC40_2_00007FF601992CC4
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601990C640_2_00007FF601990C64
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019914840_2_00007FF601991484
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60199FBD80_2_00007FF60199FBD8
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019973F40_2_00007FF6019973F4
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A33BC0_2_00007FF6019A33BC
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A0B840_2_00007FF6019A0B84
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A2F200_2_00007FF6019A2F20
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601991F300_2_00007FF601991F30
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60199FBD80_2_00007FF60199FBD8
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A57280_2_00007FF6019A5728
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A4F100_2_00007FF6019A4F10
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601990E700_2_00007FF601990E70
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019895FB0_2_00007FF6019895FB
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60199CD6C0_2_00007FF60199CD6C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019928C00_2_00007FF6019928C0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019910740_2_00007FF601991074
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019950400_2_00007FF601995040
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60199D8800_2_00007FF60199D880
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601989FCD0_2_00007FF601989FCD
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60198979B0_2_00007FF60198979B
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A5C741_2_00007FF6019A5C74
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019895FB1_2_00007FF6019895FB
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019810001_2_00007FF601981000
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601988B201_2_00007FF601988B20
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601990A601_2_00007FF601990A60
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A8A381_2_00007FF6019A8A38
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601997AAC1_2_00007FF601997AAC
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019912801_2_00007FF601991280
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60199D2001_2_00007FF60199D200
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019991B01_2_00007FF6019991B0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A518C1_2_00007FF6019A518C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601992CC41_2_00007FF601992CC4
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601990C641_2_00007FF601990C64
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019914841_2_00007FF601991484
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60199FBD81_2_00007FF60199FBD8
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019973F41_2_00007FF6019973F4
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A33BC1_2_00007FF6019A33BC
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A0B841_2_00007FF6019A0B84
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A2F201_2_00007FF6019A2F20
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601991F301_2_00007FF601991F30
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60199FBD81_2_00007FF60199FBD8
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A57281_2_00007FF6019A5728
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A4F101_2_00007FF6019A4F10
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601990E701_2_00007FF601990E70
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60199CD6C1_2_00007FF60199CD6C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019928C01_2_00007FF6019928C0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019910741_2_00007FF601991074
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019950401_2_00007FF601995040
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60199D8801_2_00007FF60199D880
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601989FCD1_2_00007FF601989FCD
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60198979B1_2_00007FF60198979B
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132010601_2_00007FFE13201060
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13221BB01_2_00007FFE13221BB0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132253A01_2_00007FFE132253A0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13222FF01_2_00007FFE13222FF0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1322F81C1_2_00007FFE1322F81C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132212B01_2_00007FFE132212B0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13226EAC1_2_00007FFE13226EAC
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13228D401_2_00007FFE13228D40
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13225CE01_2_00007FFE13225CE0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132225301_2_00007FFE13222530
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13253E601_2_00007FFE13253E60
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13252EB01_2_00007FFE13252EB0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13253BD01_2_00007FFE13253BD0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1325C7D81_2_00007FFE1325C7D8
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132560C01_2_00007FFE132560C0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132510001_2_00007FFE13251000
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13273F501_2_00007FFE13273F50
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13271F501_2_00007FFE13271F50
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132727A01_2_00007FFE132727A0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132739F01_2_00007FFE132739F0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132732E01_2_00007FFE132732E0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13272ED01_2_00007FFE13272ED0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE133032001_2_00007FFE13303200
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1A4577781_2_00007FFE1A457778
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1A4596201_2_00007FFE1A459620
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: String function: 00007FF6019825F0 appears 100 times
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: String function: 00007FF601982760 appears 36 times
      Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
      Source: 341vtfaf.exe.1.drStatic PE information: No import functions for PE file found
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722009410.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1721791015.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exeBinary or memory string: OriginalFilename vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2983949029.00007FFE13245000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDecrypt.exe" vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReader_en_install.exe: vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2983641825.00007FFDFBAB7000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython311.dll. vs uOsIQqfgiT.exe
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drBinary or memory string: .csproj
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drBinary or memory string: .sh.sln
      Source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drBinary or memory string: .csproj.dll
      Source: classification engineClassification label: mal80.rans.spre.expl.winEXE@33/14@0/100
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019829E0 GetLastError,FormatMessageW,MessageBoxW,0_2_00007FF6019829E0
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7848:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7396:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7732:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7208:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3584:120:WilError_03
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682Jump to behavior
      Source: uOsIQqfgiT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile read: C:\Users\user\Desktop\uOsIQqfgiT.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\uOsIQqfgiT.exe "C:\Users\user\Desktop\uOsIQqfgiT.exe"
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Users\user\Desktop\uOsIQqfgiT.exe "C:\Users\user\Desktop\uOsIQqfgiT.exe"
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.1"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.1
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.2"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.2
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.3"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.3
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.4"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.4
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.5"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.5
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.6"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.6
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Users\user\Desktop\uOsIQqfgiT.exe "C:\Users\user\Desktop\uOsIQqfgiT.exe"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.1"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.2"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.3"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.4"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.5"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.6"Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.1Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.2Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.3Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.4Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.5Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.6Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeSection loaded: python3.dllJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeSection loaded: libffi-8.dllJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
      Source: uOsIQqfgiT.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: uOsIQqfgiT.exeStatic file information: File size 6746220 > 1048576
      Source: uOsIQqfgiT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
      Source: uOsIQqfgiT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
      Source: uOsIQqfgiT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
      Source: uOsIQqfgiT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: uOsIQqfgiT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Source: uOsIQqfgiT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
      Source: uOsIQqfgiT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
      Source: uOsIQqfgiT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1727351824.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1727533857.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1722297507.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
      Source: Binary string: D:\Ransom\Charity-master\Charity-master\Charity\obj\x86\Release\Reader_en_install.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983892174.00007FFE1323C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
      Source: Binary string: .db.dbf.mdb.pdb.sql.dwg.dxf.asp source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
      Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
      Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1u 30 May 2023built on: Wed May 31 23:27:41 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983892174.00007FFE1323C000.00000002.00000001.01000000.00000009.sdmp, _lzma.pyd.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1721907780.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmp, _bz2.pyd.0.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1721791015.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: uOsIQqfgiT.exe, 00000000.00000003.1721791015.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
      Source: Binary string: D:\Ransom\Charity-master\Charity-master\Charity-Decrypt\obj\x64\Debug\Decrypt.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: uOsIQqfgiT.exe, 00000000.00000003.1722768631.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmp, _socket.pyd.0.dr
      Source: Binary string: .db.dbf.mdb.pdb.sql source: uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.dr
      Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
      Source: Binary string: D:\a\1\b\bin\amd64\python311.pdb source: uOsIQqfgiT.exe, 00000001.00000002.2982548664.00007FFDFB87B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.dr
      Source: uOsIQqfgiT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: uOsIQqfgiT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: uOsIQqfgiT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: uOsIQqfgiT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: uOsIQqfgiT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: python311.dll.0.drStatic PE information: section name: PyRuntim
      Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
      Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1322D390 push rsi; iretd 1_2_00007FFE1322D3A5
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1322D418 push rsi; retf 1_2_00007FFE1322D419

      Persistence and Installation Behavior

      barindex
      Found pyInstaller with non standard icon
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: "C:\Users\user\Desktop\uOsIQqfgiT.exe"
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\select.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\python311.dllJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\_ctypes.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\_hashlib.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\_lzma.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\341vtfaf.exeJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\unicodedata.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\_bz2.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\_socket.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\_decimal.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\VCRUNTIME140.dllJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI34682\libffi-8.dllJump to dropped file
      Source: 341vtfaf.exe.1.drBinary or memory string: bcdedit.exe
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601986EA0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF601986EA0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\select.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\python311.dllJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\_ctypes.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\_hashlib.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\_lzma.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\341vtfaf.exeJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\unicodedata.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\_bz2.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\_socket.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI34682\_decimal.pydJump to dropped file
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17321
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeAPI coverage: 2.2 %
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019885A0 FindFirstFileExW,FindClose,0_2_00007FF6019885A0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019879B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6019879B0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6019A0B84
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019885A0 FindFirstFileExW,FindClose,1_2_00007FF6019885A0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019879B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6019879B0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF6019A0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6019A0B84
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13272E00 Sleep,GetSystemInfo,abort,1_2_00007FFE13272E00
      Source: uOsIQqfgiT.exe, 00000001.00000003.1736976290.00000234DCFD6000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1731005502.00000234DD032000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1739539209.00000234DD029000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2981353035.00000234DD032000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1737437404.00000234DD034000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW;P
      Source: uOsIQqfgiT.exe, 00000001.00000003.1736976290.00000234DCFD6000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1731005502.00000234DD032000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1736976290.00000234DCF5C000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1740209785.00000234DCF60000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1739539209.00000234DD029000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2981353035.00000234DD032000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1737437404.00000234DD034000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2981192249.00000234DCF62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60198C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60198C44C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A2790 GetProcessHeap,0_2_00007FF6019A2790
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60198C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60198C44C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60198BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF60198BBC0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60198C62C SetUnhandledExceptionFilter,0_2_00007FF60198C62C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF601999924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF601999924
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60198C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF60198C44C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60198BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF60198BBC0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF60198C62C SetUnhandledExceptionFilter,1_2_00007FF60198C62C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FF601999924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF601999924
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE130C1B00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE130C1B00
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE130C1530 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE130C1530
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13202BC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13202BC0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13202600 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE13202600
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13233BB0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13233BB0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132335E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE132335E0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1325A090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1325A090
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1325AAD8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE1325AAD8
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132752F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE132752F0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13274D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE13274D20
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13306254 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13306254
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13305CB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE13305CB0
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE1A460468 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1A460468
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Users\user\Desktop\uOsIQqfgiT.exe "C:\Users\user\Desktop\uOsIQqfgiT.exe"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.1"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.2"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.3"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.4"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.5"Jump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "net view \\192.168.1.6"Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.1Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.2Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.3Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.4Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.5Jump to behavior
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view \\192.168.1.6Jump to behavior
      Source: uOsIQqfgiT.exe, 00000001.00000003.1731005502.00000234DD032000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1731042680.00000234DD08B000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1730964013.00000234DD0EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DOF_PROGMAN
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A8880 cpuid 0_2_00007FF6019A8880
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\libcrypto-1_1.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\libffi-8.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\python311.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\select.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\unicodedata.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_bz2.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_ctypes.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_decimal.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_hashlib.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_lzma.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_bz2.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_lzma.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\_socket.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682 VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI34682\select.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\Desktop\uOsIQqfgiT.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\341vtfaf.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF60198C330 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF60198C330
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 0_2_00007FF6019A518C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6019A518C
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE132045E8 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,1_2_00007FFE132045E8
      Source: C:\Users\user\Desktop\uOsIQqfgiT.exeCode function: 1_2_00007FFE13205610 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,1_2_00007FFE13205610

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      Bootkit      		12
      Process Injection      		12
      Process Injection      		OS Credential Dumping1
      Network Share Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		LSASS Memory2
      System Time Discovery      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
      Obfuscated Files or Information      		Security Account Manager21
      Security Software Discovery      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Bootkit      		NTDS1
      Process Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      DLL Side-Loading      		LSA Secrets1
      Remote System Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      File Deletion      		Cached Domain Credentials1
      System Network Configuration Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
      File and Directory Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem23
      System Information Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1567371 Sample: uOsIQqfgiT.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 80 62 Yara detected Charity Ransomware 2->62 64 Yara detected TrojanRansom 2->64 66 Deletes shadow drive data (may be related to ransomware) 2->66 68 AI detected suspicious sample 2->68 8 uOsIQqfgiT.exe 14 2->8         started        process3 file4 44 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 8->44 dropped 46 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 8->46 dropped 48 C:\Users\user\AppData\Local\...\python311.dll, PE32+ 8->48 dropped 50 9 other files (none is malicious) 8->50 dropped 70 Found pyInstaller with non standard icon 8->70 12 uOsIQqfgiT.exe 1 8->12         started        signatures5 process6 dnsIp7 54 192.168.1.1, 445, 49730, 49984 unknown unknown 12->54 56 192.168.1.10, 445, 49739, 49993 unknown unknown 12->56 58 98 other IPs or domains 12->58 52 C:\Users\user\AppData\Local\...\341vtfaf.exe, PE32+ 12->52 dropped 72 Connects to many different private IPs via SMB (likely to spread or exploit) 12->72 74 Connects to many different private IPs (likely to spread or exploit) 12->74 76 Deletes shadow drive data (may be related to ransomware) 12->76 17 cmd.exe 1 12->17         started        20 cmd.exe 1 12->20         started        22 cmd.exe 1 12->22         started        24 3 other processes 12->24 file8 signatures9 process10 signatures11 60 Performs a network lookup / discovery via net view 17->60 26 conhost.exe 17->26         started        28 net.exe 1 17->28         started        30 conhost.exe 20->30         started        32 net.exe 1 20->32         started        34 conhost.exe 22->34         started        36 net.exe 1 22->36         started        38 conhost.exe 24->38         started        40 conhost.exe 24->40         started        42 4 other processes 24->42 process12

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\_MEI34682\VCRUNTIME140.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\_bz2.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\_ctypes.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\_decimal.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\_hashlib.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\_lzma.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\_socket.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\libcrypto-1_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\libffi-8.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\python311.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\select.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI34682\unicodedata.pyd0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64uOsIQqfgiT.exe, 00000001.00000003.1730499077.00000234DCF73000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688uOsIQqfgiT.exe, 00000001.00000002.2980556430.00000234DC918000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          http://cacerts.digicert.couOsIQqfgiT.exe, 00000000.00000003.1722145945.00000206433A0000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000000.00000003.1722392187.00000206433A0000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://www.python.org/download/releases/2.3/mro/.uOsIQqfgiT.exe, 00000001.00000002.2980556430.00000234DC890000.00000004.00001000.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1729812463.00000234DCDA4000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1729852937.00000234DCD8B000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
              		high
              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readeruOsIQqfgiT.exe, 00000001.00000003.1729964462.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728638342.00000234DAFBA000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728624628.00000234DAFB1000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://tempuri.org/AddInfectionTuOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drfalse
                  		high
                  https://www.openssl.org/Hlibcrypto-1_1.dll.0.drfalse
                    		high
                    http://tempuri.org/HelloWorldTuOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drfalse
                      		high
                      http://tempuri.org/TuOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drfalse
                        		high
                        http://www.google.com/CnetshuOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drfalse
                          		high
                          http://tempuri.org/341vtfaf.exe.1.drfalse
                            		high
                            https://peps.python.org/pep-0205/uOsIQqfgiT.exe, 00000001.00000002.2981023076.00000234DCE30000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#uOsIQqfgiT.exe, 00000001.00000003.1729964462.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728624628.00000234DAFB1000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyuOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syuOsIQqfgiT.exe, 00000001.00000003.1729964462.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1728624628.00000234DAFB1000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000002.2980275068.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmp, uOsIQqfgiT.exe, 00000001.00000003.1730126741.00000234DAFB5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://peps.python.org/pep-0263/uOsIQqfgiT.exe, 00000001.00000002.2982548664.00007FFDFB87B000.00000002.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
                                      		high
                                      http://www.google.com/uOsIQqfgiT.exe, 00000001.00000002.2981148210.00000234DCF30000.00000004.00000020.00020000.00000000.sdmp, 341vtfaf.exe.1.drfalse
                                        		high
                                        https://www.python.org/psf/license/uOsIQqfgiT.exe, 00000001.00000002.2982740122.00007FFDFB918000.00000004.00000001.01000000.00000004.sdmp, python311.dll.0.drfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious

                                          Private

                                          IP
                                          192.168.1.217
                                          192.168.1.218
                                          192.168.1.219
                                          192.168.1.213
                                          192.168.1.214
                                          192.168.1.215
                                          192.168.1.216
                                          192.168.1.210
                                          192.168.1.211
                                          192.168.1.212
                                          192.168.1.206
                                          192.168.1.207
                                          192.168.1.208
                                          192.168.1.209
                                          192.168.1.202
                                          192.168.1.203
                                          192.168.1.204
                                          192.168.1.205
                                          192.168.1.200
                                          192.168.1.201
                                          192.168.1.1
                                          192.168.1.118
                                          192.168.1.239
                                          192.168.1.119
                                          192.168.1.3
                                          192.168.1.2
                                          192.168.1.114
                                          192.168.1.235
                                          192.168.1.115
                                          192.168.1.236
                                          192.168.1.116
                                          192.168.1.237
                                          192.168.1.117
                                          192.168.1.238
                                          192.168.1.9
                                          192.168.1.110
                                          192.168.1.231
                                          192.168.1.8
                                          192.168.1.111
                                          192.168.1.232
                                          192.168.1.112
                                          192.168.1.233
                                          192.168.1.113
                                          192.168.1.234
                                          192.168.1.5
                                          192.168.1.4
                                          192.168.1.7
                                          192.168.1.6
                                          192.168.1.230
                                          192.168.1.107
                                          192.168.1.228
                                          192.168.1.108
                                          192.168.1.229
                                          192.168.1.109
                                          192.168.1.103
                                          192.168.1.224
                                          192.168.1.104
                                          192.168.1.225
                                          192.168.1.105
                                          192.168.1.226
                                          192.168.1.106
                                          192.168.1.227
                                          192.168.1.220
                                          192.168.1.100
                                          192.168.1.221
                                          192.168.1.101
                                          192.168.1.222
                                          192.168.1.102
                                          192.168.1.223
                                          192.168.1.27
                                          192.168.1.26
                                          192.168.1.29
                                          192.168.1.28
                                          192.168.1.30
                                          192.168.1.32
                                          192.168.1.31
                                          192.168.1.34
                                          192.168.1.33
                                          192.168.1.36
                                          192.168.1.35
                                          192.168.1.16
                                          192.168.1.15
                                          192.168.1.18
                                          192.168.1.17
                                          192.168.1.19
                                          192.168.1.21
                                          192.168.1.20
                                          192.168.1.23
                                          192.168.1.22
                                          192.168.1.25
                                          192.168.1.24
                                          192.168.1.10
                                          192.168.1.12
                                          192.168.1.11
                                          192.168.1.14
                                          192.168.1.13
                                          192.168.1.176
                                          192.168.1.177
                                          192.168.1.178
                                          192.168.1.179

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1567371
                                          Start date and time:2024-12-03 13:56:09 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 6m 28s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:24
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:uOsIQqfgiT.exe
                                          renamed because original name is a hash value
                                          Original Sample Name:a12133b2aadd267558975a8952daac3e.exe
                                          Detection:MAL
                                          Classification:mal80.rans.spre.expl.winEXE@33/14@0/100
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HCA Information:Failed
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe

                                          Warnings

                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • VT rate limit hit for: uOsIQqfgiT.exe

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASNs

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          C:\Users\user\AppData\Local\Temp\_MEI34682\VCRUNTIME140.dllsaiya.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                            RuntimeusererVers.exeGet hashmaliciousPython StealerBrowse
                                              OBS-Studio-30.2.3-Windows-Installer.exeGet hashmaliciousUnknownBrowse
                                                BrowserUpdate.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousCStealerBrowse
                                                    Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                      Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                        xor-enc.exeGet hashmaliciousUnknownBrowse
                                                          PZKAQY0bX5.exeGet hashmaliciousBlank GrabberBrowse
                                                            Master.exeGet hashmaliciousCobaltStrike, MetasploitBrowse

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Temp\341vtfaf.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):178688
                                                              Entropy (8bit):6.100307497451274
                                                              Encrypted:false
                                                              SSDEEP:3072:jiK6JyIQ65De3Pobxy94ksVE3nbe/9d9vnKW7+lWiNav49TgUCV7:YyI/DewbQ6VgnbYd9vV7YjMgdgV
                                                              MD5:A1F759941134F8381FCD48863224B585
                                                              SHA1:5CA38697053D45FE4B61F5A689124DD88C0C4389
                                                              SHA-256:D76FCEDCC85391CCA03F98AEEF106DE5A03BE5CAB70FBB0F582B6D94654EA7F6
                                                              SHA-512:6AA5A56117B84F5D7DD3C89EE653E923B3DDD0C2100CC11BBE41612501E913D888D5D8E7D49BBA07C9573552D8DC0D9CD815E7996017D25E24F8FF391D93D9B7
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.../72g.........."...0.................. .....@..... ....................................`...@......@............... ...................................,........................................................................................... ..H............text....... ...................... ..`.rsrc....,..........................@..@........................................H........v..,.......Q...8C..xe............................................(#...*.0..........($...o%...(&...r...p('...((...-.....()...r...p('....($...r...po*.....,..(+......(,...o-......,..o........,..o.....~/...r1..p.o0...%r]..p....(1...o2...r{..p....(1...o2........(....&..&..*..(....O..]........E.$i...................0..7.........(3...}G......}H......}F.....|G.....(...+..|G...(5...*..0..+.........(6...}A......}B......}@.....|A.....(...+*..0..#.........(6...}D......}C.....|D.....(..

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\VCRUNTIME140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):109392
                                                              Entropy (8bit):6.641929675972235
                                                              Encrypted:false
                                                              SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                              MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                              SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                              SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                              SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: saiya.exe, Detection: malicious, Browse
                                                              • Filename: RuntimeusererVers.exe, Detection: malicious, Browse
                                                              • Filename: OBS-Studio-30.2.3-Windows-Installer.exe, Detection: malicious, Browse
                                                              • Filename: BrowserUpdate.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: Payload.exe, Detection: malicious, Browse
                                                              • Filename: Payload.exe, Detection: malicious, Browse
                                                              • Filename: xor-enc.exe, Detection: malicious, Browse
                                                              • Filename: PZKAQY0bX5.exe, Detection: malicious, Browse
                                                              • Filename: Master.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\_bz2.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):84760
                                                              Entropy (8bit):6.570831353064175
                                                              Encrypted:false
                                                              SSDEEP:1536:PdQz7pZ3catNZTRGE51LOBK5bib8tsfYqpIPCV17SyQPx:VQz9Z5VOwiItsAqpIPCV1Gx
                                                              MD5:3859239CED9A45399B967EBCE5A6BA23
                                                              SHA1:6F8FF3DF90AC833C1EB69208DB462CDA8CA3F8D6
                                                              SHA-256:A4DD883257A7ACE84F96BCC6CD59E22D843D0DB080606DEFAE32923FC712C75A
                                                              SHA-512:030E5CE81E36BD55F69D55CBB8385820EB7C1F95342C1A32058F49ABEABB485B1C4A30877C07A56C9D909228E45A4196872E14DED4F87ADAA8B6AD97463E5C69
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A}...............d`.....J`......J`......J`......J`......J`.......`......Nd..........Z....`.......`.......`.......`......Rich............PE..d......d.........." ...".....^......L........................................P.......`....`.........................................p...H............0....... .. ......../...@..........T...........................p...@............................................text............................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\_ctypes.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):123664
                                                              Entropy (8bit):6.058417150946148
                                                              Encrypted:false
                                                              SSDEEP:3072:c7u5LnIx1If3yJdqfLI2AYX5BO89IPLPPUxdF:cwxfijqfLI29BO8VF
                                                              MD5:BD36F7D64660D120C6FB98C8F536D369
                                                              SHA1:6829C9CE6091CB2B085EB3D5469337AC4782F927
                                                              SHA-256:EE543453AC1A2B9B52E80DC66207D3767012CA24CE2B44206804767F37443902
                                                              SHA-512:BD15F6D4492DDBC89FCBADBA07FC10AA6698B13030DD301340B5F1B02B74191FAF9B3DCF66B72ECF96084656084B531034EA5CADC1DD333EF64AFB69A1D1FD56
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...Z...&...Z...&...Z...&...Z...&..$Z...&...^...&...^...&..-Z...&...&...&..$Z...&..$Z...&..$Zv..&..$Z...&..Rich.&..........................PE..d...!..d.........." ..."............p\..............................................|o....`.........................................pP.......P.........................../..............T...........................`...@............................................text............................... ..`.rdata...l.......n..................@..@.data...$=...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\_decimal.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):253200
                                                              Entropy (8bit):6.559097478184273
                                                              Encrypted:false
                                                              SSDEEP:6144:7t9gXW32tb0yf6CgLp+E4YECs5wxvj9qWM53pLW1Apw9tBg2YAp:7ngXW3wgyCiE4texvGI4Ap
                                                              MD5:65B4AB77D6C6231C145D3E20E7073F51
                                                              SHA1:23D5CE68ED6AA8EAABE3366D2DD04E89D248328E
                                                              SHA-256:93EB9D1859EDCA1C29594491863BF3D72AF70B9A4240E0D9DD171F668F4F8614
                                                              SHA-512:28023446E5AC90E9E618673C879CA46F598A62FBB9E69EF925DB334AD9CB1544916CAF81E2ECDC26B75964DCEDBA4AD4DE1BA2C42FB838D0DF504D963FCF17EE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nyR.............w.......s.......s.......s.......s.......s.......w.........._....s.......s.......s.......s.......s......Rich............PE..d......d.........." ...".v...<......L...............................................Rn....`..........................................T..P...`T...................&......./......P.......T...........................P...@............................................text....u.......v.................. ..`.rdata..<............z..............@..@.data....*...p...$...R..............@....pdata...&.......(...v..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\_hashlib.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):65304
                                                              Entropy (8bit):6.222786912280051
                                                              Encrypted:false
                                                              SSDEEP:1536:6TO+CPN/pV8ETeERZX/fchw/IpBIPOIVQ7SygPx:mClZZow/IpBIPOIVQyx
                                                              MD5:4255C44DC64F11F32C961BF275AAB3A2
                                                              SHA1:C1631B2821A7E8A1783ECFE9A14DB453BE54C30A
                                                              SHA-256:E557873D5AD59FD6BD29D0F801AD0651DBB8D9AC21545DEFE508089E92A15E29
                                                              SHA-512:7D3A306755A123B246F31994CD812E7922943CDBBC9DB5A6E4D3372EA434A635FFD3945B5D2046DE669E7983EF2845BD007A441D09CFE05CF346523C12BDAD52
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.u.'.&.'.&.'.&._,&.'.&.[.'.'.&.[.'.'.&.[.'.'.&.[.'.'.&._.'.'.&*[.'.'.&.'.&e'.&*[.'.'.&*[.'.'.&*[@&.'.&*[.'.'.&Rich.'.&........PE..d......d.........." ...".T...~......`?...............................................%....`.............................................P.......................,......../......\...0}..T............................{..@............p..(............................text...uR.......T.................. ..`.rdata...N...p...P...X..............@..@.data...8...........................@....pdata..,...........................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\_lzma.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):158992
                                                              Entropy (8bit):6.8491146526380025
                                                              Encrypted:false
                                                              SSDEEP:3072:A4lirS97HrdVmEkGCm5hAznf49mNo2NOvJ02pIPZ1wBExN:VlirG0EkTVAYO2NQ3w
                                                              MD5:E5ABC3A72996F8FDE0BCF709E6577D9D
                                                              SHA1:15770BDCD06E171F0B868C803B8CF33A8581EDD3
                                                              SHA-256:1796038480754A680F33A4E37C8B5673CC86C49281A287DC0C5CAE984D0CB4BB
                                                              SHA-512:B347474DC071F2857E1E16965B43DB6518E35915B8168BDEFF1EAD4DFF710A1CC9F04CA0CED23A6DE40D717EEA375EEDB0BF3714DAF35DE6A77F071DB33DFAE6
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...D,..D,..D,...,..D,..E-..D,..A-..D,..@-..D,..G-..D,M.E-..D,..E-..D,..E,.D,M.I-..D,M.D-..D,M.,..D,M.F-..D,Rich..D,........PE..d...$..d.........." ...".b...........5....................................................`..........................................%..L...\%..x....p.......P.......>.../......8.......T...........................p...@............................................text....a.......b.................. ..`.rdata..............f..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........p.......2..............@..@.reloc..8............<..............@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\_socket.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):79640
                                                              Entropy (8bit):6.290841920161528
                                                              Encrypted:false
                                                              SSDEEP:1536:0JltpedXL+3ujz9/s+S+pzpMoiyivViaE9IPLwj7SyZPx:07tp4i3ujz9/sT+pzqoavVpE9IPLwjHx
                                                              MD5:1EEA9568D6FDEF29B9963783827F5867
                                                              SHA1:A17760365094966220661AD87E57EFE09CD85B84
                                                              SHA-256:74181072392A3727049EA3681FE9E59516373809CED53E08F6DA7C496B76E117
                                                              SHA-512:D9443B70FCDC4D0EA1CB93A88325012D3F99DB88C36393A7DED6D04F590E582F7F1640D8B153FE3C5342FA93802A8374F03F6CD37DD40CDBB5ADE2E07FAD1E09
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RXY..97..97..97..A...97.YE6..97.YE2..97.YE3..97.YE4..97..E6..97..96..97.]A6..97..E:..97..E7..97..E...97..E5..97.Rich.97.................PE..d... ..d.........." ...".l...........%.......................................P......V.....`.............................................P............0....... ..x......../...@..........T...............................@............................................text...:k.......l.................. ..`.rdata...t.......v...p..............@..@.data...............................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\base_library.zip

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                              Category:dropped
                                                              Size (bytes):1438373
                                                              Entropy (8bit):5.59108786847922
                                                              Encrypted:false
                                                              SSDEEP:24576:mQR5pATu7xm4lUKdcubgAnyfbcZ0iwhBdYf9P3sRHHL:mQR5plxmQJy
                                                              MD5:2F6D57BCCF7F7735ACB884A980410F6A
                                                              SHA1:93A6926887A08DC09CD92864CD82B2BEC7B24EC5
                                                              SHA-256:1B7D326BAD406E96A4C83B5A49714819467E3174ED0A74F81C9EBD96D1DD40B3
                                                              SHA-512:95BCFC66DBE7B6AD324BD2DC2258A3366A3594BFC50118AB37A2A204906109E42192FB10A91172B340CC28C12640513DB268C854947FB9ED8426F214FF8889B4
                                                              Malicious:false
                                                              Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\libcrypto-1_1.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):3445016
                                                              Entropy (8bit):6.099467326309974
                                                              Encrypted:false
                                                              SSDEEP:98304:+/+YgEQaGDoWS04ki7x+QRsZ51CPwDv3uFfJx:MLgEXGUZ37x+VZ51CPwDv3uFfJx
                                                              MD5:E94733523BCD9A1FB6AC47E10A267287
                                                              SHA1:94033B405386D04C75FFE6A424B9814B75C608AC
                                                              SHA-256:F20EB4EFD8647B5273FDAAFCEB8CCB2B8BA5329665878E01986CBFC1E6832C44
                                                              SHA-512:07DD0EB86498497E693DA0F9DD08DE5B7B09052A2D6754CFBC2AA260E7F56790E6C0A968875F7803CB735609B1E9B9C91A91B84913059C561BFFED5AB2CBB29F
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........).h.z.h.z.h.z..Oz.h.z...{.h.z...{.h.z...{.h.z...{.h.z.h.zjh.z...{.h.z=..{.h.z=..{.j.z=..{.h.z=.#z.h.z=..{.h.zRich.h.z........................PE..d.....wd.........." ..."..$...................................................5......o5...`..........................................y/..h...J4.@.....4.|....p2......b4../....4..O..P.,.8.............................,.@............@4..............................text...$.$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..h....p2.......1.............@..@.idata..^#...@4..$....3.............@..@.00cfg..u....p4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\libffi-8.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):39696
                                                              Entropy (8bit):6.641880464695502
                                                              Encrypted:false
                                                              SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                              MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                              SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                              SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                              SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\python311.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):5762840
                                                              Entropy (8bit):6.089392282930885
                                                              Encrypted:false
                                                              SSDEEP:49152:73djosVvASxQKADxYBVD0NErnKqroleDkcWE/Q3pPITbwVFZL7VgVr42I1vJHH++:73ZOKRtlrJ7wfGrs1BHeM+2PocL2
                                                              MD5:5A5DD7CAD8028097842B0AFEF45BFBCF
                                                              SHA1:E247A2E460687C607253949C52AE2801FF35DC4A
                                                              SHA-256:A811C7516F531F1515D10743AE78004DD627EBA0DC2D3BC0D2E033B2722043CE
                                                              SHA-512:E6268E4FAD2CE3EF16B68298A57498E16F0262BF3531539AD013A66F72DF471569F94C6FCC48154B7C3049A3AD15CBFCBB6345DACB4F4ED7D528C74D589C9858
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.D.5.*.5.*.5.*.z.+.7.*.z...;.*.z./.9.*.z...=.*.z.).1.*.<../.*.~.+.>.*.5.+.P.*...'..*...*.4.*.....4.*...(.4.*.Rich5.*.........................PE..d......d.........." ...".X%..47.....\H........................................\.......X...`...........................................@......WA......p[.......V.d0....W../....[..C....).T.............................).@............p%..............................text...rV%......X%................. ..`.rdata.......p%......\%.............@..@.data.........A..L...hA.............@....pdata..d0....V..2....Q.............@..@PyRuntim......X.......S.............@....rsrc........p[......rV.............@..@.reloc...C....[..D...|V.............@..B........................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\select.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):30480
                                                              Entropy (8bit):6.578957517354568
                                                              Encrypted:false
                                                              SSDEEP:384:N1ecReJKrHqDUI7A700EZ9IPQGNHQIYiSy1pCQn1tPxh8E9VF0NykfF:3eUeJGHqNbD9IPQGR5YiSyvnnPxWEuN
                                                              MD5:C97A587E19227D03A85E90A04D7937F6
                                                              SHA1:463703CF1CAC4E2297B442654FC6169B70CFB9BF
                                                              SHA-256:C4AA9A106381835CFB5F9BADFB9D77DF74338BC66E69183757A5A3774CCDACCF
                                                              SHA-512:97784363F3B0B794D2F9FD6A2C862D64910C71591006A34EEDFF989ECCA669AC245B3DFE68EAA6DA621209A3AB61D36E9118EBB4BE4C0E72CE80FAB7B43BDE12
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tB.t'B.t'B.t'K..'@.t'..u&@.t'..q&N.t'..p&J.t'..w&F.t'..u&@.t'B.u'..t'..u&G.t'..y&C.t'..t&C.t'...'C.t'..v&C.t'RichB.t'................PE..d......d.........." ...".....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI34682\unicodedata.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1141016
                                                              Entropy (8bit):5.435086202175289
                                                              Encrypted:false
                                                              SSDEEP:12288:83kYbfjwR6nblonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD1ol:8UYbMA0IDJcjEwPgPOG6Xyd461ol
                                                              MD5:AA13EE6770452AF73828B55AF5CD1A32
                                                              SHA1:C01ECE61C7623E36A834D8B3C660E7F28C91177E
                                                              SHA-256:8FBED20E9225FF82132E97B4FEFBB5DDBC10C062D9E3F920A6616AB27BB5B0FB
                                                              SHA-512:B2EEB9A7D4A32E91084FDAE302953AAC57388A5390F9404D8DFE5C4A8F66CA2AB73253CF5BA4CC55350D8306230DD1114A61E22C23F42FBCC5C0098046E97E0F
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................,...............,.....,.....,.y...,.....Rich..........PE..d......d.........." ...".@..........P*...............................................!....`.............................................X............`.......P..0....:.../...p.......]..T............................[..@............P..x............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data...H....0......................@....pdata..0....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                              Entropy (8bit):7.986362984326343
                                                              TrID:
                                                              • Win64 Executable GUI (202006/5) 77.37%
                                                              • InstallShield setup (43055/19) 16.49%
                                                              • Win64 Executable (generic) (12005/4) 4.60%
                                                              • Generic Win/DOS Executable (2004/3) 0.77%
                                                              • DOS Executable Generic (2002/1) 0.77%
                                                              File name:uOsIQqfgiT.exe
                                                              File size:6'746'220 bytes
                                                              MD5:a12133b2aadd267558975a8952daac3e
                                                              SHA1:4f770593e992d7423aafdc6a2593d18d46d5f21b
                                                              SHA256:bbdd058ce8a5e7ebfcd229b2a6edd562497b4c58f3c7efb30b2cf73be35302a4
                                                              SHA512:a71cce55be3e73fb993d22e02fa0229aec1b3d4a7a857cdcbc8e18c7ecf8d07cd414d98f838711d78bc11bbf6c1c4247bb010851140a86b760df40e045df4efb
                                                              SSDEEP:98304:tbA5nzNBS27wy4Pf1N2zIh3ET9qMxVMOPUh3PdWPEUrJY6AOxbHFvKJ1ngOcsS4m:tbcx4FMIZETPjPePdrQJ/BMnPc
                                                              TLSH:A66623756A5019F2E7EAC0789489C406D53A2C2DC72CB16602F472661FF3F7B572BA0D
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc.....[hc...`.Qhc...g.Ihc...f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d..

                                                              File Icon

                                                              Icon Hash:0b03084c4e4e0383

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x14000c0d0
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x140000000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x67326D83 [Mon Nov 11 20:48:03 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:456e8615ad4320c9f54e50319a19df9c

                                                              Entrypoint Preview

                                                              Instruction
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007FCE94E3805Ch
                                                              dec eax
                                                              add esp, 28h
                                                              jmp 00007FCE94E37C7Fh
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007FCE94E38428h
                                                              test eax, eax
                                                              je 00007FCE94E37E23h
                                                              dec eax
                                                              mov eax, dword ptr [00000030h]
                                                              dec eax
                                                              mov ecx, dword ptr [eax+08h]
                                                              jmp 00007FCE94E37E07h
                                                              dec eax
                                                              cmp ecx, eax
                                                              je 00007FCE94E37E16h
                                                              xor eax, eax
                                                              dec eax
                                                              cmpxchg dword ptr [0003843Ch], ecx
                                                              jne 00007FCE94E37DF0h
                                                              xor al, al
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              mov al, 01h
                                                              jmp 00007FCE94E37DF9h
                                                              int3
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              test ecx, ecx
                                                              jne 00007FCE94E37E09h
                                                              mov byte ptr [00038425h], 00000001h
                                                              call 00007FCE94E37555h
                                                              call 00007FCE94E38840h
                                                              test al, al
                                                              jne 00007FCE94E37E06h
                                                              xor al, al
                                                              jmp 00007FCE94E37E16h
                                                              call 00007FCE94E4534Fh
                                                              test al, al
                                                              jne 00007FCE94E37E0Bh
                                                              xor ecx, ecx
                                                              call 00007FCE94E38850h
                                                              jmp 00007FCE94E37DECh
                                                              mov al, 01h
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              int3
                                                              int3
                                                              inc eax
                                                              push ebx
                                                              dec eax
                                                              sub esp, 20h
                                                              cmp byte ptr [000383ECh], 00000000h
                                                              mov ebx, ecx
                                                              jne 00007FCE94E37E69h
                                                              cmp ecx, 01h
                                                              jnbe 00007FCE94E37E6Ch
                                                              call 00007FCE94E3839Eh
                                                              test eax, eax
                                                              je 00007FCE94E37E2Ah
                                                              test ebx, ebx
                                                              jne 00007FCE94E37E26h
                                                              dec eax
                                                              lea ecx, dword ptr [000383D6h]
                                                              call 00007FCE94E45142h

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3c76c0x78.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000x10e34.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x2208.pdata
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a0000x768.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x39dc00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39c800x140.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x450.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x292100x29400aca64598002ecff9eefbc96554edf015False0.5511067708333334data6.4784482217419175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x2b0000x126420x128002c306a7e453ae8485f55c8111ca5c00eFalse0.5245196368243243data5.750833589213045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x3e0000x73d80xe00d0a288978c66419b180b35f625b6dce7False0.13532366071428573data1.8378139998458343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .pdata0x460000x22080x240074cf3ea22e0a1756984435d6f80f7da5False0.4671223958333333data5.259201915045256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .rsrc0x490000x10e340x110009d352827d61a24ef0aff58c346928c01False0.07390280330882353data4.740756993386539IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x5a0000x7680x80071de9271648326ec88350e903470cf3eFalse0.5576171875data5.283119454571673IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0x490e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 15118 x 15118 px/m0.06374955637051934
                                                              RT_GROUP_ICON0x599100x14data1.15
                                                              RT_MANIFEST0x599240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                              Imports

                                                              DLLImport
                                                              USER32.dllCreateWindowExW, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                              COMCTL32.dll
                                                              KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, FormatMessageW, GetModuleFileNameW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, GetEnvironmentStringsW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, WaitForSingleObject, Sleep, GetCurrentProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, IsProcessorFeaturePresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                              Network Behavior

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 3, 2024 13:57:06.177949905 CET49730445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:06.178004026 CET49731445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:06.178994894 CET49732445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:06.180625916 CET49734445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:06.180843115 CET49733445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:06.182511091 CET49735445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:06.182950974 CET49736445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:06.183468103 CET49737445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:06.186592102 CET49739445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:06.186593056 CET49738445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:06.187566042 CET49740445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:06.189596891 CET49741445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:06.189659119 CET49742445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:06.191251040 CET49743445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:06.191421032 CET49744445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:06.191848040 CET49745445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:06.192569017 CET49746445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:06.198641062 CET49748445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:06.198741913 CET49747445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:06.199481010 CET49749445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:06.201608896 CET49750445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:06.201617002 CET49751445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:06.202788115 CET49752445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:06.204605103 CET49754445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:06.204615116 CET49753445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:06.206002951 CET49755445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:06.206494093 CET49756445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:06.206928015 CET49757445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:06.210577965 CET49758445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:06.210608959 CET49759445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:06.211782932 CET49760445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:06.213557005 CET49761445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:06.213583946 CET49762445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:06.214834929 CET49763445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:06.214955091 CET49764445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:06.215786934 CET49765445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:06.216562986 CET49766445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:06.222582102 CET49768445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:06.222583055 CET49767445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:06.223706961 CET49769445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:06.225574017 CET49770445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:06.225589037 CET49771445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:06.226843119 CET49772445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:06.227161884 CET49773445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:06.227834940 CET49774445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:06.229430914 CET49775445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:06.229470015 CET49776445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:06.229904890 CET49777445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:06.234585047 CET49779445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:06.234631062 CET49778445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:06.235424042 CET49780445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:06.237591982 CET49781445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:06.237714052 CET49782445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:06.238738060 CET49783445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:06.240602970 CET49784445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:06.240636110 CET49785445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:06.241890907 CET49786445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:06.241909027 CET49787445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:06.243046045 CET49788445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:06.246577024 CET49789445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:06.246759892 CET49790445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:06.249658108 CET49791445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:06.252626896 CET49792445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:06.258626938 CET49793445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:06.261583090 CET49794445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:06.264861107 CET49795445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:06.270610094 CET49796445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:06.273585081 CET49797445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:06.276629925 CET49798445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:06.282939911 CET49799445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:06.285593987 CET49800445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:06.288642883 CET49801445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:06.294639111 CET49802445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:06.297615051 CET49803445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:06.298160076 CET44549730192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:06.298176050 CET44549731192.168.1.2192.168.2.4
                                                              Dec 3, 2024 13:57:06.298243046 CET49730445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:06.298274994 CET49731445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:06.298357010 CET49730445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:06.299009085 CET44549732192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:57:06.299386024 CET49732445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:06.300424099 CET49731445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:06.300568104 CET49804445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:06.300915956 CET44549734192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:57:06.300997019 CET44549733192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:57:06.301064014 CET49733445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:06.301064968 CET49734445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:06.302746058 CET44549735192.168.1.6192.168.2.4
                                                              Dec 3, 2024 13:57:06.302823067 CET49735445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:06.302937984 CET44549736192.168.1.8192.168.2.4
                                                              Dec 3, 2024 13:57:06.302993059 CET49736445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:06.303523064 CET44549737192.168.1.7192.168.2.4
                                                              Dec 3, 2024 13:57:06.303576946 CET49737445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:06.303993940 CET49734445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:06.306741953 CET44549739192.168.1.10192.168.2.4
                                                              Dec 3, 2024 13:57:06.306868076 CET44549738192.168.1.9192.168.2.4
                                                              Dec 3, 2024 13:57:06.306898117 CET49739445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:06.306917906 CET49738445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:06.307384968 CET49739445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:06.310348988 CET49737445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:06.319137096 CET49732445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:06.345756054 CET49735445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:06.345798969 CET49733445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:06.345825911 CET49736445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:06.357086897 CET49738445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:06.372730970 CET49805445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:06.378634930 CET49806445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:06.384860039 CET49807445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:06.386507988 CET49808445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:06.387732029 CET49809445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:06.387972116 CET49810445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:06.388978004 CET49811445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:06.389887094 CET49812445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:06.390564919 CET49813445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:06.393755913 CET49814445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:06.396615028 CET49815445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:06.396838903 CET49816445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:06.397834063 CET49817445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:06.402591944 CET49819445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:06.402606964 CET49818445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:06.403816938 CET49820445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:06.405591965 CET49821445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:06.405601025 CET49822445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:06.406701088 CET49823445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:06.406927109 CET49824445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:06.407767057 CET49825445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:06.408643961 CET49826445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:06.412278891 CET49827445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:06.412305117 CET49828445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:06.413636923 CET49829445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:06.413950920 CET49830445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:06.415102959 CET49831445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:06.415600061 CET49832445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:06.416609049 CET49833445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:06.417370081 CET49834445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:06.417499065 CET49835445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:06.418792009 CET49836445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:06.419611931 CET49837445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:06.419977903 CET49838445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:06.421268940 CET49839445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:06.422322989 CET49840445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:06.422379017 CET49841445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:06.422987938 CET44549740192.168.1.11192.168.2.4
                                                              Dec 3, 2024 13:57:06.423005104 CET44549741192.168.1.13192.168.2.4
                                                              Dec 3, 2024 13:57:06.423016071 CET44549742192.168.1.12192.168.2.4
                                                              Dec 3, 2024 13:57:06.423027039 CET44549743192.168.1.15192.168.2.4
                                                              Dec 3, 2024 13:57:06.423038960 CET44549744192.168.1.16192.168.2.4
                                                              Dec 3, 2024 13:57:06.423049927 CET44549745192.168.1.14192.168.2.4
                                                              Dec 3, 2024 13:57:06.423060894 CET44549746192.168.1.17192.168.2.4
                                                              Dec 3, 2024 13:57:06.423073053 CET44549748192.168.1.19192.168.2.4
                                                              Dec 3, 2024 13:57:06.423079967 CET49740445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:06.423083067 CET44549747192.168.1.18192.168.2.4
                                                              Dec 3, 2024 13:57:06.423094034 CET44549749192.168.1.20192.168.2.4
                                                              Dec 3, 2024 13:57:06.423099041 CET49741445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:06.423104048 CET44549750192.168.1.21192.168.2.4
                                                              Dec 3, 2024 13:57:06.423114061 CET44549751192.168.1.22192.168.2.4
                                                              Dec 3, 2024 13:57:06.423119068 CET44549752192.168.1.23192.168.2.4
                                                              Dec 3, 2024 13:57:06.423127890 CET44549754192.168.1.25192.168.2.4
                                                              Dec 3, 2024 13:57:06.423137903 CET44549753192.168.1.24192.168.2.4
                                                              Dec 3, 2024 13:57:06.423146963 CET44549755192.168.1.27192.168.2.4
                                                              Dec 3, 2024 13:57:06.423156977 CET44549756192.168.1.26192.168.2.4
                                                              Dec 3, 2024 13:57:06.423157930 CET49742445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:06.423167944 CET49743445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:06.423168898 CET44549757192.168.1.28192.168.2.4
                                                              Dec 3, 2024 13:57:06.423178911 CET49744445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:06.423190117 CET49745445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:06.423192978 CET49746445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:06.423197031 CET49748445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:06.423300028 CET49749445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:06.423300982 CET49750445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:06.423310041 CET49754445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:06.423317909 CET49752445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:06.423324108 CET49747445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:06.423324108 CET49751445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:06.423327923 CET49755445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:06.423327923 CET49753445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:06.423329115 CET49756445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:06.423445940 CET49757445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:06.423602104 CET49740445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:06.423613071 CET49742445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:06.426002026 CET49745445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:06.426723957 CET44549758192.168.1.29192.168.2.4
                                                              Dec 3, 2024 13:57:06.426737070 CET44549759192.168.1.30192.168.2.4
                                                              Dec 3, 2024 13:57:06.426747084 CET44549760192.168.1.31192.168.2.4
                                                              Dec 3, 2024 13:57:06.426755905 CET44549761192.168.1.32192.168.2.4
                                                              Dec 3, 2024 13:57:06.426764965 CET44549762192.168.1.33192.168.2.4
                                                              Dec 3, 2024 13:57:06.426769018 CET44549763192.168.1.34192.168.2.4
                                                              Dec 3, 2024 13:57:06.426778078 CET44549764192.168.1.35192.168.2.4
                                                              Dec 3, 2024 13:57:06.426780939 CET49758445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:06.426788092 CET44549765192.168.1.36192.168.2.4
                                                              Dec 3, 2024 13:57:06.426800013 CET44549766192.168.1.37192.168.2.4
                                                              Dec 3, 2024 13:57:06.426809072 CET44549768192.168.1.39192.168.2.4
                                                              Dec 3, 2024 13:57:06.426819086 CET44549767192.168.1.38192.168.2.4
                                                              Dec 3, 2024 13:57:06.426827908 CET44549769192.168.1.40192.168.2.4
                                                              Dec 3, 2024 13:57:06.426842928 CET44549770192.168.1.41192.168.2.4
                                                              Dec 3, 2024 13:57:06.426853895 CET44549771192.168.1.42192.168.2.4
                                                              Dec 3, 2024 13:57:06.426862001 CET49762445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:06.426865101 CET44549772192.168.1.44192.168.2.4
                                                              Dec 3, 2024 13:57:06.426867962 CET49761445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:06.426868916 CET49760445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:06.426871061 CET49763445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:06.426878929 CET44549773192.168.1.43192.168.2.4
                                                              Dec 3, 2024 13:57:06.426881075 CET49759445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:06.426889896 CET44549774192.168.1.45192.168.2.4
                                                              Dec 3, 2024 13:57:06.426899910 CET44549775192.168.1.47192.168.2.4
                                                              Dec 3, 2024 13:57:06.426909924 CET44549776192.168.1.48192.168.2.4
                                                              Dec 3, 2024 13:57:06.426918983 CET44549777192.168.1.46192.168.2.4
                                                              Dec 3, 2024 13:57:06.426928997 CET44549779192.168.1.50192.168.2.4
                                                              Dec 3, 2024 13:57:06.426939964 CET44549778192.168.1.49192.168.2.4
                                                              Dec 3, 2024 13:57:06.426950932 CET44549780192.168.1.51192.168.2.4
                                                              Dec 3, 2024 13:57:06.426961899 CET49765445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:06.426963091 CET49764445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:06.426965952 CET44549781192.168.1.52192.168.2.4
                                                              Dec 3, 2024 13:57:06.426969051 CET49766445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:06.426970959 CET49767445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:06.426975012 CET49768445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:06.426975012 CET49769445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:06.426975965 CET49770445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:06.426979065 CET44549782192.168.1.53192.168.2.4
                                                              Dec 3, 2024 13:57:06.426986933 CET49771445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:06.426990986 CET44549783192.168.1.54192.168.2.4
                                                              Dec 3, 2024 13:57:06.427001953 CET44549784192.168.1.55192.168.2.4
                                                              Dec 3, 2024 13:57:06.427011967 CET44549785192.168.1.56192.168.2.4
                                                              Dec 3, 2024 13:57:06.427021980 CET44549786192.168.1.57192.168.2.4
                                                              Dec 3, 2024 13:57:06.427031040 CET44549787192.168.1.58192.168.2.4
                                                              Dec 3, 2024 13:57:06.427040100 CET44549788192.168.1.59192.168.2.4
                                                              Dec 3, 2024 13:57:06.427050114 CET44549789192.168.1.60192.168.2.4
                                                              Dec 3, 2024 13:57:06.427059889 CET44549790192.168.1.61192.168.2.4
                                                              Dec 3, 2024 13:57:06.427068949 CET44549791192.168.1.62192.168.2.4
                                                              Dec 3, 2024 13:57:06.427078962 CET44549792192.168.1.63192.168.2.4
                                                              Dec 3, 2024 13:57:06.427088022 CET44549793192.168.1.64192.168.2.4
                                                              Dec 3, 2024 13:57:06.427095890 CET49772445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:06.427099943 CET44549794192.168.1.65192.168.2.4
                                                              Dec 3, 2024 13:57:06.427105904 CET49774445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:06.427105904 CET49775445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:06.427114010 CET44549795192.168.1.66192.168.2.4
                                                              Dec 3, 2024 13:57:06.427115917 CET49776445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:06.427124977 CET44549796192.168.1.67192.168.2.4
                                                              Dec 3, 2024 13:57:06.427129984 CET49773445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:06.427134991 CET44549797192.168.1.68192.168.2.4
                                                              Dec 3, 2024 13:57:06.427139997 CET49777445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:06.427150965 CET49779445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:06.427150965 CET44549798192.168.1.69192.168.2.4
                                                              Dec 3, 2024 13:57:06.427160978 CET44549799192.168.1.70192.168.2.4
                                                              Dec 3, 2024 13:57:06.427170992 CET44549800192.168.1.71192.168.2.4
                                                              Dec 3, 2024 13:57:06.427180052 CET49778445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:06.427181005 CET44549801192.168.1.72192.168.2.4
                                                              Dec 3, 2024 13:57:06.427181959 CET49780445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:06.427191019 CET49781445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:06.427191973 CET44549802192.168.1.73192.168.2.4
                                                              Dec 3, 2024 13:57:06.427196980 CET49782445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:06.427201986 CET44549803192.168.1.74192.168.2.4
                                                              Dec 3, 2024 13:57:06.427212954 CET44549730192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:06.427223921 CET44549804192.168.1.75192.168.2.4
                                                              Dec 3, 2024 13:57:06.427232981 CET44549731192.168.1.2192.168.2.4
                                                              Dec 3, 2024 13:57:06.427242994 CET44549734192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:57:06.427392006 CET49783445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:06.427400112 CET49784445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:06.427400112 CET49785445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:06.427418947 CET49788445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:06.427419901 CET49787445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:06.427423000 CET49786445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:06.427423000 CET49789445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:06.427443027 CET49792445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:06.427443027 CET49791445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:06.427453995 CET49794445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:06.427457094 CET49793445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:06.427458048 CET49790445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:06.427458048 CET49795445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:06.427473068 CET49796445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:06.427495956 CET49797445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:06.427500963 CET49798445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:06.427509069 CET49799445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:06.427509069 CET49800445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:06.427509069 CET49801445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:06.427524090 CET49803445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:06.427525997 CET49802445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:06.427556992 CET49730445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:06.427584887 CET49731445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:06.427597046 CET49734445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:06.427608967 CET49804445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:06.429121971 CET49766445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:06.429164886 CET49768445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:06.431555033 CET49771445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:06.433315992 CET49774445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:06.435062885 CET49777445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:06.436952114 CET49780445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:06.442341089 CET49783445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:06.442356110 CET49784445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:06.454128981 CET49787445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:06.457686901 CET49782445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:06.459028006 CET49779445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:06.460469961 CET49770445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:06.460494041 CET49773445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:06.460575104 CET49772445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:06.462146997 CET49749445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:06.462184906 CET49751445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:06.464098930 CET49755445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:06.465831041 CET49757445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:06.468786955 CET49744445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:06.470283031 CET49759445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:06.471609116 CET49761445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:06.473086119 CET49763445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:06.474714041 CET49753445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:06.479125977 CET49747445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:06.480803013 CET49769445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:06.482331991 CET49775445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:06.483872890 CET49785445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:06.483881950 CET49786445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:06.485508919 CET49793445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:06.486999989 CET49794445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:06.488548040 CET49797445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:06.489980936 CET49799445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:06.490015030 CET49802445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:06.491552114 CET49741445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:06.493150949 CET49746445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:06.494577885 CET49760445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:06.495946884 CET49764445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:06.497298002 CET49750445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:06.498636007 CET49776445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:06.500050068 CET49778445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:06.501446962 CET49789445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:06.502955914 CET49791445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:06.504292965 CET49798445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:06.505701065 CET49801445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:06.507085085 CET49790445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:06.508480072 CET49788445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:06.509814978 CET49767445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:06.511204004 CET49804445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:06.511229038 CET49765445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:06.512571096 CET49743445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:06.513897896 CET49800445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:06.515515089 CET49796445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:06.515542030 CET49792445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:06.519870996 CET49752445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:06.521336079 CET49758445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:06.522736073 CET49803445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:06.524055958 CET49795445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:06.525511026 CET49762445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:06.525540113 CET49781445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:06.527148962 CET49748445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:06.537666082 CET49754445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:06.539670944 CET49756445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:06.539869070 CET49842445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:06.541260958 CET49843445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:06.542277098 CET49844445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:06.543204069 CET49845445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:06.544428110 CET49846445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:06.545438051 CET49847445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:06.546216011 CET49848445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:06.547087908 CET49849445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:06.547880888 CET49850445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:06.547947884 CET44549739192.168.1.10192.168.2.4
                                                              Dec 3, 2024 13:57:06.547961950 CET44549737192.168.1.7192.168.2.4
                                                              Dec 3, 2024 13:57:06.547985077 CET44549732192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:57:06.547992945 CET44549732192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:57:06.548002958 CET44549735192.168.1.6192.168.2.4
                                                              Dec 3, 2024 13:57:06.548006058 CET49739445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:06.548007965 CET44549733192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:57:06.548013926 CET44549805192.168.1.76192.168.2.4
                                                              Dec 3, 2024 13:57:06.548023939 CET44549736192.168.1.8192.168.2.4
                                                              Dec 3, 2024 13:57:06.548029900 CET49737445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:06.548034906 CET44549806192.168.1.77192.168.2.4
                                                              Dec 3, 2024 13:57:06.548046112 CET44549807192.168.1.78192.168.2.4
                                                              Dec 3, 2024 13:57:06.548049927 CET44549808192.168.1.79192.168.2.4
                                                              Dec 3, 2024 13:57:06.548058987 CET44549809192.168.1.80192.168.2.4
                                                              Dec 3, 2024 13:57:06.548063040 CET44549810192.168.1.81192.168.2.4
                                                              Dec 3, 2024 13:57:06.548073053 CET49732445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:06.548074961 CET44549738192.168.1.9192.168.2.4
                                                              Dec 3, 2024 13:57:06.548085928 CET44549811192.168.1.82192.168.2.4
                                                              Dec 3, 2024 13:57:06.548090935 CET49735445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:06.548094988 CET44549812192.168.1.83192.168.2.4
                                                              Dec 3, 2024 13:57:06.548105955 CET44549813192.168.1.84192.168.2.4
                                                              Dec 3, 2024 13:57:06.548110008 CET49733445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:06.548115015 CET44549814192.168.1.86192.168.2.4
                                                              Dec 3, 2024 13:57:06.548151970 CET49736445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:06.548244953 CET49738445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:06.548245907 CET49805445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:06.548284054 CET49806445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:06.548301935 CET49809445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:06.548302889 CET49808445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:06.548305988 CET49807445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:06.548311949 CET49810445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:06.548315048 CET49811445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:06.548326015 CET49812445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:06.548326015 CET49813445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:06.548490047 CET49814445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:06.548633099 CET44549815192.168.1.85192.168.2.4
                                                              Dec 3, 2024 13:57:06.548634052 CET49805445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:06.548646927 CET44549816192.168.1.87192.168.2.4
                                                              Dec 3, 2024 13:57:06.548652887 CET49807445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:06.548655987 CET44549817192.168.1.88192.168.2.4
                                                              Dec 3, 2024 13:57:06.548666954 CET44549819192.168.1.90192.168.2.4
                                                              Dec 3, 2024 13:57:06.548676014 CET44549818192.168.1.89192.168.2.4
                                                              Dec 3, 2024 13:57:06.548686028 CET44549820192.168.1.91192.168.2.4
                                                              Dec 3, 2024 13:57:06.548695087 CET44549821192.168.1.92192.168.2.4
                                                              Dec 3, 2024 13:57:06.548700094 CET49815445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:06.548705101 CET44549822192.168.1.93192.168.2.4
                                                              Dec 3, 2024 13:57:06.548706055 CET49816445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:06.548715115 CET44549823192.168.1.94192.168.2.4
                                                              Dec 3, 2024 13:57:06.548723936 CET44549824192.168.1.95192.168.2.4
                                                              Dec 3, 2024 13:57:06.548737049 CET44549825192.168.1.96192.168.2.4
                                                              Dec 3, 2024 13:57:06.548746109 CET44549826192.168.1.97192.168.2.4
                                                              Dec 3, 2024 13:57:06.548755884 CET44549827192.168.1.98192.168.2.4
                                                              Dec 3, 2024 13:57:06.548758030 CET49817445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:06.548762083 CET49819445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:06.548765898 CET49818445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:06.548767090 CET44549828192.168.1.99192.168.2.4
                                                              Dec 3, 2024 13:57:06.548772097 CET49820445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:06.548778057 CET44549829192.168.1.100192.168.2.4
                                                              Dec 3, 2024 13:57:06.548782110 CET44549830192.168.1.101192.168.2.4
                                                              Dec 3, 2024 13:57:06.548785925 CET44549831192.168.1.103192.168.2.4
                                                              Dec 3, 2024 13:57:06.548790932 CET44549832192.168.1.102192.168.2.4
                                                              Dec 3, 2024 13:57:06.548799038 CET44549833192.168.1.104192.168.2.4
                                                              Dec 3, 2024 13:57:06.548803091 CET44549834192.168.1.105192.168.2.4
                                                              Dec 3, 2024 13:57:06.548806906 CET44549835192.168.1.106192.168.2.4
                                                              Dec 3, 2024 13:57:06.548816919 CET44549836192.168.1.107192.168.2.4
                                                              Dec 3, 2024 13:57:06.548827887 CET44549837192.168.1.108192.168.2.4
                                                              Dec 3, 2024 13:57:06.548836946 CET44549838192.168.1.109192.168.2.4
                                                              Dec 3, 2024 13:57:06.548846006 CET44549839192.168.1.110192.168.2.4
                                                              Dec 3, 2024 13:57:06.548847914 CET49821445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:06.548856020 CET44549840192.168.1.111192.168.2.4
                                                              Dec 3, 2024 13:57:06.548858881 CET49822445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:06.548861027 CET49823445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:06.548870087 CET44549841192.168.1.112192.168.2.4
                                                              Dec 3, 2024 13:57:06.548872948 CET49824445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:06.548877954 CET49825445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:06.548883915 CET44549740192.168.1.11192.168.2.4
                                                              Dec 3, 2024 13:57:06.548888922 CET49826445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:06.548892975 CET44549742192.168.1.12192.168.2.4
                                                              Dec 3, 2024 13:57:06.548902035 CET49827445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:06.548902988 CET44549745192.168.1.14192.168.2.4
                                                              Dec 3, 2024 13:57:06.549035072 CET49740445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:06.549056053 CET49742445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:06.549067020 CET49828445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:06.549081087 CET49829445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:06.549087048 CET49830445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:06.549096107 CET49833445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:06.549098015 CET49832445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:06.549103022 CET49831445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:06.549113035 CET49834445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:06.549115896 CET49835445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:06.549132109 CET49837445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:06.549133062 CET49836445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:06.549137115 CET49838445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:06.549149036 CET49840445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:06.549149990 CET49841445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:06.549151897 CET49839445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:06.549176931 CET49745445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:06.550749063 CET49810445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:06.551136971 CET44549766192.168.1.37192.168.2.4
                                                              Dec 3, 2024 13:57:06.551290989 CET49766445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:06.552433968 CET49814445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:06.553817987 CET49806445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:06.555368900 CET49815445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:06.556772947 CET49819445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:06.558162928 CET49821445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:06.559575081 CET49824445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:06.560895920 CET49827445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:06.562203884 CET49830445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:06.563576937 CET49833445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:06.564928055 CET49836445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:06.566698074 CET49839445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:06.568382025 CET49811445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:06.577037096 CET49808445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:06.583662987 CET49816445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:06.586117029 CET49813445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:06.589308977 CET49838445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:06.591269970 CET49834445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:06.594439030 CET49829445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:06.595998049 CET49825445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:06.596026897 CET49823445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:06.598458052 CET49817445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:06.603137970 CET49809445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:06.610089064 CET49822445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:06.620857954 CET49826445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:06.623675108 CET49818445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:06.623758078 CET49812445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:06.623856068 CET49841445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:06.623946905 CET49840445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:06.624053001 CET49837445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:06.624104023 CET49835445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:06.624161959 CET49831445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:06.624269962 CET49832445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:06.625062943 CET49828445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:06.628560066 CET49820445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:06.628860950 CET49851445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:06.630053043 CET49852445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:06.631683111 CET44549768192.168.1.39192.168.2.4
                                                              Dec 3, 2024 13:57:06.631696939 CET44549771192.168.1.42192.168.2.4
                                                              Dec 3, 2024 13:57:06.631706953 CET44549774192.168.1.45192.168.2.4
                                                              Dec 3, 2024 13:57:06.631716967 CET44549774192.168.1.45192.168.2.4
                                                              Dec 3, 2024 13:57:06.631725073 CET44549777192.168.1.46192.168.2.4
                                                              Dec 3, 2024 13:57:06.631735086 CET44549780192.168.1.51192.168.2.4
                                                              Dec 3, 2024 13:57:06.631743908 CET44549783192.168.1.54192.168.2.4
                                                              Dec 3, 2024 13:57:06.631755114 CET44549784192.168.1.55192.168.2.4
                                                              Dec 3, 2024 13:57:06.631763935 CET44549787192.168.1.58192.168.2.4
                                                              Dec 3, 2024 13:57:06.631769896 CET49768445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:06.631772995 CET44549782192.168.1.53192.168.2.4
                                                              Dec 3, 2024 13:57:06.631778002 CET44549779192.168.1.50192.168.2.4
                                                              Dec 3, 2024 13:57:06.631781101 CET44549770192.168.1.41192.168.2.4
                                                              Dec 3, 2024 13:57:06.631784916 CET44549773192.168.1.43192.168.2.4
                                                              Dec 3, 2024 13:57:06.631793976 CET44549772192.168.1.44192.168.2.4
                                                              Dec 3, 2024 13:57:06.631798029 CET44549749192.168.1.20192.168.2.4
                                                              Dec 3, 2024 13:57:06.631808043 CET44549751192.168.1.22192.168.2.4
                                                              Dec 3, 2024 13:57:06.631808043 CET49771445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:06.631815910 CET44549755192.168.1.27192.168.2.4
                                                              Dec 3, 2024 13:57:06.631827116 CET44549757192.168.1.28192.168.2.4
                                                              Dec 3, 2024 13:57:06.631834984 CET44549744192.168.1.16192.168.2.4
                                                              Dec 3, 2024 13:57:06.631845951 CET44549759192.168.1.30192.168.2.4
                                                              Dec 3, 2024 13:57:06.631866932 CET49774445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:06.631884098 CET49777445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:06.631891966 CET49780445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:06.631905079 CET49783445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:06.631917000 CET49784445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:06.631927967 CET49787445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:06.631962061 CET49770445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:06.631963968 CET49779445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:06.631982088 CET49772445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:06.632004976 CET44549759192.168.1.30192.168.2.4
                                                              Dec 3, 2024 13:57:06.632004976 CET49749445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:06.632015944 CET44549761192.168.1.32192.168.2.4
                                                              Dec 3, 2024 13:57:06.632042885 CET49755445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:06.632055044 CET44549763192.168.1.34192.168.2.4
                                                              Dec 3, 2024 13:57:06.632065058 CET44549753192.168.1.24192.168.2.4
                                                              Dec 3, 2024 13:57:06.632076025 CET44549747192.168.1.18192.168.2.4
                                                              Dec 3, 2024 13:57:06.632082939 CET49757445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:06.632095098 CET44549769192.168.1.40192.168.2.4
                                                              Dec 3, 2024 13:57:06.632098913 CET49782445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:06.632098913 CET49773445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:06.632098913 CET49751445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:06.632098913 CET49744445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:06.632103920 CET44549775192.168.1.47192.168.2.4
                                                              Dec 3, 2024 13:57:06.632122040 CET49761445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:06.632133961 CET44549785192.168.1.56192.168.2.4
                                                              Dec 3, 2024 13:57:06.632143974 CET44549786192.168.1.57192.168.2.4
                                                              Dec 3, 2024 13:57:06.632153988 CET49763445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:06.632165909 CET49753445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:06.632189035 CET49769445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:06.632200003 CET49775445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:06.632217884 CET44549793192.168.1.64192.168.2.4
                                                              Dec 3, 2024 13:57:06.632221937 CET49785445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:06.632227898 CET44549794192.168.1.65192.168.2.4
                                                              Dec 3, 2024 13:57:06.632261992 CET49793445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:06.632282019 CET49794445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:06.632289886 CET44549797192.168.1.68192.168.2.4
                                                              Dec 3, 2024 13:57:06.632298946 CET44549799192.168.1.70192.168.2.4
                                                              Dec 3, 2024 13:57:06.632333994 CET49797445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:06.632391930 CET44549802192.168.1.73192.168.2.4
                                                              Dec 3, 2024 13:57:06.632401943 CET44549741192.168.1.13192.168.2.4
                                                              Dec 3, 2024 13:57:06.632411957 CET44549746192.168.1.17192.168.2.4
                                                              Dec 3, 2024 13:57:06.632438898 CET49802445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:06.632447004 CET49741445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:06.632452011 CET44549760192.168.1.31192.168.2.4
                                                              Dec 3, 2024 13:57:06.632461071 CET44549764192.168.1.35192.168.2.4
                                                              Dec 3, 2024 13:57:06.632469893 CET44549750192.168.1.21192.168.2.4
                                                              Dec 3, 2024 13:57:06.632481098 CET49746445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:06.632508039 CET49760445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:06.632517099 CET49764445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:06.632528067 CET49750445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:06.633368015 CET49759445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:06.633368015 CET49747445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:06.633368015 CET49786445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:06.633368015 CET49799445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:06.638048887 CET44549776192.168.1.48192.168.2.4
                                                              Dec 3, 2024 13:57:06.638118982 CET49776445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:06.638257027 CET44549778192.168.1.49192.168.2.4
                                                              Dec 3, 2024 13:57:06.638266087 CET44549789192.168.1.60192.168.2.4
                                                              Dec 3, 2024 13:57:06.638318062 CET49789445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:06.642355919 CET49778445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:06.661189079 CET44549791192.168.1.62192.168.2.4
                                                              Dec 3, 2024 13:57:06.661226988 CET44549842192.168.1.113192.168.2.4
                                                              Dec 3, 2024 13:57:06.661236048 CET44549843192.168.1.114192.168.2.4
                                                              Dec 3, 2024 13:57:06.661307096 CET49791445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:06.661356926 CET49842445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:06.661370039 CET49843445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:06.661761045 CET44549798192.168.1.69192.168.2.4
                                                              Dec 3, 2024 13:57:06.661771059 CET44549801192.168.1.72192.168.2.4
                                                              Dec 3, 2024 13:57:06.661782026 CET44549790192.168.1.61192.168.2.4
                                                              Dec 3, 2024 13:57:06.661817074 CET49798445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:06.661819935 CET44549788192.168.1.59192.168.2.4
                                                              Dec 3, 2024 13:57:06.661829948 CET44549767192.168.1.38192.168.2.4
                                                              Dec 3, 2024 13:57:06.661839962 CET49801445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:06.661874056 CET44549804192.168.1.75192.168.2.4
                                                              Dec 3, 2024 13:57:06.661884069 CET44549765192.168.1.36192.168.2.4
                                                              Dec 3, 2024 13:57:06.661885977 CET49788445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:06.661906004 CET49767445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:06.661932945 CET49804445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:06.661947012 CET49765445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:06.662043095 CET44549743192.168.1.15192.168.2.4
                                                              Dec 3, 2024 13:57:06.662053108 CET44549800192.168.1.71192.168.2.4
                                                              Dec 3, 2024 13:57:06.662061930 CET44549796192.168.1.67192.168.2.4
                                                              Dec 3, 2024 13:57:06.662092924 CET49743445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:06.662105083 CET49800445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:06.662127972 CET44549792192.168.1.63192.168.2.4
                                                              Dec 3, 2024 13:57:06.662137032 CET44549752192.168.1.23192.168.2.4
                                                              Dec 3, 2024 13:57:06.662137985 CET49796445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:06.662168980 CET49792445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:06.662175894 CET44549844192.168.1.115192.168.2.4
                                                              Dec 3, 2024 13:57:06.662184954 CET44549758192.168.1.29192.168.2.4
                                                              Dec 3, 2024 13:57:06.662194014 CET44549803192.168.1.74192.168.2.4
                                                              Dec 3, 2024 13:57:06.662197113 CET49752445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:06.662240028 CET49758445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:06.662250996 CET49844445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:06.662286043 CET44549795192.168.1.66192.168.2.4
                                                              Dec 3, 2024 13:57:06.662296057 CET44549762192.168.1.33192.168.2.4
                                                              Dec 3, 2024 13:57:06.662350893 CET49762445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:06.662390947 CET44549781192.168.1.52192.168.2.4
                                                              Dec 3, 2024 13:57:06.662400961 CET44549748192.168.1.19192.168.2.4
                                                              Dec 3, 2024 13:57:06.662432909 CET49781445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:06.662460089 CET49748445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:06.662529945 CET44549754192.168.1.25192.168.2.4
                                                              Dec 3, 2024 13:57:06.662539959 CET44549756192.168.1.26192.168.2.4
                                                              Dec 3, 2024 13:57:06.662585020 CET49754445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:06.662596941 CET49756445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:06.664446115 CET44549845192.168.1.116192.168.2.4
                                                              Dec 3, 2024 13:57:06.664457083 CET44549846192.168.1.117192.168.2.4
                                                              Dec 3, 2024 13:57:06.664516926 CET49845445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:06.664524078 CET49846445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:06.665389061 CET44549847192.168.1.118192.168.2.4
                                                              Dec 3, 2024 13:57:06.666357994 CET49790445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:06.666357994 CET49803445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:06.666357994 CET49795445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:06.666383028 CET44549848192.168.1.119192.168.2.4
                                                              Dec 3, 2024 13:57:06.666416883 CET49847445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:06.666445017 CET49848445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:06.668277979 CET44549849192.168.1.120192.168.2.4
                                                              Dec 3, 2024 13:57:06.668287992 CET44549850192.168.1.121192.168.2.4
                                                              Dec 3, 2024 13:57:06.668339968 CET49849445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:06.668351889 CET49850445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:06.670099020 CET44549805192.168.1.76192.168.2.4
                                                              Dec 3, 2024 13:57:06.671380043 CET44549807192.168.1.78192.168.2.4
                                                              Dec 3, 2024 13:57:06.671437979 CET49805445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:06.672327995 CET44549810192.168.1.81192.168.2.4
                                                              Dec 3, 2024 13:57:06.672379017 CET49807445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:06.672413111 CET49810445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:06.673006058 CET44549814192.168.1.86192.168.2.4
                                                              Dec 3, 2024 13:57:06.675664902 CET44549806192.168.1.77192.168.2.4
                                                              Dec 3, 2024 13:57:06.675674915 CET44549815192.168.1.85192.168.2.4
                                                              Dec 3, 2024 13:57:06.675718069 CET49814445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:06.675741911 CET49806445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:06.675753117 CET49815445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:06.678373098 CET44549819192.168.1.90192.168.2.4
                                                              Dec 3, 2024 13:57:06.679289103 CET44549821192.168.1.92192.168.2.4
                                                              Dec 3, 2024 13:57:06.679339886 CET49819445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:06.679356098 CET49821445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:06.680380106 CET44549824192.168.1.95192.168.2.4
                                                              Dec 3, 2024 13:57:06.681395054 CET44549827192.168.1.98192.168.2.4
                                                              Dec 3, 2024 13:57:06.681406021 CET49824445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:06.681441069 CET49827445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:06.683705091 CET44549830192.168.1.101192.168.2.4
                                                              Dec 3, 2024 13:57:06.683734894 CET44549833192.168.1.104192.168.2.4
                                                              Dec 3, 2024 13:57:06.683839083 CET49833445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:06.684377909 CET49830445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:06.685523987 CET44549836192.168.1.107192.168.2.4
                                                              Dec 3, 2024 13:57:06.685589075 CET49836445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:06.687370062 CET44549839192.168.1.110192.168.2.4
                                                              Dec 3, 2024 13:57:06.687419891 CET49839445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:06.687601089 CET49842445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:06.687851906 CET49843445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:06.687963963 CET49844445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:06.688091040 CET49845445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:06.688160896 CET49846445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:06.688512087 CET49847445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:06.688576937 CET49848445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:06.688647032 CET49849445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:06.688698053 CET49850445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:06.690378904 CET44549811192.168.1.82192.168.2.4
                                                              Dec 3, 2024 13:57:06.690438986 CET49811445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:06.705817938 CET44549808192.168.1.79192.168.2.4
                                                              Dec 3, 2024 13:57:06.705828905 CET44549816192.168.1.87192.168.2.4
                                                              Dec 3, 2024 13:57:06.705868959 CET49808445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:06.705897093 CET49816445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:06.708408117 CET44549813192.168.1.84192.168.2.4
                                                              Dec 3, 2024 13:57:06.708450079 CET49813445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:06.711457014 CET44549838192.168.1.109192.168.2.4
                                                              Dec 3, 2024 13:57:06.711467981 CET44549834192.168.1.105192.168.2.4
                                                              Dec 3, 2024 13:57:06.711602926 CET49838445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:06.711602926 CET49834445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:06.716073990 CET44549829192.168.1.100192.168.2.4
                                                              Dec 3, 2024 13:57:06.716084957 CET44549825192.168.1.96192.168.2.4
                                                              Dec 3, 2024 13:57:06.716123104 CET49829445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:06.716150045 CET49825445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:06.730186939 CET49853445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:06.730319023 CET49854445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:06.732743025 CET49855445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:06.738765001 CET49856445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:06.743993998 CET49857445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:06.745879889 CET49858445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:06.747071981 CET49859445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:06.747714043 CET49860445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:06.747976065 CET49861445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:06.748434067 CET49862445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:06.748663902 CET49863445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:06.749002934 CET49864445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:06.749303102 CET49865445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:06.749830961 CET49866445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:06.750031948 CET49867445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:06.750403881 CET49868445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:06.751964092 CET44549823192.168.1.94192.168.2.4
                                                              Dec 3, 2024 13:57:06.752012968 CET44549851192.168.1.122192.168.2.4
                                                              Dec 3, 2024 13:57:06.752023935 CET44549852192.168.1.123192.168.2.4
                                                              Dec 3, 2024 13:57:06.752033949 CET49823445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:06.752104044 CET49851445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:06.752140045 CET49852445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:06.752203941 CET49851445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:06.752315044 CET49852445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:06.752451897 CET44549817192.168.1.88192.168.2.4
                                                              Dec 3, 2024 13:57:06.752463102 CET44549809192.168.1.80192.168.2.4
                                                              Dec 3, 2024 13:57:06.752506018 CET49817445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:06.752518892 CET49809445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:06.752528906 CET44549822192.168.1.93192.168.2.4
                                                              Dec 3, 2024 13:57:06.752583027 CET44549826192.168.1.97192.168.2.4
                                                              Dec 3, 2024 13:57:06.752634048 CET49822445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:06.752645016 CET44549818192.168.1.89192.168.2.4
                                                              Dec 3, 2024 13:57:06.752655029 CET44549812192.168.1.83192.168.2.4
                                                              Dec 3, 2024 13:57:06.752660036 CET49826445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:06.752665043 CET44549841192.168.1.112192.168.2.4
                                                              Dec 3, 2024 13:57:06.752686024 CET49818445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:06.752690077 CET44549840192.168.1.111192.168.2.4
                                                              Dec 3, 2024 13:57:06.752701998 CET44549837192.168.1.108192.168.2.4
                                                              Dec 3, 2024 13:57:06.752717018 CET49812445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:06.752737045 CET49841445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:06.752769947 CET49840445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:06.752783060 CET49837445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:06.752887011 CET44549835192.168.1.106192.168.2.4
                                                              Dec 3, 2024 13:57:06.752927065 CET44549831192.168.1.103192.168.2.4
                                                              Dec 3, 2024 13:57:06.752932072 CET49835445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:06.752937078 CET44549832192.168.1.102192.168.2.4
                                                              Dec 3, 2024 13:57:06.752969027 CET44549828192.168.1.99192.168.2.4
                                                              Dec 3, 2024 13:57:06.752979040 CET44549820192.168.1.91192.168.2.4
                                                              Dec 3, 2024 13:57:06.752985954 CET49831445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:06.752990961 CET49832445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:06.753015995 CET49828445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:06.753022909 CET49820445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:06.804267883 CET49869445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:06.805316925 CET49870445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:06.805538893 CET49871445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:06.805748940 CET49872445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:06.805927992 CET49873445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:06.806381941 CET49874445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:06.807668924 CET44549842192.168.1.113192.168.2.4
                                                              Dec 3, 2024 13:57:06.807732105 CET49842445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:06.807795048 CET44549843192.168.1.114192.168.2.4
                                                              Dec 3, 2024 13:57:06.807969093 CET44549844192.168.1.115192.168.2.4
                                                              Dec 3, 2024 13:57:06.808012009 CET44549845192.168.1.116192.168.2.4
                                                              Dec 3, 2024 13:57:06.808012962 CET49843445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:06.808021069 CET49844445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:06.808056116 CET49845445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:06.808082104 CET44549846192.168.1.117192.168.2.4
                                                              Dec 3, 2024 13:57:06.808120012 CET49846445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:06.808408022 CET44549847192.168.1.118192.168.2.4
                                                              Dec 3, 2024 13:57:06.808500051 CET49876445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:06.808507919 CET44549848192.168.1.119192.168.2.4
                                                              Dec 3, 2024 13:57:06.808527946 CET49847445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:06.808559895 CET49848445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:06.808665037 CET44549849192.168.1.120192.168.2.4
                                                              Dec 3, 2024 13:57:06.808698893 CET44549850192.168.1.121192.168.2.4
                                                              Dec 3, 2024 13:57:06.808701992 CET49849445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:06.808732986 CET49850445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:06.808948994 CET49877445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:06.810090065 CET49875445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:06.810709953 CET49878445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:06.811331987 CET49879445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:06.811471939 CET49880445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:06.811671972 CET49881445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:06.812640905 CET49882445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:06.813364029 CET49884445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:06.813376904 CET49883445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:06.813607931 CET49885445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:06.813802004 CET49886445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:06.814395905 CET49888445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:06.814649105 CET49889445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:06.814840078 CET49890445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:06.815020084 CET49891445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:06.815340042 CET49887445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:06.815629005 CET49892445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:06.815903902 CET49893445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:06.816107988 CET49894445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:06.816313028 CET49895445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:06.816608906 CET49896445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:06.817030907 CET49897445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:06.817281008 CET49898445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:06.818119049 CET49899445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:06.818460941 CET49900445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:06.820868969 CET49901445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:06.821207047 CET49902445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:06.821477890 CET49903445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:06.821751118 CET49904445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:06.821881056 CET49905445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:06.822115898 CET49906445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:06.822225094 CET49907445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:06.822396040 CET49908445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:06.822570086 CET49909445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:06.822810888 CET49910445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:06.822913885 CET49911445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:06.823090076 CET49912445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:06.823302984 CET49913445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:06.823503971 CET49914445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:06.823694944 CET49915445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:06.823899984 CET49916445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:06.824110031 CET49917445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:06.824323893 CET49918445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:06.824466944 CET49919445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:06.824654102 CET49920445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:06.824848890 CET49921445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:06.825043917 CET49922445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:06.825232983 CET49923445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:06.825653076 CET49924445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:06.825850964 CET49925445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:06.826052904 CET49926445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:06.826260090 CET49927445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:06.826524973 CET49928445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:06.826785088 CET49929445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:06.827012062 CET49930445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:06.827254057 CET49931445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:06.827449083 CET49932445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:06.827661991 CET49933445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:06.827845097 CET49934445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:06.828042030 CET49935445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:06.828238964 CET49936445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:06.828408957 CET49937445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:06.828609943 CET49938445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:06.828885078 CET49939445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:06.828953028 CET49940445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:06.829149961 CET49941445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:06.829474926 CET49942445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:06.829543114 CET49943445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:06.829751968 CET49944445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:06.829960108 CET49945445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:06.830267906 CET49946445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:06.830344915 CET49947445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:06.830529928 CET49948445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:06.830728054 CET49949445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:06.830982924 CET49950445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:06.831132889 CET49951445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:06.831401110 CET49952445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:06.831613064 CET49953445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:06.831861973 CET49954445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:06.832077026 CET49955445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:06.832268000 CET49956445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:06.832474947 CET49957445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:06.832660913 CET49958445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:06.832854033 CET49959445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:06.833065033 CET49960445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:06.833256006 CET49961445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:06.833477020 CET49962445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:06.833656073 CET49963445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:06.833854914 CET49964445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:06.834043026 CET49965445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:06.834222078 CET49966445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:06.834403992 CET49967445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:06.834595919 CET49968445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:06.834794998 CET49969445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:06.834969044 CET49970445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:06.835180998 CET49971445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:06.835338116 CET49972445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:06.835545063 CET49973445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:06.835910082 CET49974445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:06.836241961 CET49975445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:06.836291075 CET49976445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:06.836486101 CET49977445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:06.836685896 CET49978445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:06.836937904 CET49979445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:06.837034941 CET49980445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:06.837212086 CET49981445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:06.837400913 CET49982445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:06.838376999 CET49983445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:06.850274086 CET44549853192.168.1.124192.168.2.4
                                                              Dec 3, 2024 13:57:06.850330114 CET44549854192.168.1.125192.168.2.4
                                                              Dec 3, 2024 13:57:06.850400925 CET49853445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:06.850472927 CET49854445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:06.850474119 CET49853445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:06.851001978 CET49854445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:06.852710962 CET44549855192.168.1.126192.168.2.4
                                                              Dec 3, 2024 13:57:06.857199907 CET49855445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:06.857285976 CET49855445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:06.858834982 CET44549856192.168.1.127192.168.2.4
                                                              Dec 3, 2024 13:57:06.858901024 CET49856445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:06.858948946 CET49856445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:06.864043951 CET44549857192.168.1.128192.168.2.4
                                                              Dec 3, 2024 13:57:06.864109993 CET49857445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:06.864175081 CET49857445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:06.865885019 CET44549858192.168.1.129192.168.2.4
                                                              Dec 3, 2024 13:57:06.865946054 CET49858445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:06.866039038 CET49858445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:06.867136002 CET44549859192.168.1.130192.168.2.4
                                                              Dec 3, 2024 13:57:06.867194891 CET49859445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:06.867280960 CET49859445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:06.867954969 CET44549860192.168.1.131192.168.2.4
                                                              Dec 3, 2024 13:57:06.868005037 CET49860445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:06.868068933 CET49860445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:06.868103981 CET44549861192.168.1.132192.168.2.4
                                                              Dec 3, 2024 13:57:06.868432045 CET44549862192.168.1.133192.168.2.4
                                                              Dec 3, 2024 13:57:06.868485928 CET49861445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:06.868552923 CET49861445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:06.868554115 CET49862445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:06.868650913 CET49862445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:06.868678093 CET44549863192.168.1.134192.168.2.4
                                                              Dec 3, 2024 13:57:06.868724108 CET49863445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:06.868791103 CET49863445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:06.868994951 CET44549864192.168.1.135192.168.2.4
                                                              Dec 3, 2024 13:57:06.869038105 CET49864445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:06.869076967 CET49864445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:06.869121075 CET44549865192.168.1.136192.168.2.4
                                                              Dec 3, 2024 13:57:06.869755983 CET44549866192.168.1.137192.168.2.4
                                                              Dec 3, 2024 13:57:06.869806051 CET49865445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:06.869849920 CET49865445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:06.869851112 CET49866445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:06.869877100 CET44549867192.168.1.138192.168.2.4
                                                              Dec 3, 2024 13:57:06.869923115 CET49866445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:06.869946957 CET49867445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:06.870019913 CET49867445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:06.870349884 CET44549868192.168.1.139192.168.2.4
                                                              Dec 3, 2024 13:57:06.870868921 CET49868445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:06.870925903 CET49868445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:06.872917891 CET44549851192.168.1.122192.168.2.4
                                                              Dec 3, 2024 13:57:06.873117924 CET44549852192.168.1.123192.168.2.4
                                                              Dec 3, 2024 13:57:06.873163939 CET49851445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:06.873179913 CET49852445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:06.924464941 CET44549869192.168.1.140192.168.2.4
                                                              Dec 3, 2024 13:57:06.925251961 CET44549870192.168.1.141192.168.2.4
                                                              Dec 3, 2024 13:57:06.925353050 CET49869445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:06.925405979 CET44549871192.168.1.142192.168.2.4
                                                              Dec 3, 2024 13:57:06.925431013 CET49870445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:06.925451040 CET49871445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:06.925595045 CET49869445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:06.925705910 CET44549872192.168.1.143192.168.2.4
                                                              Dec 3, 2024 13:57:06.925789118 CET49870445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:06.925808907 CET44549873192.168.1.144192.168.2.4
                                                              Dec 3, 2024 13:57:06.925815105 CET49872445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:06.925851107 CET49873445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:06.925904036 CET49871445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:06.925996065 CET49872445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:06.926076889 CET49873445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:06.926259995 CET44549874192.168.1.145192.168.2.4
                                                              Dec 3, 2024 13:57:06.928488016 CET44549876192.168.1.147192.168.2.4
                                                              Dec 3, 2024 13:57:06.928550005 CET49876445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:06.928550005 CET49874445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:06.928595066 CET49874445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:06.928675890 CET49876445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:06.928828001 CET44549877192.168.1.148192.168.2.4
                                                              Dec 3, 2024 13:57:06.928878069 CET49877445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:06.928920984 CET49877445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:06.929949999 CET44549875192.168.1.146192.168.2.4
                                                              Dec 3, 2024 13:57:06.930536032 CET44549878192.168.1.149192.168.2.4
                                                              Dec 3, 2024 13:57:06.931196928 CET44549879192.168.1.150192.168.2.4
                                                              Dec 3, 2024 13:57:06.931272984 CET49878445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:06.931296110 CET44549880192.168.1.151192.168.2.4
                                                              Dec 3, 2024 13:57:06.931307077 CET49878445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:06.931350946 CET49880445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:06.931514025 CET44549881192.168.1.152192.168.2.4
                                                              Dec 3, 2024 13:57:06.931514978 CET49880445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:06.931552887 CET49881445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:06.931601048 CET49881445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:06.932574034 CET44549882192.168.1.153192.168.2.4
                                                              Dec 3, 2024 13:57:06.933378935 CET49875445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:06.933378935 CET49875445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:06.933378935 CET49879445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:06.933378935 CET49879445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:06.933412075 CET49882445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:06.933450937 CET49882445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:06.933479071 CET44549884192.168.1.155192.168.2.4
                                                              Dec 3, 2024 13:57:06.933490038 CET44549883192.168.1.154192.168.2.4
                                                              Dec 3, 2024 13:57:06.933543921 CET49884445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:06.933581114 CET44549885192.168.1.156192.168.2.4
                                                              Dec 3, 2024 13:57:06.933594942 CET49884445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:06.933619976 CET49885445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:06.933757067 CET44549886192.168.1.157192.168.2.4
                                                              Dec 3, 2024 13:57:06.933773041 CET49885445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:06.933803082 CET49886445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:06.933872938 CET49886445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:06.934206963 CET44549888192.168.1.159192.168.2.4
                                                              Dec 3, 2024 13:57:06.934468031 CET44549889192.168.1.160192.168.2.4
                                                              Dec 3, 2024 13:57:06.934523106 CET49888445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:06.934593916 CET49889445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:06.934595108 CET49888445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:06.934676886 CET49889445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:06.934735060 CET44549890192.168.1.161192.168.2.4
                                                              Dec 3, 2024 13:57:06.934890985 CET44549891192.168.1.162192.168.2.4
                                                              Dec 3, 2024 13:57:06.934942007 CET49890445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:06.934978008 CET49890445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:06.934981108 CET49891445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:06.935051918 CET49891445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:06.935172081 CET44549887192.168.1.158192.168.2.4
                                                              Dec 3, 2024 13:57:06.935506105 CET44549892192.168.1.163192.168.2.4
                                                              Dec 3, 2024 13:57:06.935719013 CET44549893192.168.1.164192.168.2.4
                                                              Dec 3, 2024 13:57:06.935772896 CET49893445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:06.935774088 CET49892445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:06.935815096 CET49892445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:06.935897112 CET49893445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:06.935934067 CET44549894192.168.1.165192.168.2.4
                                                              Dec 3, 2024 13:57:06.935980082 CET49894445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:06.936019897 CET49894445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:06.936147928 CET44549895192.168.1.166192.168.2.4
                                                              Dec 3, 2024 13:57:06.936193943 CET49895445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:06.936230898 CET49895445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:06.936388016 CET49883445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:06.936388016 CET49883445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:06.936388016 CET49887445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:06.936388016 CET49887445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:06.936495066 CET44549896192.168.1.167192.168.2.4
                                                              Dec 3, 2024 13:57:06.937012911 CET44549897192.168.1.168192.168.2.4
                                                              Dec 3, 2024 13:57:06.937069893 CET49896445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:06.937069893 CET49897445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:06.937113047 CET49896445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:06.937191963 CET49897445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:06.937244892 CET44549898192.168.1.169192.168.2.4
                                                              Dec 3, 2024 13:57:06.938368082 CET44549899192.168.1.170192.168.2.4
                                                              Dec 3, 2024 13:57:06.938424110 CET49898445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:06.938425064 CET49899445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:06.938462019 CET49898445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:06.938540936 CET49899445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:06.939137936 CET44549900192.168.1.171192.168.2.4
                                                              Dec 3, 2024 13:57:06.941919088 CET44549901192.168.1.172192.168.2.4
                                                              Dec 3, 2024 13:57:06.941935062 CET44549902192.168.1.173192.168.2.4
                                                              Dec 3, 2024 13:57:06.941982985 CET49900445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:06.942015886 CET49900445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:06.942015886 CET49902445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:06.942015886 CET49901445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:06.942092896 CET49901445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:06.942202091 CET49902445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:06.947010040 CET44549903192.168.1.174192.168.2.4
                                                              Dec 3, 2024 13:57:06.947027922 CET44549904192.168.1.175192.168.2.4
                                                              Dec 3, 2024 13:57:06.947057009 CET44549905192.168.1.176192.168.2.4
                                                              Dec 3, 2024 13:57:06.947067022 CET44549906192.168.1.177192.168.2.4
                                                              Dec 3, 2024 13:57:06.947076082 CET44549907192.168.1.178192.168.2.4
                                                              Dec 3, 2024 13:57:06.947086096 CET44549908192.168.1.179192.168.2.4
                                                              Dec 3, 2024 13:57:06.947093964 CET44549909192.168.1.180192.168.2.4
                                                              Dec 3, 2024 13:57:06.947108984 CET49903445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:06.947113037 CET44549910192.168.1.181192.168.2.4
                                                              Dec 3, 2024 13:57:06.947124004 CET44549911192.168.1.182192.168.2.4
                                                              Dec 3, 2024 13:57:06.947133064 CET44549912192.168.1.183192.168.2.4
                                                              Dec 3, 2024 13:57:06.947143078 CET44549913192.168.1.184192.168.2.4
                                                              Dec 3, 2024 13:57:06.947151899 CET44549914192.168.1.185192.168.2.4
                                                              Dec 3, 2024 13:57:06.947163105 CET44549915192.168.1.186192.168.2.4
                                                              Dec 3, 2024 13:57:06.947171926 CET44549916192.168.1.187192.168.2.4
                                                              Dec 3, 2024 13:57:06.947180033 CET44549917192.168.1.188192.168.2.4
                                                              Dec 3, 2024 13:57:06.947191000 CET44549918192.168.1.189192.168.2.4
                                                              Dec 3, 2024 13:57:06.947191954 CET49905445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:06.947201967 CET49907445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:06.947207928 CET49908445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:06.947215080 CET49909445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:06.947231054 CET44549919192.168.1.190192.168.2.4
                                                              Dec 3, 2024 13:57:06.947241068 CET44549920192.168.1.191192.168.2.4
                                                              Dec 3, 2024 13:57:06.947248936 CET44549921192.168.1.192192.168.2.4
                                                              Dec 3, 2024 13:57:06.947259903 CET44549922192.168.1.193192.168.2.4
                                                              Dec 3, 2024 13:57:06.947268009 CET44549923192.168.1.194192.168.2.4
                                                              Dec 3, 2024 13:57:06.947277069 CET44549924192.168.1.195192.168.2.4
                                                              Dec 3, 2024 13:57:06.947334051 CET49911445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:06.947334051 CET49912445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:06.947334051 CET49913445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:06.947352886 CET49915445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:06.947355986 CET44549925192.168.1.196192.168.2.4
                                                              Dec 3, 2024 13:57:06.947367907 CET49917445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:06.947369099 CET49916445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:06.947375059 CET44549926192.168.1.197192.168.2.4
                                                              Dec 3, 2024 13:57:06.947381020 CET49904445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:06.947381020 CET49906445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:06.947381020 CET49910445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:06.947381020 CET49914445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:06.947381020 CET49918445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:06.947385073 CET44549927192.168.1.198192.168.2.4
                                                              Dec 3, 2024 13:57:06.947396994 CET44549928192.168.1.199192.168.2.4
                                                              Dec 3, 2024 13:57:06.947458982 CET49919445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:06.947465897 CET49921445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:06.947467089 CET49920445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:06.947479963 CET49922445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:06.947482109 CET49923445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:06.947491884 CET49925445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:06.947494030 CET49924445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:06.947536945 CET49926445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:06.947550058 CET49928445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:06.947550058 CET49927445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:06.947650909 CET49903445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:06.947896004 CET49905445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:06.948143959 CET49907445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:06.948231936 CET49908445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:06.948271036 CET49904445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:06.948271036 CET49906445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:06.948308945 CET49909445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:06.948395014 CET49910445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:06.948478937 CET49911445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:06.948579073 CET49912445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:06.948724985 CET49913445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:06.948879957 CET49914445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:06.948924065 CET49915445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:06.948997021 CET49916445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:06.949079037 CET49917445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:06.949243069 CET49919445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:06.949321985 CET49920445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:06.949357986 CET49918445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:06.949402094 CET49921445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:06.949491024 CET49922445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:06.949558973 CET49923445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:06.949651957 CET49924445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:06.949728966 CET49925445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:06.949810028 CET49926445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:06.949886084 CET49927445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:06.949966908 CET49928445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:06.953289032 CET44549929192.168.1.200192.168.2.4
                                                              Dec 3, 2024 13:57:06.953309059 CET44549930192.168.1.201192.168.2.4
                                                              Dec 3, 2024 13:57:06.953319073 CET44549931192.168.1.202192.168.2.4
                                                              Dec 3, 2024 13:57:06.953329086 CET44549932192.168.1.203192.168.2.4
                                                              Dec 3, 2024 13:57:06.953337908 CET44549933192.168.1.204192.168.2.4
                                                              Dec 3, 2024 13:57:06.953346968 CET44549934192.168.1.205192.168.2.4
                                                              Dec 3, 2024 13:57:06.953372955 CET44549935192.168.1.206192.168.2.4
                                                              Dec 3, 2024 13:57:06.953382015 CET44549936192.168.1.207192.168.2.4
                                                              Dec 3, 2024 13:57:06.953385115 CET49929445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:06.953392029 CET44549937192.168.1.208192.168.2.4
                                                              Dec 3, 2024 13:57:06.953397989 CET49930445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:06.953399897 CET49931445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:06.953402996 CET44549938192.168.1.209192.168.2.4
                                                              Dec 3, 2024 13:57:06.953413963 CET44549939192.168.1.210192.168.2.4
                                                              Dec 3, 2024 13:57:06.953432083 CET44549940192.168.1.211192.168.2.4
                                                              Dec 3, 2024 13:57:06.953440905 CET44549941192.168.1.212192.168.2.4
                                                              Dec 3, 2024 13:57:06.953450918 CET44549942192.168.1.213192.168.2.4
                                                              Dec 3, 2024 13:57:06.953459024 CET44549943192.168.1.214192.168.2.4
                                                              Dec 3, 2024 13:57:06.953463078 CET49932445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:06.953469038 CET44549944192.168.1.215192.168.2.4
                                                              Dec 3, 2024 13:57:06.953478098 CET44549945192.168.1.216192.168.2.4
                                                              Dec 3, 2024 13:57:06.953478098 CET49934445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:06.953480005 CET49933445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:06.953486919 CET49935445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:06.953497887 CET44549946192.168.1.217192.168.2.4
                                                              Dec 3, 2024 13:57:06.953507900 CET44549947192.168.1.218192.168.2.4
                                                              Dec 3, 2024 13:57:06.953517914 CET44549948192.168.1.219192.168.2.4
                                                              Dec 3, 2024 13:57:06.953531027 CET44549949192.168.1.220192.168.2.4
                                                              Dec 3, 2024 13:57:06.953540087 CET44549950192.168.1.221192.168.2.4
                                                              Dec 3, 2024 13:57:06.953548908 CET44549951192.168.1.222192.168.2.4
                                                              Dec 3, 2024 13:57:06.953591108 CET49937445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:06.953604937 CET49940445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:06.953604937 CET49941445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:06.953605890 CET49939445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:06.953617096 CET49943445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:06.953623056 CET49944445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:06.953625917 CET44549952192.168.1.223192.168.2.4
                                                              Dec 3, 2024 13:57:06.953633070 CET49945445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:06.953636885 CET44549953192.168.1.224192.168.2.4
                                                              Dec 3, 2024 13:57:06.953645945 CET44549954192.168.1.225192.168.2.4
                                                              Dec 3, 2024 13:57:06.953670979 CET44549955192.168.1.226192.168.2.4
                                                              Dec 3, 2024 13:57:06.953680992 CET44549956192.168.1.227192.168.2.4
                                                              Dec 3, 2024 13:57:06.953691006 CET44549957192.168.1.228192.168.2.4
                                                              Dec 3, 2024 13:57:06.953720093 CET49948445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:06.953721046 CET49947445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:06.953756094 CET49951445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:06.953756094 CET49949445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:06.953756094 CET49936445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:06.953756094 CET49952445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:06.953756094 CET49938445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:06.953756094 CET49942445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:06.953756094 CET49946445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:06.953756094 CET49950445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:06.953803062 CET49953445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:06.953815937 CET49955445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:06.953816891 CET49954445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:06.953828096 CET49957445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:06.953829050 CET49956445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:06.953891039 CET49929445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:06.953988075 CET49930445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:06.954071045 CET49931445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:06.954154015 CET49932445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:06.954229116 CET49933445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:06.954308987 CET49934445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:06.954418898 CET49935445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:06.954454899 CET44549958192.168.1.229192.168.2.4
                                                              Dec 3, 2024 13:57:06.954469919 CET44549959192.168.1.230192.168.2.4
                                                              Dec 3, 2024 13:57:06.954478979 CET44549960192.168.1.231192.168.2.4
                                                              Dec 3, 2024 13:57:06.954497099 CET44549961192.168.1.232192.168.2.4
                                                              Dec 3, 2024 13:57:06.954503059 CET49958445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:06.954508066 CET44549962192.168.1.233192.168.2.4
                                                              Dec 3, 2024 13:57:06.954535961 CET49959445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:06.954572916 CET49960445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:06.954572916 CET49961445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:06.954615116 CET49962445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:06.954708099 CET49937445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:06.954854012 CET49939445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:06.954927921 CET49940445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:06.955007076 CET49941445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:06.955051899 CET49936445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:06.955051899 CET49938445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:06.955153942 CET49943445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:06.955226898 CET49944445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:06.955303907 CET49945445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:06.955327988 CET49942445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:06.955475092 CET49947445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:06.955544949 CET49948445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:06.955667973 CET49949445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:06.955840111 CET49951445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:06.955908060 CET49946445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:06.955908060 CET49950445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:06.955926895 CET49952445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:06.956015110 CET49953445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:06.956068993 CET44549963192.168.1.234192.168.2.4
                                                              Dec 3, 2024 13:57:06.956084967 CET44549964192.168.1.235192.168.2.4
                                                              Dec 3, 2024 13:57:06.956089973 CET49954445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:06.956095934 CET44549965192.168.1.236192.168.2.4
                                                              Dec 3, 2024 13:57:06.956116915 CET44549966192.168.1.237192.168.2.4
                                                              Dec 3, 2024 13:57:06.956119061 CET49963445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:06.956126928 CET44549967192.168.1.238192.168.2.4
                                                              Dec 3, 2024 13:57:06.956135988 CET44549968192.168.1.239192.168.2.4
                                                              Dec 3, 2024 13:57:06.956146002 CET44549969192.168.1.240192.168.2.4
                                                              Dec 3, 2024 13:57:06.956155062 CET49964445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:06.956156015 CET44549970192.168.1.241192.168.2.4
                                                              Dec 3, 2024 13:57:06.956166029 CET44549971192.168.1.242192.168.2.4
                                                              Dec 3, 2024 13:57:06.956167936 CET49965445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:06.956182957 CET44549972192.168.1.243192.168.2.4
                                                              Dec 3, 2024 13:57:06.956192017 CET44549973192.168.1.244192.168.2.4
                                                              Dec 3, 2024 13:57:06.956201077 CET44549974192.168.1.245192.168.2.4
                                                              Dec 3, 2024 13:57:06.956212997 CET49966445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:06.956222057 CET44549975192.168.1.247192.168.2.4
                                                              Dec 3, 2024 13:57:06.956227064 CET49967445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:06.956233025 CET49969445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:06.956233025 CET49968445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:06.956300974 CET49970445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:06.956305981 CET49972445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:06.956326008 CET49974445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:06.956330061 CET49973445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:06.956338882 CET49971445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:06.956424952 CET49955445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:06.956429958 CET49975445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:06.956518888 CET49956445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:06.956588984 CET49957445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:06.956681967 CET49958445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:06.956753016 CET49959445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:06.956823111 CET49960445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:06.956896067 CET49961445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:06.956976891 CET49962445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:06.957051992 CET49963445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:06.957124949 CET49964445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:06.957211018 CET49965445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:06.957288027 CET49966445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:06.957360983 CET49967445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:06.957444906 CET49968445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:06.957535982 CET49969445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:06.957614899 CET49970445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:06.957751989 CET49972445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:06.957817078 CET49971445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:06.957848072 CET49973445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:06.957928896 CET49974445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:06.957998991 CET49975445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:06.970592022 CET44549976192.168.1.246192.168.2.4
                                                              Dec 3, 2024 13:57:06.970607996 CET44549977192.168.1.248192.168.2.4
                                                              Dec 3, 2024 13:57:06.970618010 CET44549978192.168.1.249192.168.2.4
                                                              Dec 3, 2024 13:57:06.970628023 CET44549979192.168.1.250192.168.2.4
                                                              Dec 3, 2024 13:57:06.970638037 CET44549980192.168.1.251192.168.2.4
                                                              Dec 3, 2024 13:57:06.970645905 CET44549981192.168.1.252192.168.2.4
                                                              Dec 3, 2024 13:57:06.970654964 CET44549982192.168.1.253192.168.2.4
                                                              Dec 3, 2024 13:57:06.970669031 CET44549983192.168.1.254192.168.2.4
                                                              Dec 3, 2024 13:57:06.970854044 CET49976445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:06.970879078 CET49977445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:06.970879078 CET49978445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:06.970899105 CET49980445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:06.970906019 CET49981445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:06.970906019 CET49982445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:06.970911980 CET44549853192.168.1.124192.168.2.4
                                                              Dec 3, 2024 13:57:06.970935106 CET49979445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:06.970935106 CET49983445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:06.970974922 CET49853445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:06.971091032 CET49976445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:06.971240044 CET49977445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:06.971324921 CET49978445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:06.971424103 CET49979445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:06.971481085 CET49980445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:06.971580029 CET49981445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:06.971657991 CET49982445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:06.971764088 CET49983445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:06.973376036 CET44549854192.168.1.125192.168.2.4
                                                              Dec 3, 2024 13:57:06.973432064 CET49854445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:06.979952097 CET44549855192.168.1.126192.168.2.4
                                                              Dec 3, 2024 13:57:06.980003119 CET49855445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:06.984843969 CET44549856192.168.1.127192.168.2.4
                                                              Dec 3, 2024 13:57:06.984900951 CET49856445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:06.986308098 CET44549857192.168.1.128192.168.2.4
                                                              Dec 3, 2024 13:57:06.986366987 CET49857445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:06.987795115 CET44549858192.168.1.129192.168.2.4
                                                              Dec 3, 2024 13:57:06.987837076 CET49858445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:06.988425970 CET44549859192.168.1.130192.168.2.4
                                                              Dec 3, 2024 13:57:06.988485098 CET49859445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:06.988780975 CET44549860192.168.1.131192.168.2.4
                                                              Dec 3, 2024 13:57:06.988833904 CET49860445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:06.989399910 CET44549861192.168.1.132192.168.2.4
                                                              Dec 3, 2024 13:57:06.989707947 CET44549862192.168.1.133192.168.2.4
                                                              Dec 3, 2024 13:57:06.989753008 CET49861445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:06.989778042 CET49862445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:06.989984989 CET44549863192.168.1.134192.168.2.4
                                                              Dec 3, 2024 13:57:06.990111113 CET44549864192.168.1.135192.168.2.4
                                                              Dec 3, 2024 13:57:06.990252018 CET49863445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:06.990262985 CET49864445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:06.990864992 CET44549865192.168.1.136192.168.2.4
                                                              Dec 3, 2024 13:57:06.991076946 CET44549866192.168.1.137192.168.2.4
                                                              Dec 3, 2024 13:57:06.991126060 CET49865445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:06.991147041 CET49866445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:06.991350889 CET44549867192.168.1.138192.168.2.4
                                                              Dec 3, 2024 13:57:06.991396904 CET49867445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:06.992930889 CET44549868192.168.1.139192.168.2.4
                                                              Dec 3, 2024 13:57:06.992989063 CET49868445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:07.049791098 CET44549869192.168.1.140192.168.2.4
                                                              Dec 3, 2024 13:57:07.049885988 CET49869445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:07.050203085 CET44549870192.168.1.141192.168.2.4
                                                              Dec 3, 2024 13:57:07.050333977 CET49870445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:07.050479889 CET44549871192.168.1.142192.168.2.4
                                                              Dec 3, 2024 13:57:07.050578117 CET49871445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:07.050898075 CET44549872192.168.1.143192.168.2.4
                                                              Dec 3, 2024 13:57:07.050961971 CET49872445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:07.051038980 CET44549873192.168.1.144192.168.2.4
                                                              Dec 3, 2024 13:57:07.051091909 CET49873445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:07.052382946 CET44549874192.168.1.145192.168.2.4
                                                              Dec 3, 2024 13:57:07.052452087 CET49874445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:07.052706003 CET44549876192.168.1.147192.168.2.4
                                                              Dec 3, 2024 13:57:07.052826881 CET44549877192.168.1.148192.168.2.4
                                                              Dec 3, 2024 13:57:07.052882910 CET49876445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:07.052891970 CET49877445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:07.054735899 CET44549878192.168.1.149192.168.2.4
                                                              Dec 3, 2024 13:57:07.054809093 CET49878445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:07.055200100 CET44549880192.168.1.151192.168.2.4
                                                              Dec 3, 2024 13:57:07.055263042 CET49880445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:07.055365086 CET44549881192.168.1.152192.168.2.4
                                                              Dec 3, 2024 13:57:07.055444002 CET49881445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:07.056879044 CET44549875192.168.1.146192.168.2.4
                                                              Dec 3, 2024 13:57:07.057087898 CET49875445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:07.057317972 CET44549879192.168.1.150192.168.2.4
                                                              Dec 3, 2024 13:57:07.057393074 CET49879445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:07.057729959 CET44549882192.168.1.153192.168.2.4
                                                              Dec 3, 2024 13:57:07.057785034 CET49882445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:07.058080912 CET44549884192.168.1.155192.168.2.4
                                                              Dec 3, 2024 13:57:07.058332920 CET49884445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:07.058357954 CET44549885192.168.1.156192.168.2.4
                                                              Dec 3, 2024 13:57:07.058414936 CET49885445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:07.058630943 CET44549886192.168.1.157192.168.2.4
                                                              Dec 3, 2024 13:57:07.058689117 CET49886445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:07.059053898 CET44549888192.168.1.159192.168.2.4
                                                              Dec 3, 2024 13:57:07.059357882 CET44549893192.168.1.164192.168.2.4
                                                              Dec 3, 2024 13:57:07.059369087 CET44549892192.168.1.163192.168.2.4
                                                              Dec 3, 2024 13:57:07.059379101 CET44549891192.168.1.162192.168.2.4
                                                              Dec 3, 2024 13:57:07.059389114 CET44549890192.168.1.161192.168.2.4
                                                              Dec 3, 2024 13:57:07.059398890 CET44549889192.168.1.160192.168.2.4
                                                              Dec 3, 2024 13:57:07.059408903 CET49888445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:07.059465885 CET44549889192.168.1.160192.168.2.4
                                                              Dec 3, 2024 13:57:07.059510946 CET49889445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:07.059798956 CET44549890192.168.1.161192.168.2.4
                                                              Dec 3, 2024 13:57:07.059855938 CET49890445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:07.060273886 CET44549891192.168.1.162192.168.2.4
                                                              Dec 3, 2024 13:57:07.060316086 CET49891445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:07.060555935 CET44549893192.168.1.164192.168.2.4
                                                              Dec 3, 2024 13:57:07.060648918 CET49893445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:07.060837030 CET44549892192.168.1.163192.168.2.4
                                                              Dec 3, 2024 13:57:07.060888052 CET49892445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:07.061173916 CET44549894192.168.1.165192.168.2.4
                                                              Dec 3, 2024 13:57:07.061223030 CET49894445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:07.061381102 CET44549895192.168.1.166192.168.2.4
                                                              Dec 3, 2024 13:57:07.061661005 CET44549883192.168.1.154192.168.2.4
                                                              Dec 3, 2024 13:57:07.061708927 CET49895445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:07.061758995 CET49883445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:07.061952114 CET44549887192.168.1.158192.168.2.4
                                                              Dec 3, 2024 13:57:07.062016964 CET49887445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:07.062181950 CET44549896192.168.1.167192.168.2.4
                                                              Dec 3, 2024 13:57:07.062232971 CET49896445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:07.062472105 CET44549897192.168.1.168192.168.2.4
                                                              Dec 3, 2024 13:57:07.062524080 CET49897445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:07.062803984 CET44549898192.168.1.169192.168.2.4
                                                              Dec 3, 2024 13:57:07.062855959 CET49898445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:07.062899113 CET44549899192.168.1.170192.168.2.4
                                                              Dec 3, 2024 13:57:07.062942982 CET49899445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:07.066214085 CET44549900192.168.1.171192.168.2.4
                                                              Dec 3, 2024 13:57:07.066261053 CET49900445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:07.066586018 CET44549901192.168.1.172192.168.2.4
                                                              Dec 3, 2024 13:57:07.066596985 CET44549902192.168.1.173192.168.2.4
                                                              Dec 3, 2024 13:57:07.066641092 CET49901445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:07.066652060 CET49902445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:07.078542948 CET44549903192.168.1.174192.168.2.4
                                                              Dec 3, 2024 13:57:07.078557968 CET44549905192.168.1.176192.168.2.4
                                                              Dec 3, 2024 13:57:07.078577995 CET44549907192.168.1.178192.168.2.4
                                                              Dec 3, 2024 13:57:07.078588009 CET44549908192.168.1.179192.168.2.4
                                                              Dec 3, 2024 13:57:07.078597069 CET44549909192.168.1.180192.168.2.4
                                                              Dec 3, 2024 13:57:07.078603029 CET49903445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:07.078614950 CET44549911192.168.1.182192.168.2.4
                                                              Dec 3, 2024 13:57:07.078625917 CET44549912192.168.1.183192.168.2.4
                                                              Dec 3, 2024 13:57:07.078627110 CET49905445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:07.078635931 CET44549904192.168.1.175192.168.2.4
                                                              Dec 3, 2024 13:57:07.078653097 CET49907445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:07.078660965 CET49908445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:07.078679085 CET49909445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:07.078689098 CET44549913192.168.1.184192.168.2.4
                                                              Dec 3, 2024 13:57:07.078697920 CET49911445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:07.078715086 CET49912445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:07.078747034 CET49913445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:07.078784943 CET49904445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:07.079436064 CET44549915192.168.1.186192.168.2.4
                                                              Dec 3, 2024 13:57:07.079483986 CET49915445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:07.079536915 CET44549916192.168.1.187192.168.2.4
                                                              Dec 3, 2024 13:57:07.079546928 CET44549917192.168.1.188192.168.2.4
                                                              Dec 3, 2024 13:57:07.079559088 CET44549906192.168.1.177192.168.2.4
                                                              Dec 3, 2024 13:57:07.079577923 CET49916445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:07.079586029 CET49917445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:07.079602957 CET44549928192.168.1.199192.168.2.4
                                                              Dec 3, 2024 13:57:07.079626083 CET44549927192.168.1.198192.168.2.4
                                                              Dec 3, 2024 13:57:07.079643965 CET49906445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:07.079678059 CET44549926192.168.1.197192.168.2.4
                                                              Dec 3, 2024 13:57:07.079688072 CET44549925192.168.1.196192.168.2.4
                                                              Dec 3, 2024 13:57:07.079699993 CET44549924192.168.1.195192.168.2.4
                                                              Dec 3, 2024 13:57:07.079710007 CET44549923192.168.1.194192.168.2.4
                                                              Dec 3, 2024 13:57:07.079763889 CET44549922192.168.1.193192.168.2.4
                                                              Dec 3, 2024 13:57:07.079813004 CET44549921192.168.1.192192.168.2.4
                                                              Dec 3, 2024 13:57:07.079833031 CET44549918192.168.1.189192.168.2.4
                                                              Dec 3, 2024 13:57:07.079859972 CET44549920192.168.1.191192.168.2.4
                                                              Dec 3, 2024 13:57:07.079921961 CET44549919192.168.1.190192.168.2.4
                                                              Dec 3, 2024 13:57:07.079931021 CET44549914192.168.1.185192.168.2.4
                                                              Dec 3, 2024 13:57:07.080080032 CET44549910192.168.1.181192.168.2.4
                                                              Dec 3, 2024 13:57:07.080667019 CET44549910192.168.1.181192.168.2.4
                                                              Dec 3, 2024 13:57:07.080676079 CET44549914192.168.1.185192.168.2.4
                                                              Dec 3, 2024 13:57:07.080728054 CET49910445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:07.080908060 CET49914445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:07.081159115 CET44549918192.168.1.189192.168.2.4
                                                              Dec 3, 2024 13:57:07.081178904 CET44549919192.168.1.190192.168.2.4
                                                              Dec 3, 2024 13:57:07.081212044 CET49918445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:07.081238985 CET49919445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:07.081513882 CET44549921192.168.1.192192.168.2.4
                                                              Dec 3, 2024 13:57:07.081573963 CET49921445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:07.081979990 CET44549920192.168.1.191192.168.2.4
                                                              Dec 3, 2024 13:57:07.082082987 CET49920445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:07.082226038 CET44549922192.168.1.193192.168.2.4
                                                              Dec 3, 2024 13:57:07.082277060 CET49922445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:07.082537889 CET44549923192.168.1.194192.168.2.4
                                                              Dec 3, 2024 13:57:07.082602024 CET49923445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:07.082758904 CET44549925192.168.1.196192.168.2.4
                                                              Dec 3, 2024 13:57:07.082808018 CET49925445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:07.083267927 CET44549924192.168.1.195192.168.2.4
                                                              Dec 3, 2024 13:57:07.083281040 CET44549952192.168.1.223192.168.2.4
                                                              Dec 3, 2024 13:57:07.083292007 CET44549950192.168.1.221192.168.2.4
                                                              Dec 3, 2024 13:57:07.083302021 CET44549946192.168.1.217192.168.2.4
                                                              Dec 3, 2024 13:57:07.083326101 CET49924445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:07.083327055 CET44549951192.168.1.222192.168.2.4
                                                              Dec 3, 2024 13:57:07.083336115 CET44549949192.168.1.220192.168.2.4
                                                              Dec 3, 2024 13:57:07.083348036 CET44549948192.168.1.219192.168.2.4
                                                              Dec 3, 2024 13:57:07.083533049 CET44549947192.168.1.218192.168.2.4
                                                              Dec 3, 2024 13:57:07.083544016 CET44549942192.168.1.213192.168.2.4
                                                              Dec 3, 2024 13:57:07.083553076 CET44549945192.168.1.216192.168.2.4
                                                              Dec 3, 2024 13:57:07.083561897 CET44549944192.168.1.215192.168.2.4
                                                              Dec 3, 2024 13:57:07.083571911 CET44549943192.168.1.214192.168.2.4
                                                              Dec 3, 2024 13:57:07.083580971 CET44549938192.168.1.209192.168.2.4
                                                              Dec 3, 2024 13:57:07.083590984 CET44549936192.168.1.207192.168.2.4
                                                              Dec 3, 2024 13:57:07.083606005 CET44549941192.168.1.212192.168.2.4
                                                              Dec 3, 2024 13:57:07.083615065 CET44549940192.168.1.211192.168.2.4
                                                              Dec 3, 2024 13:57:07.083626032 CET44549939192.168.1.210192.168.2.4
                                                              Dec 3, 2024 13:57:07.083636999 CET44549937192.168.1.208192.168.2.4
                                                              Dec 3, 2024 13:57:07.083647013 CET44549935192.168.1.206192.168.2.4
                                                              Dec 3, 2024 13:57:07.083657026 CET44549934192.168.1.205192.168.2.4
                                                              Dec 3, 2024 13:57:07.083666086 CET44549933192.168.1.204192.168.2.4
                                                              Dec 3, 2024 13:57:07.083674908 CET44549932192.168.1.203192.168.2.4
                                                              Dec 3, 2024 13:57:07.083684921 CET44549931192.168.1.202192.168.2.4
                                                              Dec 3, 2024 13:57:07.083693981 CET44549930192.168.1.201192.168.2.4
                                                              Dec 3, 2024 13:57:07.083703041 CET44549929192.168.1.200192.168.2.4
                                                              Dec 3, 2024 13:57:07.083717108 CET44549926192.168.1.197192.168.2.4
                                                              Dec 3, 2024 13:57:07.083772898 CET49926445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:07.083889961 CET44549928192.168.1.199192.168.2.4
                                                              Dec 3, 2024 13:57:07.084212065 CET44549927192.168.1.198192.168.2.4
                                                              Dec 3, 2024 13:57:07.084258080 CET49928445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:07.084266901 CET49927445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:07.084417105 CET44549929192.168.1.200192.168.2.4
                                                              Dec 3, 2024 13:57:07.084501028 CET49929445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:07.084652901 CET44549930192.168.1.201192.168.2.4
                                                              Dec 3, 2024 13:57:07.084702969 CET49930445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:07.084939957 CET44549931192.168.1.202192.168.2.4
                                                              Dec 3, 2024 13:57:07.084988117 CET49931445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:07.085174084 CET44549932192.168.1.203192.168.2.4
                                                              Dec 3, 2024 13:57:07.085226059 CET49932445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:07.085437059 CET44549933192.168.1.204192.168.2.4
                                                              Dec 3, 2024 13:57:07.085486889 CET49933445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:07.085692883 CET44549934192.168.1.205192.168.2.4
                                                              Dec 3, 2024 13:57:07.085838079 CET49934445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:07.085951090 CET44549935192.168.1.206192.168.2.4
                                                              Dec 3, 2024 13:57:07.085994005 CET49935445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:07.086219072 CET44549937192.168.1.208192.168.2.4
                                                              Dec 3, 2024 13:57:07.086276054 CET49937445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:07.086494923 CET44549940192.168.1.211192.168.2.4
                                                              Dec 3, 2024 13:57:07.086545944 CET49940445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:07.086807966 CET44549939192.168.1.210192.168.2.4
                                                              Dec 3, 2024 13:57:07.086858034 CET49939445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:07.087043047 CET44549941192.168.1.212192.168.2.4
                                                              Dec 3, 2024 13:57:07.087117910 CET49941445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:07.087474108 CET44549943192.168.1.214192.168.2.4
                                                              Dec 3, 2024 13:57:07.087696075 CET49943445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:07.087831020 CET44549944192.168.1.215192.168.2.4
                                                              Dec 3, 2024 13:57:07.087877989 CET49944445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:07.088140011 CET44549945192.168.1.216192.168.2.4
                                                              Dec 3, 2024 13:57:07.088244915 CET49945445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:07.088397026 CET44549948192.168.1.219192.168.2.4
                                                              Dec 3, 2024 13:57:07.088447094 CET49948445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:07.088690042 CET44549947192.168.1.218192.168.2.4
                                                              Dec 3, 2024 13:57:07.088757992 CET49947445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:07.088948011 CET44549951192.168.1.222192.168.2.4
                                                              Dec 3, 2024 13:57:07.089003086 CET49951445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:07.089157104 CET44549949192.168.1.220192.168.2.4
                                                              Dec 3, 2024 13:57:07.089204073 CET49949445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:07.089469910 CET44549952192.168.1.223192.168.2.4
                                                              Dec 3, 2024 13:57:07.089514971 CET49952445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:07.089674950 CET44549936192.168.1.207192.168.2.4
                                                              Dec 3, 2024 13:57:07.089723110 CET49936445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:07.089987993 CET44549938192.168.1.209192.168.2.4
                                                              Dec 3, 2024 13:57:07.090080976 CET49938445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:07.090351105 CET44549942192.168.1.213192.168.2.4
                                                              Dec 3, 2024 13:57:07.090445995 CET49942445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:07.090727091 CET44549946192.168.1.217192.168.2.4
                                                              Dec 3, 2024 13:57:07.090816975 CET49946445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:07.091010094 CET44549950192.168.1.221192.168.2.4
                                                              Dec 3, 2024 13:57:07.091336012 CET49950445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:07.093590021 CET44549953192.168.1.224192.168.2.4
                                                              Dec 3, 2024 13:57:07.093641996 CET44549954192.168.1.225192.168.2.4
                                                              Dec 3, 2024 13:57:07.093645096 CET49953445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:07.093687057 CET49954445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:07.093991995 CET44549955192.168.1.226192.168.2.4
                                                              Dec 3, 2024 13:57:07.094002962 CET44549956192.168.1.227192.168.2.4
                                                              Dec 3, 2024 13:57:07.094038010 CET44549957192.168.1.228192.168.2.4
                                                              Dec 3, 2024 13:57:07.094043016 CET49955445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:07.094048977 CET44549958192.168.1.229192.168.2.4
                                                              Dec 3, 2024 13:57:07.094055891 CET49956445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:07.094089985 CET49957445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:07.094094038 CET49958445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:07.094206095 CET44549959192.168.1.230192.168.2.4
                                                              Dec 3, 2024 13:57:07.094217062 CET44549960192.168.1.231192.168.2.4
                                                              Dec 3, 2024 13:57:07.094227076 CET44549961192.168.1.232192.168.2.4
                                                              Dec 3, 2024 13:57:07.094235897 CET44549962192.168.1.233192.168.2.4
                                                              Dec 3, 2024 13:57:07.094244003 CET44549963192.168.1.234192.168.2.4
                                                              Dec 3, 2024 13:57:07.094258070 CET49959445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:07.094264030 CET49960445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:07.094293118 CET49961445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:07.094301939 CET49962445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:07.094316959 CET49963445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:07.094926119 CET44549964192.168.1.235192.168.2.4
                                                              Dec 3, 2024 13:57:07.095207930 CET44549975192.168.1.247192.168.2.4
                                                              Dec 3, 2024 13:57:07.095266104 CET49964445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:07.095278025 CET44549974192.168.1.245192.168.2.4
                                                              Dec 3, 2024 13:57:07.095290899 CET44549973192.168.1.244192.168.2.4
                                                              Dec 3, 2024 13:57:07.095300913 CET44549971192.168.1.242192.168.2.4
                                                              Dec 3, 2024 13:57:07.095326900 CET44549972192.168.1.243192.168.2.4
                                                              Dec 3, 2024 13:57:07.095454931 CET44549970192.168.1.241192.168.2.4
                                                              Dec 3, 2024 13:57:07.095475912 CET44549969192.168.1.240192.168.2.4
                                                              Dec 3, 2024 13:57:07.095488071 CET44549968192.168.1.239192.168.2.4
                                                              Dec 3, 2024 13:57:07.095578909 CET44549967192.168.1.238192.168.2.4
                                                              Dec 3, 2024 13:57:07.095606089 CET44549966192.168.1.237192.168.2.4
                                                              Dec 3, 2024 13:57:07.095669031 CET44549965192.168.1.236192.168.2.4
                                                              Dec 3, 2024 13:57:07.095678091 CET44549965192.168.1.236192.168.2.4
                                                              Dec 3, 2024 13:57:07.095716953 CET49965445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:07.096079111 CET44549966192.168.1.237192.168.2.4
                                                              Dec 3, 2024 13:57:07.096426964 CET44549967192.168.1.238192.168.2.4
                                                              Dec 3, 2024 13:57:07.096471071 CET49966445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:07.096491098 CET49967445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:07.096740961 CET44549969192.168.1.240192.168.2.4
                                                              Dec 3, 2024 13:57:07.097063065 CET44549968192.168.1.239192.168.2.4
                                                              Dec 3, 2024 13:57:07.097086906 CET49984445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:07.097110987 CET49969445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:07.097124100 CET49968445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:07.097337961 CET49985445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:07.097421885 CET44549970192.168.1.241192.168.2.4
                                                              Dec 3, 2024 13:57:07.097467899 CET49970445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:07.097547054 CET49986445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:07.097718954 CET44549972192.168.1.243192.168.2.4
                                                              Dec 3, 2024 13:57:07.097726107 CET49987445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:07.097765923 CET49972445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:07.097938061 CET49988445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:07.098001003 CET44549974192.168.1.245192.168.2.4
                                                              Dec 3, 2024 13:57:07.098050117 CET49974445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:07.098094940 CET49989445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:07.098248959 CET49990445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:07.098280907 CET44549973192.168.1.244192.168.2.4
                                                              Dec 3, 2024 13:57:07.098326921 CET49973445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:07.098436117 CET49991445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:07.098604918 CET49992445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:07.098764896 CET49993445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:07.098764896 CET44549971192.168.1.242192.168.2.4
                                                              Dec 3, 2024 13:57:07.098814011 CET49971445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:07.098956108 CET49994445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:07.099021912 CET44549975192.168.1.247192.168.2.4
                                                              Dec 3, 2024 13:57:07.099181890 CET49995445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:07.099205017 CET49975445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:07.099307060 CET44549983192.168.1.254192.168.2.4
                                                              Dec 3, 2024 13:57:07.099359035 CET44549982192.168.1.253192.168.2.4
                                                              Dec 3, 2024 13:57:07.099370003 CET44549981192.168.1.252192.168.2.4
                                                              Dec 3, 2024 13:57:07.099390030 CET44549980192.168.1.251192.168.2.4
                                                              Dec 3, 2024 13:57:07.099400043 CET44549979192.168.1.250192.168.2.4
                                                              Dec 3, 2024 13:57:07.099410057 CET44549978192.168.1.249192.168.2.4
                                                              Dec 3, 2024 13:57:07.099426985 CET44549977192.168.1.248192.168.2.4
                                                              Dec 3, 2024 13:57:07.099436998 CET44549976192.168.1.246192.168.2.4
                                                              Dec 3, 2024 13:57:07.099479914 CET49996445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:07.099654913 CET49997445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:07.099777937 CET44549976192.168.1.246192.168.2.4
                                                              Dec 3, 2024 13:57:07.099819899 CET49998445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:07.099838972 CET49976445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:07.100002050 CET49999445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:07.100136995 CET44549978192.168.1.249192.168.2.4
                                                              Dec 3, 2024 13:57:07.100177050 CET50000445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:07.100347042 CET50001445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:07.100353003 CET49978445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:07.100496054 CET44549977192.168.1.248192.168.2.4
                                                              Dec 3, 2024 13:57:07.100516081 CET50002445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:07.100543022 CET49977445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:07.100677967 CET50003445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:07.100833893 CET50004445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:07.100838900 CET44549981192.168.1.252192.168.2.4
                                                              Dec 3, 2024 13:57:07.101001024 CET50005445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:07.101027966 CET49981445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:07.101181030 CET50006445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:07.101197958 CET44549982192.168.1.253192.168.2.4
                                                              Dec 3, 2024 13:57:07.101243019 CET49982445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:07.101350069 CET50007445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:07.101505041 CET50008445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:07.101527929 CET44549980192.168.1.251192.168.2.4
                                                              Dec 3, 2024 13:57:07.101572990 CET49980445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:07.101707935 CET50009445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:07.101810932 CET44549979192.168.1.250192.168.2.4
                                                              Dec 3, 2024 13:57:07.101883888 CET50010445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:07.101912022 CET49979445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:07.101988077 CET44549983192.168.1.254192.168.2.4
                                                              Dec 3, 2024 13:57:07.102061987 CET50011445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:07.102153063 CET49983445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:07.102241993 CET50012445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:07.102395058 CET50013445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:07.102566004 CET50014445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:07.102832079 CET50015445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:07.103121996 CET50016445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:07.103750944 CET50018445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:07.103784084 CET50017445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:07.103981018 CET50019445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:07.104193926 CET50020445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:07.104648113 CET50021445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:07.104696035 CET50022445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:07.104892015 CET50023445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:07.105120897 CET50024445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:07.105381012 CET50025445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:07.105437994 CET50026445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:07.105593920 CET50027445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:07.105756044 CET50028445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:07.106089115 CET50030445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:07.106425047 CET50032445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:07.106445074 CET50029445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:07.106445074 CET50031445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:07.106662989 CET50033445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:07.106776953 CET50034445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:07.106983900 CET50035445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:07.107127905 CET50036445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:07.107301950 CET50037445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:07.107496977 CET50038445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:07.107682943 CET50039445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:07.107844114 CET50040445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:07.108016968 CET50041445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:07.108190060 CET50042445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:07.108791113 CET50043445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:07.109030008 CET50044445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:07.109227896 CET50045445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:07.109397888 CET50046445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:07.109580040 CET50047445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:07.109762907 CET50048445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:07.109937906 CET50049445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:07.110111952 CET50050445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:07.110290051 CET50051445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:07.110502005 CET50052445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:07.110675097 CET50053445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:07.110857010 CET50054445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:07.111020088 CET50055445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:07.111210108 CET50056445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:07.111557961 CET50057445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:07.111805916 CET50058445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:07.111999035 CET50059445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:07.112183094 CET50060445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:07.112370968 CET50061445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:07.112544060 CET50062445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:07.112715006 CET50063445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:07.113070965 CET50065445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:07.113153934 CET50064445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:07.113235950 CET50066445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:07.117991924 CET50067445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:07.118726969 CET50069445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:07.119205952 CET50068445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:07.119549990 CET50070445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:07.119834900 CET50071445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:07.120552063 CET50072445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:07.121597052 CET50073445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:07.122028112 CET50074445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:07.122518063 CET50075445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:07.122796059 CET50076445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:07.122993946 CET50077445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:07.123183012 CET50078445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:07.123389006 CET50079445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:07.123585939 CET50080445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:07.123760939 CET50081445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:07.123924971 CET50082445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:07.124106884 CET50083445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:07.124294043 CET50084445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:07.124475956 CET50085445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:07.125011921 CET50086445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:07.125220060 CET50087445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:07.125410080 CET50088445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:07.125587940 CET50089445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:07.125775099 CET50090445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:07.125943899 CET50091445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:07.126116037 CET50092445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:07.126296997 CET50093445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:07.126595974 CET50094445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:07.128391027 CET50095445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:07.128665924 CET50096445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:07.129103899 CET50097445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:07.129204988 CET50098445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:07.203516960 CET50099445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:07.204092026 CET50100445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:07.204782009 CET50102445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:07.204932928 CET50101445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:07.204996109 CET50103445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:07.205208063 CET50104445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:07.205521107 CET50105445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:07.205604076 CET50106445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:07.205797911 CET50107445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:07.205979109 CET50108445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:07.206604004 CET50109445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:07.206862926 CET50110445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:07.207048893 CET50111445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:07.207288027 CET50112445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:07.207431078 CET50113445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:07.207602024 CET50114445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:07.207776070 CET50115445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:07.208120108 CET50117445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:07.208499908 CET50118445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:07.208518028 CET50119445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:07.209177017 CET50121445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:07.209367037 CET50116445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:07.209367037 CET50120445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:07.209388018 CET50122445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:07.210015059 CET50123445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:07.210432053 CET50125445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:07.210597038 CET50126445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:07.210787058 CET50127445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:07.210988998 CET50128445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:07.211184025 CET50129445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:07.211359978 CET50130445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:07.211533070 CET50131445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:07.211704016 CET50132445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:07.211759090 CET50124445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:07.211877108 CET50133445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:07.212075949 CET50134445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:07.212255001 CET50135445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:07.212433100 CET50136445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:07.212596893 CET50137445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:07.212759972 CET50138445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:07.212934017 CET50139445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:07.213105917 CET50140445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:07.213285923 CET50141445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:07.213481903 CET50142445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:07.213656902 CET50143445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:07.214004040 CET50144445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:07.214461088 CET50146445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:07.214622974 CET50147445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:07.214854956 CET50148445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:07.215430975 CET50150445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:07.215631962 CET50151445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:07.215822935 CET50152445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:07.216010094 CET50145445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:07.216010094 CET50149445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:07.216010094 CET50153445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:07.216193914 CET50154445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:07.216366053 CET50155445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:07.216933966 CET50156445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:07.217298985 CET50158445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:07.217699051 CET50160445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:07.217870951 CET50161445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:07.218048096 CET50162445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:07.218228102 CET50163445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:07.218365908 CET50157445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:07.218369961 CET50159445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:07.218408108 CET50164445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:07.218578100 CET50165445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:07.218748093 CET50166445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:07.218945980 CET50167445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:07.219116926 CET50168445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:07.219278097 CET50169445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:07.219460011 CET50170445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:07.219640970 CET50171445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:07.219820023 CET50172445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:07.219984055 CET50173445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:07.220156908 CET50174445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:07.220330000 CET50175445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:07.223453045 CET44549984192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:07.223478079 CET44549985192.168.1.2192.168.2.4
                                                              Dec 3, 2024 13:57:07.223489046 CET44549986192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:57:07.223509073 CET44549987192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:57:07.223519087 CET44549988192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:57:07.223572016 CET49985445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:07.223575115 CET49984445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:07.223598957 CET44549989192.168.1.6192.168.2.4
                                                              Dec 3, 2024 13:57:07.223608971 CET44549990192.168.1.7192.168.2.4
                                                              Dec 3, 2024 13:57:07.223618984 CET44549991192.168.1.8192.168.2.4
                                                              Dec 3, 2024 13:57:07.223628998 CET49986445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:07.223629951 CET44549992192.168.1.9192.168.2.4
                                                              Dec 3, 2024 13:57:07.223639965 CET44549993192.168.1.10192.168.2.4
                                                              Dec 3, 2024 13:57:07.223642111 CET49987445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:07.223649025 CET44549994192.168.1.11192.168.2.4
                                                              Dec 3, 2024 13:57:07.223678112 CET49988445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:07.223694086 CET49989445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:07.223706007 CET49990445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:07.223706007 CET49991445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:07.223742962 CET49993445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:07.223917007 CET49992445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:07.224216938 CET49994445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:07.228090048 CET44549995192.168.1.12192.168.2.4
                                                              Dec 3, 2024 13:57:07.228112936 CET44549996192.168.1.13192.168.2.4
                                                              Dec 3, 2024 13:57:07.228123903 CET44549997192.168.1.14192.168.2.4
                                                              Dec 3, 2024 13:57:07.228174925 CET44549998192.168.1.15192.168.2.4
                                                              Dec 3, 2024 13:57:07.228179932 CET49995445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:07.228209972 CET49997445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:07.228214025 CET44549999192.168.1.16192.168.2.4
                                                              Dec 3, 2024 13:57:07.228224993 CET44550000192.168.1.17192.168.2.4
                                                              Dec 3, 2024 13:57:07.228235006 CET44550001192.168.1.18192.168.2.4
                                                              Dec 3, 2024 13:57:07.228236914 CET49998445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:07.228255987 CET44550002192.168.1.19192.168.2.4
                                                              Dec 3, 2024 13:57:07.228266001 CET44550003192.168.1.20192.168.2.4
                                                              Dec 3, 2024 13:57:07.228270054 CET49999445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:07.228280067 CET50000445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:07.228300095 CET44550004192.168.1.21192.168.2.4
                                                              Dec 3, 2024 13:57:07.228311062 CET44550005192.168.1.22192.168.2.4
                                                              Dec 3, 2024 13:57:07.228327990 CET50002445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:07.228327036 CET50001445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:07.228351116 CET50003445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:07.228362083 CET44550006192.168.1.23192.168.2.4
                                                              Dec 3, 2024 13:57:07.228372097 CET44550007192.168.1.24192.168.2.4
                                                              Dec 3, 2024 13:57:07.228375912 CET50004445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:07.228383064 CET44550008192.168.1.25192.168.2.4
                                                              Dec 3, 2024 13:57:07.228387117 CET50005445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:07.228411913 CET50006445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:07.228415966 CET44550009192.168.1.26192.168.2.4
                                                              Dec 3, 2024 13:57:07.228426933 CET44550010192.168.1.27192.168.2.4
                                                              Dec 3, 2024 13:57:07.228437901 CET44550011192.168.1.28192.168.2.4
                                                              Dec 3, 2024 13:57:07.228441000 CET50008445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:07.228445053 CET50007445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:07.228473902 CET50009445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:07.228502989 CET50010445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:07.228508949 CET50011445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:07.229187012 CET44550012192.168.1.29192.168.2.4
                                                              Dec 3, 2024 13:57:07.229223013 CET44550013192.168.1.30192.168.2.4
                                                              Dec 3, 2024 13:57:07.229232073 CET50012445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:07.229263067 CET44550014192.168.1.31192.168.2.4
                                                              Dec 3, 2024 13:57:07.229264975 CET50013445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:07.229274035 CET44550015192.168.1.32192.168.2.4
                                                              Dec 3, 2024 13:57:07.229302883 CET50014445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:07.229334116 CET50015445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:07.229413986 CET44550016192.168.1.33192.168.2.4
                                                              Dec 3, 2024 13:57:07.229424000 CET44550018192.168.1.35192.168.2.4
                                                              Dec 3, 2024 13:57:07.229433060 CET44550017192.168.1.34192.168.2.4
                                                              Dec 3, 2024 13:57:07.229441881 CET44550019192.168.1.36192.168.2.4
                                                              Dec 3, 2024 13:57:07.229453087 CET44550020192.168.1.37192.168.2.4
                                                              Dec 3, 2024 13:57:07.229461908 CET44550021192.168.1.38192.168.2.4
                                                              Dec 3, 2024 13:57:07.229470968 CET50016445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:07.229473114 CET44550022192.168.1.39192.168.2.4
                                                              Dec 3, 2024 13:57:07.229481936 CET44550023192.168.1.40192.168.2.4
                                                              Dec 3, 2024 13:57:07.229490042 CET50018445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:07.229490995 CET44550024192.168.1.41192.168.2.4
                                                              Dec 3, 2024 13:57:07.229501009 CET44550025192.168.1.42192.168.2.4
                                                              Dec 3, 2024 13:57:07.229510069 CET44550026192.168.1.43192.168.2.4
                                                              Dec 3, 2024 13:57:07.229518890 CET44550027192.168.1.44192.168.2.4
                                                              Dec 3, 2024 13:57:07.229526997 CET44550028192.168.1.45192.168.2.4
                                                              Dec 3, 2024 13:57:07.229537010 CET44550030192.168.1.47192.168.2.4
                                                              Dec 3, 2024 13:57:07.229538918 CET49996445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:07.229538918 CET50017445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:07.229551077 CET50020445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:07.229552031 CET50019445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:07.229554892 CET44550032192.168.1.49192.168.2.4
                                                              Dec 3, 2024 13:57:07.229559898 CET50022445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:07.229564905 CET44550029192.168.1.46192.168.2.4
                                                              Dec 3, 2024 13:57:07.229574919 CET44550031192.168.1.48192.168.2.4
                                                              Dec 3, 2024 13:57:07.229585886 CET44550033192.168.1.50192.168.2.4
                                                              Dec 3, 2024 13:57:07.229589939 CET44550034192.168.1.51192.168.2.4
                                                              Dec 3, 2024 13:57:07.229602098 CET44550035192.168.1.52192.168.2.4
                                                              Dec 3, 2024 13:57:07.229619980 CET44550036192.168.1.53192.168.2.4
                                                              Dec 3, 2024 13:57:07.229629993 CET44550037192.168.1.54192.168.2.4
                                                              Dec 3, 2024 13:57:07.229638100 CET50024445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:07.229640007 CET50023445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:07.229641914 CET50021445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:07.229641914 CET50025445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:07.229646921 CET50026445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:07.229649067 CET50027445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:07.229655027 CET50028445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:07.229671955 CET50030445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:07.229696989 CET44550038192.168.1.55192.168.2.4
                                                              Dec 3, 2024 13:57:07.229707003 CET44550039192.168.1.56192.168.2.4
                                                              Dec 3, 2024 13:57:07.229716063 CET44550040192.168.1.57192.168.2.4
                                                              Dec 3, 2024 13:57:07.229726076 CET44550041192.168.1.58192.168.2.4
                                                              Dec 3, 2024 13:57:07.229737043 CET44550042192.168.1.59192.168.2.4
                                                              Dec 3, 2024 13:57:07.229742050 CET44550043192.168.1.60192.168.2.4
                                                              Dec 3, 2024 13:57:07.229759932 CET50032445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:07.229785919 CET50033445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:07.229787111 CET50034445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:07.229789019 CET44550044192.168.1.61192.168.2.4
                                                              Dec 3, 2024 13:57:07.229795933 CET50035445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:07.229799986 CET50037445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:07.229800940 CET44550045192.168.1.62192.168.2.4
                                                              Dec 3, 2024 13:57:07.229803085 CET50036445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:07.229888916 CET50038445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:07.229901075 CET50041445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:07.229902029 CET50039445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:07.229902029 CET50040445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:07.229914904 CET50042445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:07.229916096 CET50043445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:07.229917049 CET50044445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:07.230117083 CET50045445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:07.230119944 CET50031445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:07.230119944 CET50029445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:07.230154037 CET44550046192.168.1.63192.168.2.4
                                                              Dec 3, 2024 13:57:07.230185986 CET44550047192.168.1.64192.168.2.4
                                                              Dec 3, 2024 13:57:07.230195045 CET44550048192.168.1.65192.168.2.4
                                                              Dec 3, 2024 13:57:07.230206013 CET50046445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:07.230243921 CET50048445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:07.230251074 CET50047445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:07.230341911 CET44550049192.168.1.66192.168.2.4
                                                              Dec 3, 2024 13:57:07.230353117 CET44550050192.168.1.67192.168.2.4
                                                              Dec 3, 2024 13:57:07.230361938 CET44550051192.168.1.68192.168.2.4
                                                              Dec 3, 2024 13:57:07.230390072 CET50049445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:07.230431080 CET50050445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:07.230962038 CET44550052192.168.1.69192.168.2.4
                                                              Dec 3, 2024 13:57:07.230972052 CET44550053192.168.1.70192.168.2.4
                                                              Dec 3, 2024 13:57:07.230981112 CET44550054192.168.1.71192.168.2.4
                                                              Dec 3, 2024 13:57:07.230992079 CET44550055192.168.1.72192.168.2.4
                                                              Dec 3, 2024 13:57:07.230992079 CET50051445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:07.231017113 CET50052445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:07.231041908 CET44550056192.168.1.73192.168.2.4
                                                              Dec 3, 2024 13:57:07.231055021 CET50053445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:07.231055975 CET50054445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:07.231062889 CET50055445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:07.231086016 CET50056445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:07.231441975 CET44550057192.168.1.74192.168.2.4
                                                              Dec 3, 2024 13:57:07.231620073 CET44550058192.168.1.75192.168.2.4
                                                              Dec 3, 2024 13:57:07.231673956 CET50058445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:07.231677055 CET50057445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:07.232316017 CET44550059192.168.1.76192.168.2.4
                                                              Dec 3, 2024 13:57:07.232326984 CET44550060192.168.1.77192.168.2.4
                                                              Dec 3, 2024 13:57:07.232343912 CET44550061192.168.1.78192.168.2.4
                                                              Dec 3, 2024 13:57:07.232363939 CET44550062192.168.1.79192.168.2.4
                                                              Dec 3, 2024 13:57:07.232369900 CET50059445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:07.232384920 CET50060445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:07.232397079 CET50061445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:07.232420921 CET50062445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:07.233875990 CET44550063192.168.1.80192.168.2.4
                                                              Dec 3, 2024 13:57:07.233896017 CET44550065192.168.1.82192.168.2.4
                                                              Dec 3, 2024 13:57:07.233906031 CET44550064192.168.1.81192.168.2.4
                                                              Dec 3, 2024 13:57:07.233916044 CET44550066192.168.1.83192.168.2.4
                                                              Dec 3, 2024 13:57:07.233947992 CET50063445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:07.233984947 CET50065445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:07.234532118 CET50064445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:07.236376047 CET50066445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:07.236855030 CET49985445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:07.236958981 CET49986445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:07.237056971 CET49987445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:07.237227917 CET49989445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:07.237308979 CET49990445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:07.237394094 CET49991445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:07.237477064 CET49984445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:07.237477064 CET49988445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:07.237477064 CET49992445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:07.237560034 CET49993445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:07.237641096 CET49994445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:07.237721920 CET49995445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:07.238162041 CET44550067192.168.1.84192.168.2.4
                                                              Dec 3, 2024 13:57:07.238229036 CET50067445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:07.243151903 CET49997445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:07.243204117 CET49996445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:07.243257046 CET49998445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:07.243331909 CET49999445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:07.243437052 CET50000445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:07.243515015 CET50001445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:07.243599892 CET50002445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:07.243719101 CET50003445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:07.250933886 CET50004445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:07.251100063 CET50005445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:07.251132011 CET50006445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:07.251198053 CET50008445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:07.251322031 CET50009445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:07.251394033 CET50011445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:07.252598047 CET50012445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:07.252744913 CET50013445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:07.252835035 CET50014445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:07.252913952 CET50015445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:07.253006935 CET50016445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:07.253087997 CET50018445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:07.253196001 CET50017445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:07.253242016 CET50019445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:07.253351927 CET50020445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:07.253453970 CET50021445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:07.253508091 CET50022445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:07.255764008 CET50010445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:07.255830050 CET50023445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:07.255891085 CET50024445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:07.255995989 CET50025445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:07.256048918 CET50026445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:07.259985924 CET50027445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:07.260083914 CET50028445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:07.260150909 CET50030445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:07.260267019 CET50032445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:07.260305882 CET50029445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:07.260385990 CET50031445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:07.260390997 CET50033445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:07.264116049 CET50034445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:07.264218092 CET50035445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:07.264282942 CET50036445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:07.264341116 CET50007445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:07.264417887 CET50037445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:07.264476061 CET50038445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:07.264538050 CET50039445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:07.264590025 CET50040445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:07.264652967 CET50041445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:07.268439054 CET50042445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:07.268516064 CET50043445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:07.268589973 CET50044445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:07.268641949 CET50045445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:07.268701077 CET50046445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:07.268755913 CET50047445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:07.268821955 CET50048445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:07.268884897 CET50049445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:07.268942118 CET50050445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:07.272336006 CET50051445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:07.272419930 CET50052445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:07.272478104 CET50053445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:07.272540092 CET50054445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:07.272595882 CET50055445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:07.272655964 CET50056445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:07.272707939 CET50057445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:07.272774935 CET50058445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:07.272860050 CET50059445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:07.272918940 CET50060445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:07.276681900 CET50061445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:07.276792049 CET50062445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:07.276851892 CET50063445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:07.276920080 CET50065445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:07.276989937 CET50064445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:07.277036905 CET50066445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:07.277086020 CET50067445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:07.281488895 CET50176445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:07.285739899 CET50177445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:07.285923958 CET50178445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:07.290086985 CET50179445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:07.290361881 CET50180445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:07.292232990 CET44550069192.168.1.86192.168.2.4
                                                              Dec 3, 2024 13:57:07.292248964 CET44550068192.168.1.85192.168.2.4
                                                              Dec 3, 2024 13:57:07.292258978 CET44550070192.168.1.87192.168.2.4
                                                              Dec 3, 2024 13:57:07.292342901 CET50069445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:07.292366982 CET44550071192.168.1.88192.168.2.4
                                                              Dec 3, 2024 13:57:07.292377949 CET44550072192.168.1.89192.168.2.4
                                                              Dec 3, 2024 13:57:07.292387962 CET44550073192.168.1.90192.168.2.4
                                                              Dec 3, 2024 13:57:07.292387009 CET50070445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:07.292397976 CET44550074192.168.1.91192.168.2.4
                                                              Dec 3, 2024 13:57:07.292407990 CET44550075192.168.1.92192.168.2.4
                                                              Dec 3, 2024 13:57:07.292412996 CET50068445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:07.292416096 CET50071445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:07.292418957 CET44550076192.168.1.93192.168.2.4
                                                              Dec 3, 2024 13:57:07.292429924 CET44550077192.168.1.94192.168.2.4
                                                              Dec 3, 2024 13:57:07.292439938 CET44550078192.168.1.95192.168.2.4
                                                              Dec 3, 2024 13:57:07.292448997 CET44550079192.168.1.96192.168.2.4
                                                              Dec 3, 2024 13:57:07.292459011 CET44550080192.168.1.97192.168.2.4
                                                              Dec 3, 2024 13:57:07.292474031 CET50072445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:07.292483091 CET50074445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:07.292483091 CET50073445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:07.292517900 CET44550081192.168.1.98192.168.2.4
                                                              Dec 3, 2024 13:57:07.292531013 CET44550082192.168.1.99192.168.2.4
                                                              Dec 3, 2024 13:57:07.292540073 CET44550083192.168.1.100192.168.2.4
                                                              Dec 3, 2024 13:57:07.292548895 CET44550084192.168.1.101192.168.2.4
                                                              Dec 3, 2024 13:57:07.292557955 CET44550085192.168.1.102192.168.2.4
                                                              Dec 3, 2024 13:57:07.292567015 CET44550086192.168.1.103192.168.2.4
                                                              Dec 3, 2024 13:57:07.292577028 CET44550087192.168.1.104192.168.2.4
                                                              Dec 3, 2024 13:57:07.292577028 CET50075445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:07.292579889 CET50077445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:07.292582035 CET50076445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:07.292587042 CET44550088192.168.1.105192.168.2.4
                                                              Dec 3, 2024 13:57:07.292587042 CET50078445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:07.292598963 CET50079445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:07.292613983 CET50080445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:07.292687893 CET50081445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:07.292695045 CET44550089192.168.1.106192.168.2.4
                                                              Dec 3, 2024 13:57:07.292697906 CET50083445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:07.292700052 CET50082445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:07.292706966 CET44550090192.168.1.107192.168.2.4
                                                              Dec 3, 2024 13:57:07.292712927 CET50085445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:07.292714119 CET50084445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:07.292717934 CET44550091192.168.1.108192.168.2.4
                                                              Dec 3, 2024 13:57:07.292722940 CET50086445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:07.292722940 CET50087445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:07.292727947 CET50088445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:07.292728901 CET44550092192.168.1.109192.168.2.4
                                                              Dec 3, 2024 13:57:07.292738914 CET44550093192.168.1.110192.168.2.4
                                                              Dec 3, 2024 13:57:07.292748928 CET44550094192.168.1.111192.168.2.4
                                                              Dec 3, 2024 13:57:07.292757034 CET44550095192.168.1.112192.168.2.4
                                                              Dec 3, 2024 13:57:07.292766094 CET44550096192.168.1.113192.168.2.4
                                                              Dec 3, 2024 13:57:07.292778015 CET50089445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:07.292778969 CET44550097192.168.1.114192.168.2.4
                                                              Dec 3, 2024 13:57:07.292782068 CET50090445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:07.292785883 CET50091445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:07.292790890 CET44550098192.168.1.115192.168.2.4
                                                              Dec 3, 2024 13:57:07.292843103 CET50093445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:07.292843103 CET50092445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:07.292851925 CET50095445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:07.292854071 CET50094445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:07.292896986 CET50096445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:07.292898893 CET50098445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:07.292898893 CET50097445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:07.294645071 CET50068445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:07.294773102 CET50070445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:07.294864893 CET50071445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:07.294945955 CET50072445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:07.295027018 CET50073445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:07.298947096 CET50074445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:07.299069881 CET50075445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:07.299201012 CET50076445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:07.299274921 CET50077445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:07.299354076 CET50078445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:07.303488016 CET50079445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:07.303620100 CET50080445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:07.307423115 CET50081445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:07.307775021 CET50082445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:07.307929993 CET50083445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:07.308068991 CET50084445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:07.312213898 CET50085445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:07.312397957 CET50086445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:07.312535048 CET50087445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:07.316617012 CET50088445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:07.316757917 CET50089445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:07.320724964 CET50090445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:07.320859909 CET50091445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:07.321054935 CET50092445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:07.325021982 CET44550099192.168.1.116192.168.2.4
                                                              Dec 3, 2024 13:57:07.325118065 CET50099445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:07.325258017 CET50093445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:07.325352907 CET44550100192.168.1.117192.168.2.4
                                                              Dec 3, 2024 13:57:07.325401068 CET50100445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:07.325999975 CET44550102192.168.1.119192.168.2.4
                                                              Dec 3, 2024 13:57:07.326169014 CET44550101192.168.1.118192.168.2.4
                                                              Dec 3, 2024 13:57:07.326178074 CET44550103192.168.1.120192.168.2.4
                                                              Dec 3, 2024 13:57:07.326241016 CET50102445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:07.326309919 CET44550104192.168.1.121192.168.2.4
                                                              Dec 3, 2024 13:57:07.326343060 CET50103445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:07.326354027 CET50101445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:07.326363087 CET50104445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:07.326664925 CET44550105192.168.1.122192.168.2.4
                                                              Dec 3, 2024 13:57:07.326831102 CET44550106192.168.1.123192.168.2.4
                                                              Dec 3, 2024 13:57:07.326906919 CET50105445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:07.326996088 CET44550107192.168.1.124192.168.2.4
                                                              Dec 3, 2024 13:57:07.327025890 CET50106445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:07.327048063 CET50107445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:07.327176094 CET44550108192.168.1.125192.168.2.4
                                                              Dec 3, 2024 13:57:07.327223063 CET50108445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:07.327862978 CET44550109192.168.1.126192.168.2.4
                                                              Dec 3, 2024 13:57:07.327970028 CET50109445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:07.328192949 CET44550110192.168.1.127192.168.2.4
                                                              Dec 3, 2024 13:57:07.328361034 CET44550111192.168.1.128192.168.2.4
                                                              Dec 3, 2024 13:57:07.328409910 CET50110445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:07.328411102 CET50111445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:07.328514099 CET44550112192.168.1.129192.168.2.4
                                                              Dec 3, 2024 13:57:07.328562975 CET50112445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:07.328679085 CET44550113192.168.1.130192.168.2.4
                                                              Dec 3, 2024 13:57:07.328727007 CET50113445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:07.328835964 CET44550114192.168.1.131192.168.2.4
                                                              Dec 3, 2024 13:57:07.328882933 CET50114445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:07.329063892 CET44550115192.168.1.132192.168.2.4
                                                              Dec 3, 2024 13:57:07.329112053 CET50115445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:07.329405069 CET44550117192.168.1.134192.168.2.4
                                                              Dec 3, 2024 13:57:07.329488039 CET50117445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:07.329602957 CET50094445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:07.329901934 CET44550118192.168.1.135192.168.2.4
                                                              Dec 3, 2024 13:57:07.329915047 CET44550119192.168.1.136192.168.2.4
                                                              Dec 3, 2024 13:57:07.329967976 CET50118445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:07.329983950 CET50119445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:07.330064058 CET50095445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:07.330600023 CET44550121192.168.1.138192.168.2.4
                                                              Dec 3, 2024 13:57:07.330749035 CET44550116192.168.1.133192.168.2.4
                                                              Dec 3, 2024 13:57:07.330759048 CET44550120192.168.1.137192.168.2.4
                                                              Dec 3, 2024 13:57:07.330769062 CET44550122192.168.1.139192.168.2.4
                                                              Dec 3, 2024 13:57:07.330809116 CET50121445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:07.330847979 CET50120445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:07.330847979 CET50116445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:07.331340075 CET44550123192.168.1.140192.168.2.4
                                                              Dec 3, 2024 13:57:07.331365108 CET50122445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:07.331387997 CET50123445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:07.331649065 CET44550125192.168.1.142192.168.2.4
                                                              Dec 3, 2024 13:57:07.331696033 CET50125445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:07.331955910 CET44550126192.168.1.143192.168.2.4
                                                              Dec 3, 2024 13:57:07.332056999 CET44550127192.168.1.144192.168.2.4
                                                              Dec 3, 2024 13:57:07.332108021 CET50126445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:07.332182884 CET44550128192.168.1.145192.168.2.4
                                                              Dec 3, 2024 13:57:07.332211971 CET50127445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:07.332235098 CET50128445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:07.332367897 CET44550129192.168.1.146192.168.2.4
                                                              Dec 3, 2024 13:57:07.332524061 CET44550130192.168.1.147192.168.2.4
                                                              Dec 3, 2024 13:57:07.332582951 CET50129445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:07.332690001 CET44550131192.168.1.148192.168.2.4
                                                              Dec 3, 2024 13:57:07.332715034 CET50130445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:07.332739115 CET50131445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:07.332930088 CET44550132192.168.1.149192.168.2.4
                                                              Dec 3, 2024 13:57:07.332941055 CET44550124192.168.1.141192.168.2.4
                                                              Dec 3, 2024 13:57:07.332987070 CET50132445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:07.333144903 CET44550133192.168.1.150192.168.2.4
                                                              Dec 3, 2024 13:57:07.333156109 CET44550134192.168.1.151192.168.2.4
                                                              Dec 3, 2024 13:57:07.333164930 CET44550135192.168.1.152192.168.2.4
                                                              Dec 3, 2024 13:57:07.333177090 CET44550136192.168.1.153192.168.2.4
                                                              Dec 3, 2024 13:57:07.333187103 CET44550137192.168.1.154192.168.2.4
                                                              Dec 3, 2024 13:57:07.333200932 CET44550138192.168.1.155192.168.2.4
                                                              Dec 3, 2024 13:57:07.333203077 CET50133445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:07.333204985 CET50134445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:07.333209038 CET50124445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:07.333210945 CET44550139192.168.1.156192.168.2.4
                                                              Dec 3, 2024 13:57:07.333230972 CET50135445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:07.333230972 CET44550140192.168.1.157192.168.2.4
                                                              Dec 3, 2024 13:57:07.333237886 CET50136445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:07.333271027 CET50137445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:07.333281040 CET50138445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:07.333281040 CET50139445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:07.333306074 CET50140445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:07.333337069 CET44550141192.168.1.158192.168.2.4
                                                              Dec 3, 2024 13:57:07.333556890 CET44550142192.168.1.159192.168.2.4
                                                              Dec 3, 2024 13:57:07.333607912 CET50141445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:07.333816051 CET44550143192.168.1.160192.168.2.4
                                                              Dec 3, 2024 13:57:07.333847046 CET50142445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:07.333869934 CET50143445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:07.334167957 CET44550144192.168.1.161192.168.2.4
                                                              Dec 3, 2024 13:57:07.334217072 CET50144445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:07.334420919 CET50096445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:07.334631920 CET50097445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:07.334729910 CET44550146192.168.1.163192.168.2.4
                                                              Dec 3, 2024 13:57:07.334731102 CET50098445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:07.334789991 CET44550147192.168.1.164192.168.2.4
                                                              Dec 3, 2024 13:57:07.334803104 CET50069445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:07.334882975 CET50146445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:07.334928989 CET50147445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:07.335005045 CET50099445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:07.335026026 CET44550148192.168.1.165192.168.2.4
                                                              Dec 3, 2024 13:57:07.335073948 CET50148445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:07.335158110 CET50100445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:07.335586071 CET44550150192.168.1.167192.168.2.4
                                                              Dec 3, 2024 13:57:07.335736036 CET44550151192.168.1.168192.168.2.4
                                                              Dec 3, 2024 13:57:07.335793018 CET50150445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:07.336031914 CET44550152192.168.1.169192.168.2.4
                                                              Dec 3, 2024 13:57:07.336061954 CET50151445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:07.336077929 CET50152445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:07.336324930 CET44550145192.168.1.162192.168.2.4
                                                              Dec 3, 2024 13:57:07.336381912 CET44550149192.168.1.166192.168.2.4
                                                              Dec 3, 2024 13:57:07.336393118 CET44550153192.168.1.170192.168.2.4
                                                              Dec 3, 2024 13:57:07.336431026 CET44550154192.168.1.171192.168.2.4
                                                              Dec 3, 2024 13:57:07.336436987 CET50145445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:07.336478949 CET50153445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:07.336478949 CET50149445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:07.336496115 CET50154445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:07.336663961 CET44550155192.168.1.172192.168.2.4
                                                              Dec 3, 2024 13:57:07.337295055 CET44550156192.168.1.173192.168.2.4
                                                              Dec 3, 2024 13:57:07.337347984 CET50155445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:07.337709904 CET44550158192.168.1.175192.168.2.4
                                                              Dec 3, 2024 13:57:07.337739944 CET50156445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:07.337758064 CET50158445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:07.338252068 CET44550160192.168.1.177192.168.2.4
                                                              Dec 3, 2024 13:57:07.338385105 CET44550161192.168.1.178192.168.2.4
                                                              Dec 3, 2024 13:57:07.338387966 CET50160445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:07.338430882 CET50161445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:07.338577986 CET44550162192.168.1.179192.168.2.4
                                                              Dec 3, 2024 13:57:07.338623047 CET50162445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:07.338795900 CET44550163192.168.1.180192.168.2.4
                                                              Dec 3, 2024 13:57:07.338841915 CET50163445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:07.339006901 CET44550157192.168.1.174192.168.2.4
                                                              Dec 3, 2024 13:57:07.339016914 CET44550159192.168.1.176192.168.2.4
                                                              Dec 3, 2024 13:57:07.339025974 CET44550164192.168.1.181192.168.2.4
                                                              Dec 3, 2024 13:57:07.339085102 CET50164445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:07.339090109 CET50157445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:07.339090109 CET50159445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:07.339253902 CET44550165192.168.1.182192.168.2.4
                                                              Dec 3, 2024 13:57:07.339365959 CET44550166192.168.1.183192.168.2.4
                                                              Dec 3, 2024 13:57:07.339427948 CET50165445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:07.339596033 CET44550167192.168.1.184192.168.2.4
                                                              Dec 3, 2024 13:57:07.339627028 CET50166445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:07.339646101 CET50167445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:07.339766026 CET50102445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:07.339839935 CET44550168192.168.1.185192.168.2.4
                                                              Dec 3, 2024 13:57:07.339955091 CET50101445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:07.339956045 CET50168445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:07.340122938 CET44550169192.168.1.186192.168.2.4
                                                              Dec 3, 2024 13:57:07.340179920 CET50169445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:07.340332031 CET44550170192.168.1.187192.168.2.4
                                                              Dec 3, 2024 13:57:07.340382099 CET50170445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:07.340555906 CET44550171192.168.1.188192.168.2.4
                                                              Dec 3, 2024 13:57:07.340862036 CET44550172192.168.1.189192.168.2.4
                                                              Dec 3, 2024 13:57:07.340913057 CET50171445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:07.341089964 CET44550173192.168.1.190192.168.2.4
                                                              Dec 3, 2024 13:57:07.341115952 CET50172445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:07.341136932 CET50173445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:07.341221094 CET44550174192.168.1.191192.168.2.4
                                                              Dec 3, 2024 13:57:07.341402054 CET50174445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:07.341528893 CET44550175192.168.1.192192.168.2.4
                                                              Dec 3, 2024 13:57:07.343960047 CET50175445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:07.344011068 CET50103445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:07.344132900 CET50104445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:07.344315052 CET50105445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:07.348174095 CET50106445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:07.348493099 CET50107445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:07.352456093 CET50108445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:07.352684021 CET50109445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:07.352817059 CET50110445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:07.352894068 CET50111445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:07.357197046 CET50112445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:07.357279062 CET50113445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:07.357369900 CET50114445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:07.359180927 CET44549995192.168.1.12192.168.2.4
                                                              Dec 3, 2024 13:57:07.359191895 CET44549994192.168.1.11192.168.2.4
                                                              Dec 3, 2024 13:57:07.359203100 CET44549993192.168.1.10192.168.2.4
                                                              Dec 3, 2024 13:57:07.359214067 CET44549992192.168.1.9192.168.2.4
                                                              Dec 3, 2024 13:57:07.359270096 CET44549988192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:57:07.359280109 CET44549984192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:07.359289885 CET44549991192.168.1.8192.168.2.4
                                                              Dec 3, 2024 13:57:07.359298944 CET44549990192.168.1.7192.168.2.4
                                                              Dec 3, 2024 13:57:07.359308004 CET44549989192.168.1.6192.168.2.4
                                                              Dec 3, 2024 13:57:07.359317064 CET44549987192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:57:07.359323025 CET44549986192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:57:07.359352112 CET44549985192.168.1.2192.168.2.4
                                                              Dec 3, 2024 13:57:07.361025095 CET44549985192.168.1.2192.168.2.4
                                                              Dec 3, 2024 13:57:07.361083984 CET44549986192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:57:07.361093998 CET44549987192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:57:07.361102104 CET44549989192.168.1.6192.168.2.4
                                                              Dec 3, 2024 13:57:07.361114979 CET44549990192.168.1.7192.168.2.4
                                                              Dec 3, 2024 13:57:07.361135960 CET49985445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:07.361150026 CET49986445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:07.361159086 CET44549991192.168.1.8192.168.2.4
                                                              Dec 3, 2024 13:57:07.361162901 CET49987445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:57:07.361171007 CET44549984192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:07.361186028 CET49989445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:57:07.361190081 CET49990445192.168.2.4192.168.1.7
                                                              Dec 3, 2024 13:57:07.361206055 CET49991445192.168.2.4192.168.1.8
                                                              Dec 3, 2024 13:57:07.361219883 CET49984445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:07.361229897 CET44549988192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:57:07.361239910 CET44549992192.168.1.9192.168.2.4
                                                              Dec 3, 2024 13:57:07.361251116 CET44549993192.168.1.10192.168.2.4
                                                              Dec 3, 2024 13:57:07.361273050 CET44549994192.168.1.11192.168.2.4
                                                              Dec 3, 2024 13:57:07.361280918 CET44549995192.168.1.12192.168.2.4
                                                              Dec 3, 2024 13:57:07.361284018 CET49988445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:57:07.361284018 CET49992445192.168.2.4192.168.1.9
                                                              Dec 3, 2024 13:57:07.361320019 CET49993445192.168.2.4192.168.1.10
                                                              Dec 3, 2024 13:57:07.361335993 CET49994445192.168.2.4192.168.1.11
                                                              Dec 3, 2024 13:57:07.361337900 CET49995445192.168.2.4192.168.1.12
                                                              Dec 3, 2024 13:57:07.361735106 CET50115445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:07.361857891 CET50117445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:07.361983061 CET50118445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:07.362051010 CET50119445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:07.362134933 CET50121445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:07.366265059 CET50116445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:07.366405964 CET50120445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:07.370670080 CET50122445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:07.370767117 CET50123445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:07.374825954 CET50125445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:07.374978065 CET50126445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:07.375173092 CET50127445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:07.378989935 CET50128445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:07.379168987 CET50129445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:07.379302025 CET50130445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:07.379416943 CET50131445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:07.412307024 CET44549997192.168.1.14192.168.2.4
                                                              Dec 3, 2024 13:57:07.412332058 CET44549996192.168.1.13192.168.2.4
                                                              Dec 3, 2024 13:57:07.412342072 CET44549998192.168.1.15192.168.2.4
                                                              Dec 3, 2024 13:57:07.412354946 CET44549999192.168.1.16192.168.2.4
                                                              Dec 3, 2024 13:57:07.412395000 CET50132445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:07.412398100 CET44550000192.168.1.17192.168.2.4
                                                              Dec 3, 2024 13:57:07.412410021 CET44550001192.168.1.18192.168.2.4
                                                              Dec 3, 2024 13:57:07.412424088 CET49997445192.168.2.4192.168.1.14
                                                              Dec 3, 2024 13:57:07.412425041 CET49996445192.168.2.4192.168.1.13
                                                              Dec 3, 2024 13:57:07.412430048 CET44550002192.168.1.19192.168.2.4
                                                              Dec 3, 2024 13:57:07.412441015 CET44550003192.168.1.20192.168.2.4
                                                              Dec 3, 2024 13:57:07.412446022 CET49998445192.168.2.4192.168.1.15
                                                              Dec 3, 2024 13:57:07.412455082 CET44550004192.168.1.21192.168.2.4
                                                              Dec 3, 2024 13:57:07.412472963 CET44550005192.168.1.22192.168.2.4
                                                              Dec 3, 2024 13:57:07.412476063 CET49999445192.168.2.4192.168.1.16
                                                              Dec 3, 2024 13:57:07.412488937 CET50000445192.168.2.4192.168.1.17
                                                              Dec 3, 2024 13:57:07.412504911 CET50001445192.168.2.4192.168.1.18
                                                              Dec 3, 2024 13:57:07.412513971 CET50002445192.168.2.4192.168.1.19
                                                              Dec 3, 2024 13:57:07.412547112 CET50003445192.168.2.4192.168.1.20
                                                              Dec 3, 2024 13:57:07.412558079 CET50004445192.168.2.4192.168.1.21
                                                              Dec 3, 2024 13:57:07.412565947 CET44550006192.168.1.23192.168.2.4
                                                              Dec 3, 2024 13:57:07.412578106 CET44550008192.168.1.25192.168.2.4
                                                              Dec 3, 2024 13:57:07.412578106 CET50005445192.168.2.4192.168.1.22
                                                              Dec 3, 2024 13:57:07.412587881 CET44550009192.168.1.26192.168.2.4
                                                              Dec 3, 2024 13:57:07.412630081 CET50006445192.168.2.4192.168.1.23
                                                              Dec 3, 2024 13:57:07.412658930 CET50008445192.168.2.4192.168.1.25
                                                              Dec 3, 2024 13:57:07.412671089 CET50009445192.168.2.4192.168.1.26
                                                              Dec 3, 2024 13:57:07.412689924 CET44550011192.168.1.28192.168.2.4
                                                              Dec 3, 2024 13:57:07.412700891 CET44550012192.168.1.29192.168.2.4
                                                              Dec 3, 2024 13:57:07.412709951 CET44550013192.168.1.30192.168.2.4
                                                              Dec 3, 2024 13:57:07.412718058 CET44550014192.168.1.31192.168.2.4
                                                              Dec 3, 2024 13:57:07.412723064 CET44550015192.168.1.32192.168.2.4
                                                              Dec 3, 2024 13:57:07.412733078 CET44550016192.168.1.33192.168.2.4
                                                              Dec 3, 2024 13:57:07.412741899 CET44550018192.168.1.35192.168.2.4
                                                              Dec 3, 2024 13:57:07.412743092 CET50011445192.168.2.4192.168.1.28
                                                              Dec 3, 2024 13:57:07.412753105 CET50012445192.168.2.4192.168.1.29
                                                              Dec 3, 2024 13:57:07.412795067 CET50013445192.168.2.4192.168.1.30
                                                              Dec 3, 2024 13:57:07.412801027 CET44550017192.168.1.34192.168.2.4
                                                              Dec 3, 2024 13:57:07.412803888 CET50014445192.168.2.4192.168.1.31
                                                              Dec 3, 2024 13:57:07.412811995 CET44550019192.168.1.36192.168.2.4
                                                              Dec 3, 2024 13:57:07.412826061 CET50015445192.168.2.4192.168.1.32
                                                              Dec 3, 2024 13:57:07.412834883 CET50016445192.168.2.4192.168.1.33
                                                              Dec 3, 2024 13:57:07.412842035 CET50018445192.168.2.4192.168.1.35
                                                              Dec 3, 2024 13:57:07.412882090 CET50019445192.168.2.4192.168.1.36
                                                              Dec 3, 2024 13:57:07.412898064 CET50017445192.168.2.4192.168.1.34
                                                              Dec 3, 2024 13:57:07.413882971 CET44550020192.168.1.37192.168.2.4
                                                              Dec 3, 2024 13:57:07.413892984 CET44550021192.168.1.38192.168.2.4
                                                              Dec 3, 2024 13:57:07.413934946 CET50020445192.168.2.4192.168.1.37
                                                              Dec 3, 2024 13:57:07.413947105 CET44550022192.168.1.39192.168.2.4
                                                              Dec 3, 2024 13:57:07.413957119 CET44550010192.168.1.27192.168.2.4
                                                              Dec 3, 2024 13:57:07.413965940 CET44550023192.168.1.40192.168.2.4
                                                              Dec 3, 2024 13:57:07.413981915 CET50021445192.168.2.4192.168.1.38
                                                              Dec 3, 2024 13:57:07.413983107 CET44550024192.168.1.41192.168.2.4
                                                              Dec 3, 2024 13:57:07.413994074 CET50022445192.168.2.4192.168.1.39
                                                              Dec 3, 2024 13:57:07.413994074 CET44550025192.168.1.42192.168.2.4
                                                              Dec 3, 2024 13:57:07.414002895 CET50010445192.168.2.4192.168.1.27
                                                              Dec 3, 2024 13:57:07.414005041 CET44550026192.168.1.43192.168.2.4
                                                              Dec 3, 2024 13:57:07.414030075 CET44550027192.168.1.44192.168.2.4
                                                              Dec 3, 2024 13:57:07.414038897 CET44550028192.168.1.45192.168.2.4
                                                              Dec 3, 2024 13:57:07.414045095 CET50023445192.168.2.4192.168.1.40
                                                              Dec 3, 2024 13:57:07.414051056 CET50024445192.168.2.4192.168.1.41
                                                              Dec 3, 2024 13:57:07.414067984 CET50025445192.168.2.4192.168.1.42
                                                              Dec 3, 2024 13:57:07.414072990 CET50026445192.168.2.4192.168.1.43
                                                              Dec 3, 2024 13:57:07.414088964 CET44550030192.168.1.47192.168.2.4
                                                              Dec 3, 2024 13:57:07.414096117 CET50027445192.168.2.4192.168.1.44
                                                              Dec 3, 2024 13:57:07.414099932 CET44550032192.168.1.49192.168.2.4
                                                              Dec 3, 2024 13:57:07.414113045 CET50028445192.168.2.4192.168.1.45
                                                              Dec 3, 2024 13:57:07.414140940 CET44550029192.168.1.46192.168.2.4
                                                              Dec 3, 2024 13:57:07.414140940 CET50030445192.168.2.4192.168.1.47
                                                              Dec 3, 2024 13:57:07.414150953 CET44550031192.168.1.48192.168.2.4
                                                              Dec 3, 2024 13:57:07.414160013 CET44550033192.168.1.50192.168.2.4
                                                              Dec 3, 2024 13:57:07.414163113 CET50032445192.168.2.4192.168.1.49
                                                              Dec 3, 2024 13:57:07.414189100 CET44550034192.168.1.51192.168.2.4
                                                              Dec 3, 2024 13:57:07.414202929 CET50029445192.168.2.4192.168.1.46
                                                              Dec 3, 2024 13:57:07.414202929 CET50031445192.168.2.4192.168.1.48
                                                              Dec 3, 2024 13:57:07.414222002 CET50033445192.168.2.4192.168.1.50
                                                              Dec 3, 2024 13:57:07.414236069 CET44550035192.168.1.52192.168.2.4
                                                              Dec 3, 2024 13:57:07.414242983 CET50034445192.168.2.4192.168.1.51
                                                              Dec 3, 2024 13:57:07.414246082 CET44550036192.168.1.53192.168.2.4
                                                              Dec 3, 2024 13:57:07.414254904 CET44550007192.168.1.24192.168.2.4
                                                              Dec 3, 2024 13:57:07.414283991 CET50035445192.168.2.4192.168.1.52
                                                              Dec 3, 2024 13:57:07.414290905 CET50036445192.168.2.4192.168.1.53
                                                              Dec 3, 2024 13:57:07.414325953 CET50007445192.168.2.4192.168.1.24
                                                              Dec 3, 2024 13:57:07.414377928 CET44550037192.168.1.54192.168.2.4
                                                              Dec 3, 2024 13:57:07.414387941 CET44550038192.168.1.55192.168.2.4
                                                              Dec 3, 2024 13:57:07.414397001 CET44550039192.168.1.56192.168.2.4
                                                              Dec 3, 2024 13:57:07.414422035 CET50037445192.168.2.4192.168.1.54
                                                              Dec 3, 2024 13:57:07.414463043 CET50038445192.168.2.4192.168.1.55
                                                              Dec 3, 2024 13:57:07.414463043 CET50039445192.168.2.4192.168.1.56
                                                              Dec 3, 2024 13:57:07.414974928 CET50124445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:07.415261984 CET44550060192.168.1.77192.168.2.4
                                                              Dec 3, 2024 13:57:07.415272951 CET44550059192.168.1.76192.168.2.4
                                                              Dec 3, 2024 13:57:07.415282011 CET44550058192.168.1.75192.168.2.4
                                                              Dec 3, 2024 13:57:07.415298939 CET44550057192.168.1.74192.168.2.4
                                                              Dec 3, 2024 13:57:07.415308952 CET44550056192.168.1.73192.168.2.4
                                                              Dec 3, 2024 13:57:07.415334940 CET44550055192.168.1.72192.168.2.4
                                                              Dec 3, 2024 13:57:07.415344000 CET44550054192.168.1.71192.168.2.4
                                                              Dec 3, 2024 13:57:07.415354013 CET44550053192.168.1.70192.168.2.4
                                                              Dec 3, 2024 13:57:07.415364027 CET44550052192.168.1.69192.168.2.4
                                                              Dec 3, 2024 13:57:07.415374041 CET44550051192.168.1.68192.168.2.4
                                                              Dec 3, 2024 13:57:07.415384054 CET44550050192.168.1.67192.168.2.4
                                                              Dec 3, 2024 13:57:07.415402889 CET44550049192.168.1.66192.168.2.4
                                                              Dec 3, 2024 13:57:07.415411949 CET44550048192.168.1.65192.168.2.4
                                                              Dec 3, 2024 13:57:07.415421009 CET44550047192.168.1.64192.168.2.4
                                                              Dec 3, 2024 13:57:07.415430069 CET44550046192.168.1.63192.168.2.4
                                                              Dec 3, 2024 13:57:07.415457010 CET50133445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:07.415549994 CET44550045192.168.1.62192.168.2.4
                                                              Dec 3, 2024 13:57:07.415560961 CET44550044192.168.1.61192.168.2.4
                                                              Dec 3, 2024 13:57:07.415570021 CET44550043192.168.1.60192.168.2.4
                                                              Dec 3, 2024 13:57:07.415580034 CET44550042192.168.1.59192.168.2.4
                                                              Dec 3, 2024 13:57:07.415589094 CET44550041192.168.1.58192.168.2.4
                                                              Dec 3, 2024 13:57:07.415604115 CET44550040192.168.1.57192.168.2.4
                                                              Dec 3, 2024 13:57:07.415666103 CET44550040192.168.1.57192.168.2.4
                                                              Dec 3, 2024 13:57:07.415674925 CET44550041192.168.1.58192.168.2.4
                                                              Dec 3, 2024 13:57:07.415683985 CET44550042192.168.1.59192.168.2.4
                                                              Dec 3, 2024 13:57:07.415710926 CET50040445192.168.2.4192.168.1.57
                                                              Dec 3, 2024 13:57:07.415719032 CET50041445192.168.2.4192.168.1.58
                                                              Dec 3, 2024 13:57:07.415728092 CET44550043192.168.1.60192.168.2.4
                                                              Dec 3, 2024 13:57:07.415740013 CET50042445192.168.2.4192.168.1.59
                                                              Dec 3, 2024 13:57:07.415770054 CET50043445192.168.2.4192.168.1.60
                                                              Dec 3, 2024 13:57:07.415802956 CET44550044192.168.1.61192.168.2.4
                                                              Dec 3, 2024 13:57:07.415812969 CET44550045192.168.1.62192.168.2.4
                                                              Dec 3, 2024 13:57:07.415821075 CET44550046192.168.1.63192.168.2.4
                                                              Dec 3, 2024 13:57:07.415828943 CET44550047192.168.1.64192.168.2.4
                                                              Dec 3, 2024 13:57:07.415847063 CET44550048192.168.1.65192.168.2.4
                                                              Dec 3, 2024 13:57:07.415857077 CET44550049192.168.1.66192.168.2.4
                                                              Dec 3, 2024 13:57:07.415858984 CET50045445192.168.2.4192.168.1.62
                                                              Dec 3, 2024 13:57:07.415867090 CET50044445192.168.2.4192.168.1.61
                                                              Dec 3, 2024 13:57:07.415868044 CET44550050192.168.1.67192.168.2.4
                                                              Dec 3, 2024 13:57:07.415868998 CET50046445192.168.2.4192.168.1.63
                                                              Dec 3, 2024 13:57:07.415890932 CET44550051192.168.1.68192.168.2.4
                                                              Dec 3, 2024 13:57:07.415894985 CET50047445192.168.2.4192.168.1.64
                                                              Dec 3, 2024 13:57:07.415911913 CET50048445192.168.2.4192.168.1.65
                                                              Dec 3, 2024 13:57:07.415913105 CET50049445192.168.2.4192.168.1.66
                                                              Dec 3, 2024 13:57:07.415932894 CET50050445192.168.2.4192.168.1.67
                                                              Dec 3, 2024 13:57:07.415942907 CET44550052192.168.1.69192.168.2.4
                                                              Dec 3, 2024 13:57:07.415952921 CET44550053192.168.1.70192.168.2.4
                                                              Dec 3, 2024 13:57:07.415963888 CET44550054192.168.1.71192.168.2.4
                                                              Dec 3, 2024 13:57:07.415975094 CET50051445192.168.2.4192.168.1.68
                                                              Dec 3, 2024 13:57:07.415981054 CET44550055192.168.1.72192.168.2.4
                                                              Dec 3, 2024 13:57:07.415987968 CET50052445192.168.2.4192.168.1.69
                                                              Dec 3, 2024 13:57:07.415988922 CET44550056192.168.1.73192.168.2.4
                                                              Dec 3, 2024 13:57:07.416008949 CET50053445192.168.2.4192.168.1.70
                                                              Dec 3, 2024 13:57:07.416019917 CET50054445192.168.2.4192.168.1.71
                                                              Dec 3, 2024 13:57:07.416030884 CET44550057192.168.1.74192.168.2.4
                                                              Dec 3, 2024 13:57:07.416043043 CET50055445192.168.2.4192.168.1.72
                                                              Dec 3, 2024 13:57:07.416052103 CET50056445192.168.2.4192.168.1.73
                                                              Dec 3, 2024 13:57:07.416068077 CET50057445192.168.2.4192.168.1.74
                                                              Dec 3, 2024 13:57:07.416100025 CET44550058192.168.1.75192.168.2.4
                                                              Dec 3, 2024 13:57:07.416110039 CET44550059192.168.1.76192.168.2.4
                                                              Dec 3, 2024 13:57:07.416141987 CET50058445192.168.2.4192.168.1.75
                                                              Dec 3, 2024 13:57:07.416152000 CET50059445192.168.2.4192.168.1.76
                                                              Dec 3, 2024 13:57:07.416239023 CET44550060192.168.1.77192.168.2.4
                                                              Dec 3, 2024 13:57:07.416249990 CET44550061192.168.1.78192.168.2.4
                                                              Dec 3, 2024 13:57:07.416287899 CET50060445192.168.2.4192.168.1.77
                                                              Dec 3, 2024 13:57:07.416296959 CET50061445192.168.2.4192.168.1.78
                                                              Dec 3, 2024 13:57:07.416455984 CET50134445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:07.416563034 CET50135445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:07.416654110 CET50136445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:07.416837931 CET50137445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:07.416955948 CET50138445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:07.417129993 CET50139445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:07.417325974 CET50140445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:07.417396069 CET50141445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:07.417870045 CET50142445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:07.417954922 CET50143445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:07.418122053 CET50144445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:07.418204069 CET50146445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:07.418421030 CET50147445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:07.418492079 CET50148445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:07.418668985 CET50150445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:07.419143915 CET50151445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:07.419261932 CET50152445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:07.419353008 CET50145445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:07.419421911 CET50149445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:07.419630051 CET50153445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:07.419756889 CET50154445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:07.420155048 CET50155445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:07.420247078 CET50156445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:07.420322895 CET50158445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:07.420520067 CET50160445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:07.420835972 CET50161445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:07.420947075 CET50162445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:07.421015024 CET50163445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:07.421101093 CET50157445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:07.421355009 CET50159445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:07.421601057 CET50164445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:07.421680927 CET50165445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:07.421837091 CET50166445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:07.422249079 CET50167445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:07.422337055 CET50168445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:07.422409058 CET50169445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:07.422481060 CET50170445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:07.422719002 CET50171445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:07.422800064 CET50172445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:07.422934055 CET50173445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:07.423041105 CET50174445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:07.423109055 CET50175445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:07.424019098 CET50181445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:07.425780058 CET50182445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:07.426367044 CET50183445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:07.426597118 CET50184445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:07.427037001 CET50185445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:07.438875914 CET50186445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:07.439235926 CET50187445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:07.445557117 CET44550062192.168.1.79192.168.2.4
                                                              Dec 3, 2024 13:57:07.445576906 CET44550176192.168.1.193192.168.2.4
                                                              Dec 3, 2024 13:57:07.445636034 CET44550177192.168.1.194192.168.2.4
                                                              Dec 3, 2024 13:57:07.445643902 CET50062445192.168.2.4192.168.1.79
                                                              Dec 3, 2024 13:57:07.445687056 CET50176445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:07.445720911 CET50177445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:07.445724964 CET44550178192.168.1.195192.168.2.4
                                                              Dec 3, 2024 13:57:07.445736885 CET44550179192.168.1.196192.168.2.4
                                                              Dec 3, 2024 13:57:07.445764065 CET44550180192.168.1.197192.168.2.4
                                                              Dec 3, 2024 13:57:07.445774078 CET50178445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:07.445774078 CET44550063192.168.1.80192.168.2.4
                                                              Dec 3, 2024 13:57:07.445799112 CET50179445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:07.445831060 CET50063445192.168.2.4192.168.1.80
                                                              Dec 3, 2024 13:57:07.445837975 CET44550065192.168.1.82192.168.2.4
                                                              Dec 3, 2024 13:57:07.445848942 CET44550064192.168.1.81192.168.2.4
                                                              Dec 3, 2024 13:57:07.445866108 CET50180445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:07.445878029 CET50065445192.168.2.4192.168.1.82
                                                              Dec 3, 2024 13:57:07.445907116 CET50064445192.168.2.4192.168.1.81
                                                              Dec 3, 2024 13:57:07.445938110 CET44550066192.168.1.83192.168.2.4
                                                              Dec 3, 2024 13:57:07.445950031 CET44550067192.168.1.84192.168.2.4
                                                              Dec 3, 2024 13:57:07.445981979 CET50066445192.168.2.4192.168.1.83
                                                              Dec 3, 2024 13:57:07.446006060 CET50067445192.168.2.4192.168.1.84
                                                              Dec 3, 2024 13:57:07.447117090 CET44550070192.168.1.87192.168.2.4
                                                              Dec 3, 2024 13:57:07.447284937 CET44550071192.168.1.88192.168.2.4
                                                              Dec 3, 2024 13:57:07.447340012 CET50070445192.168.2.4192.168.1.87
                                                              Dec 3, 2024 13:57:07.447352886 CET50071445192.168.2.4192.168.1.88
                                                              Dec 3, 2024 13:57:07.447531939 CET44550068192.168.1.85192.168.2.4
                                                              Dec 3, 2024 13:57:07.448075056 CET44550072192.168.1.89192.168.2.4
                                                              Dec 3, 2024 13:57:07.448121071 CET50068445192.168.2.4192.168.1.85
                                                              Dec 3, 2024 13:57:07.448142052 CET50072445192.168.2.4192.168.1.89
                                                              Dec 3, 2024 13:57:07.448393106 CET44550074192.168.1.91192.168.2.4
                                                              Dec 3, 2024 13:57:07.448766947 CET44550073192.168.1.90192.168.2.4
                                                              Dec 3, 2024 13:57:07.448817968 CET50074445192.168.2.4192.168.1.91
                                                              Dec 3, 2024 13:57:07.448846102 CET50073445192.168.2.4192.168.1.90
                                                              Dec 3, 2024 13:57:07.449057102 CET44550077192.168.1.94192.168.2.4
                                                              Dec 3, 2024 13:57:07.449409962 CET50077445192.168.2.4192.168.1.94
                                                              Dec 3, 2024 13:57:07.449546099 CET44550076192.168.1.93192.168.2.4
                                                              Dec 3, 2024 13:57:07.449892998 CET44550078192.168.1.95192.168.2.4
                                                              Dec 3, 2024 13:57:07.449955940 CET50078445192.168.2.4192.168.1.95
                                                              Dec 3, 2024 13:57:07.449978113 CET50076445192.168.2.4192.168.1.93
                                                              Dec 3, 2024 13:57:07.450321913 CET44550075192.168.1.92192.168.2.4
                                                              Dec 3, 2024 13:57:07.450599909 CET44550079192.168.1.96192.168.2.4
                                                              Dec 3, 2024 13:57:07.450649977 CET50075445192.168.2.4192.168.1.92
                                                              Dec 3, 2024 13:57:07.450658083 CET50079445192.168.2.4192.168.1.96
                                                              Dec 3, 2024 13:57:07.450980902 CET44550080192.168.1.97192.168.2.4
                                                              Dec 3, 2024 13:57:07.451278925 CET44550093192.168.1.110192.168.2.4
                                                              Dec 3, 2024 13:57:07.451287985 CET44550092192.168.1.109192.168.2.4
                                                              Dec 3, 2024 13:57:07.451297045 CET44550091192.168.1.108192.168.2.4
                                                              Dec 3, 2024 13:57:07.451306105 CET44550090192.168.1.107192.168.2.4
                                                              Dec 3, 2024 13:57:07.451318026 CET44550089192.168.1.106192.168.2.4
                                                              Dec 3, 2024 13:57:07.451328039 CET44550088192.168.1.105192.168.2.4
                                                              Dec 3, 2024 13:57:07.451343060 CET50080445192.168.2.4192.168.1.97
                                                              Dec 3, 2024 13:57:07.451345921 CET44550087192.168.1.104192.168.2.4
                                                              Dec 3, 2024 13:57:07.451354980 CET44550086192.168.1.103192.168.2.4
                                                              Dec 3, 2024 13:57:07.451364040 CET44550085192.168.1.102192.168.2.4
                                                              Dec 3, 2024 13:57:07.451371908 CET44550084192.168.1.101192.168.2.4
                                                              Dec 3, 2024 13:57:07.451380968 CET44550083192.168.1.100192.168.2.4
                                                              Dec 3, 2024 13:57:07.451396942 CET44550082192.168.1.99192.168.2.4
                                                              Dec 3, 2024 13:57:07.451410055 CET44550081192.168.1.98192.168.2.4
                                                              Dec 3, 2024 13:57:07.451419115 CET44550095192.168.1.112192.168.2.4
                                                              Dec 3, 2024 13:57:07.451426029 CET44550094192.168.1.111192.168.2.4
                                                              Dec 3, 2024 13:57:07.451433897 CET44550081192.168.1.98192.168.2.4
                                                              Dec 3, 2024 13:57:07.451472998 CET50081445192.168.2.4192.168.1.98
                                                              Dec 3, 2024 13:57:07.451726913 CET44550083192.168.1.100192.168.2.4
                                                              Dec 3, 2024 13:57:07.451771975 CET50083445192.168.2.4192.168.1.100
                                                              Dec 3, 2024 13:57:07.452126026 CET44550082192.168.1.99192.168.2.4
                                                              Dec 3, 2024 13:57:07.452388048 CET50082445192.168.2.4192.168.1.99
                                                              Dec 3, 2024 13:57:07.452415943 CET44550085192.168.1.102192.168.2.4
                                                              Dec 3, 2024 13:57:07.452460051 CET50085445192.168.2.4192.168.1.102
                                                              Dec 3, 2024 13:57:07.452761889 CET44550084192.168.1.101192.168.2.4
                                                              Dec 3, 2024 13:57:07.452816010 CET50084445192.168.2.4192.168.1.101
                                                              Dec 3, 2024 13:57:07.453031063 CET44550086192.168.1.103192.168.2.4
                                                              Dec 3, 2024 13:57:07.453077078 CET50086445192.168.2.4192.168.1.103
                                                              Dec 3, 2024 13:57:07.453274965 CET44550087192.168.1.104192.168.2.4
                                                              Dec 3, 2024 13:57:07.453320026 CET50087445192.168.2.4192.168.1.104
                                                              Dec 3, 2024 13:57:07.453696966 CET44550088192.168.1.105192.168.2.4
                                                              Dec 3, 2024 13:57:07.453737020 CET50088445192.168.2.4192.168.1.105
                                                              Dec 3, 2024 13:57:07.454039097 CET44550089192.168.1.106192.168.2.4
                                                              Dec 3, 2024 13:57:07.454315901 CET44550090192.168.1.107192.168.2.4
                                                              Dec 3, 2024 13:57:07.454361916 CET50089445192.168.2.4192.168.1.106
                                                              Dec 3, 2024 13:57:07.454372883 CET50090445192.168.2.4192.168.1.107
                                                              Dec 3, 2024 13:57:07.454648972 CET44550091192.168.1.108192.168.2.4
                                                              Dec 3, 2024 13:57:07.454889059 CET44550092192.168.1.109192.168.2.4
                                                              Dec 3, 2024 13:57:07.454936981 CET50091445192.168.2.4192.168.1.108
                                                              Dec 3, 2024 13:57:07.454943895 CET50092445192.168.2.4192.168.1.109
                                                              Dec 3, 2024 13:57:07.455240011 CET44550093192.168.1.110192.168.2.4
                                                              Dec 3, 2024 13:57:07.455317974 CET44550069192.168.1.86192.168.2.4
                                                              Dec 3, 2024 13:57:07.455363035 CET50093445192.168.2.4192.168.1.110
                                                              Dec 3, 2024 13:57:07.455378056 CET50069445192.168.2.4192.168.1.86
                                                              Dec 3, 2024 13:57:07.455574036 CET44550095192.168.1.112192.168.2.4
                                                              Dec 3, 2024 13:57:07.455621958 CET50095445192.168.2.4192.168.1.112
                                                              Dec 3, 2024 13:57:07.455852985 CET44550094192.168.1.111192.168.2.4
                                                              Dec 3, 2024 13:57:07.455900908 CET50094445192.168.2.4192.168.1.111
                                                              Dec 3, 2024 13:57:07.456402063 CET44550096192.168.1.113192.168.2.4
                                                              Dec 3, 2024 13:57:07.456808090 CET44550098192.168.1.115192.168.2.4
                                                              Dec 3, 2024 13:57:07.456862926 CET50096445192.168.2.4192.168.1.113
                                                              Dec 3, 2024 13:57:07.456875086 CET50098445192.168.2.4192.168.1.115
                                                              Dec 3, 2024 13:57:07.457253933 CET44550097192.168.1.114192.168.2.4
                                                              Dec 3, 2024 13:57:07.457604885 CET44550099192.168.1.116192.168.2.4
                                                              Dec 3, 2024 13:57:07.457659960 CET50097445192.168.2.4192.168.1.114
                                                              Dec 3, 2024 13:57:07.457668066 CET50099445192.168.2.4192.168.1.116
                                                              Dec 3, 2024 13:57:07.457938910 CET44550100192.168.1.117192.168.2.4
                                                              Dec 3, 2024 13:57:07.458389997 CET50100445192.168.2.4192.168.1.117
                                                              Dec 3, 2024 13:57:07.460235119 CET44550102192.168.1.119192.168.2.4
                                                              Dec 3, 2024 13:57:07.460297108 CET50102445192.168.2.4192.168.1.119
                                                              Dec 3, 2024 13:57:07.460602045 CET44550101192.168.1.118192.168.2.4
                                                              Dec 3, 2024 13:57:07.460689068 CET50101445192.168.2.4192.168.1.118
                                                              Dec 3, 2024 13:57:07.466644049 CET44550103192.168.1.120192.168.2.4
                                                              Dec 3, 2024 13:57:07.466654062 CET44550104192.168.1.121192.168.2.4
                                                              Dec 3, 2024 13:57:07.466687918 CET44550105192.168.1.122192.168.2.4
                                                              Dec 3, 2024 13:57:07.466701031 CET50103445192.168.2.4192.168.1.120
                                                              Dec 3, 2024 13:57:07.466713905 CET50104445192.168.2.4192.168.1.121
                                                              Dec 3, 2024 13:57:07.466759920 CET50105445192.168.2.4192.168.1.122
                                                              Dec 3, 2024 13:57:07.468386889 CET44550106192.168.1.123192.168.2.4
                                                              Dec 3, 2024 13:57:07.468424082 CET50106445192.168.2.4192.168.1.123
                                                              Dec 3, 2024 13:57:07.468621969 CET44550107192.168.1.124192.168.2.4
                                                              Dec 3, 2024 13:57:07.469069958 CET50107445192.168.2.4192.168.1.124
                                                              Dec 3, 2024 13:57:07.472367048 CET44550108192.168.1.125192.168.2.4
                                                              Dec 3, 2024 13:57:07.472414970 CET50108445192.168.2.4192.168.1.125
                                                              Dec 3, 2024 13:57:07.472628117 CET44550109192.168.1.126192.168.2.4
                                                              Dec 3, 2024 13:57:07.472753048 CET50109445192.168.2.4192.168.1.126
                                                              Dec 3, 2024 13:57:07.472758055 CET44550110192.168.1.127192.168.2.4
                                                              Dec 3, 2024 13:57:07.472835064 CET44550111192.168.1.128192.168.2.4
                                                              Dec 3, 2024 13:57:07.472870111 CET50110445192.168.2.4192.168.1.127
                                                              Dec 3, 2024 13:57:07.472877026 CET50111445192.168.2.4192.168.1.128
                                                              Dec 3, 2024 13:57:07.477166891 CET44550112192.168.1.129192.168.2.4
                                                              Dec 3, 2024 13:57:07.477411032 CET44550113192.168.1.130192.168.2.4
                                                              Dec 3, 2024 13:57:07.477471113 CET50113445192.168.2.4192.168.1.130
                                                              Dec 3, 2024 13:57:07.477478981 CET50112445192.168.2.4192.168.1.129
                                                              Dec 3, 2024 13:57:07.477672100 CET44550114192.168.1.131192.168.2.4
                                                              Dec 3, 2024 13:57:07.477813005 CET50114445192.168.2.4192.168.1.131
                                                              Dec 3, 2024 13:57:07.483253956 CET44550118192.168.1.135192.168.2.4
                                                              Dec 3, 2024 13:57:07.483275890 CET44550117192.168.1.134192.168.2.4
                                                              Dec 3, 2024 13:57:07.483287096 CET44550115192.168.1.132192.168.2.4
                                                              Dec 3, 2024 13:57:07.483320951 CET44550115192.168.1.132192.168.2.4
                                                              Dec 3, 2024 13:57:07.483407974 CET44550117192.168.1.134192.168.2.4
                                                              Dec 3, 2024 13:57:07.483417988 CET44550118192.168.1.135192.168.2.4
                                                              Dec 3, 2024 13:57:07.483450890 CET50115445192.168.2.4192.168.1.132
                                                              Dec 3, 2024 13:57:07.483460903 CET50117445192.168.2.4192.168.1.134
                                                              Dec 3, 2024 13:57:07.483483076 CET50118445192.168.2.4192.168.1.135
                                                              Dec 3, 2024 13:57:07.483746052 CET44550119192.168.1.136192.168.2.4
                                                              Dec 3, 2024 13:57:07.483788013 CET44550121192.168.1.138192.168.2.4
                                                              Dec 3, 2024 13:57:07.483791113 CET50119445192.168.2.4192.168.1.136
                                                              Dec 3, 2024 13:57:07.483824968 CET50121445192.168.2.4192.168.1.138
                                                              Dec 3, 2024 13:57:07.486851931 CET44550116192.168.1.133192.168.2.4
                                                              Dec 3, 2024 13:57:07.486927032 CET50116445192.168.2.4192.168.1.133
                                                              Dec 3, 2024 13:57:07.487010956 CET44550120192.168.1.137192.168.2.4
                                                              Dec 3, 2024 13:57:07.487157106 CET50120445192.168.2.4192.168.1.137
                                                              Dec 3, 2024 13:57:07.491044998 CET44550122192.168.1.139192.168.2.4
                                                              Dec 3, 2024 13:57:07.491262913 CET44550123192.168.1.140192.168.2.4
                                                              Dec 3, 2024 13:57:07.491318941 CET50122445192.168.2.4192.168.1.139
                                                              Dec 3, 2024 13:57:07.491344929 CET50123445192.168.2.4192.168.1.140
                                                              Dec 3, 2024 13:57:07.494914055 CET44550125192.168.1.142192.168.2.4
                                                              Dec 3, 2024 13:57:07.495220900 CET44550126192.168.1.143192.168.2.4
                                                              Dec 3, 2024 13:57:07.495254040 CET44550127192.168.1.144192.168.2.4
                                                              Dec 3, 2024 13:57:07.495271921 CET50125445192.168.2.4192.168.1.142
                                                              Dec 3, 2024 13:57:07.495290995 CET50126445192.168.2.4192.168.1.143
                                                              Dec 3, 2024 13:57:07.495323896 CET50127445192.168.2.4192.168.1.144
                                                              Dec 3, 2024 13:57:07.499079943 CET44550128192.168.1.145192.168.2.4
                                                              Dec 3, 2024 13:57:07.499140978 CET50128445192.168.2.4192.168.1.145
                                                              Dec 3, 2024 13:57:07.499268055 CET44550129192.168.1.146192.168.2.4
                                                              Dec 3, 2024 13:57:07.499520063 CET44550130192.168.1.147192.168.2.4
                                                              Dec 3, 2024 13:57:07.499583006 CET50129445192.168.2.4192.168.1.146
                                                              Dec 3, 2024 13:57:07.499588013 CET50130445192.168.2.4192.168.1.147
                                                              Dec 3, 2024 13:57:07.499639988 CET44550131192.168.1.148192.168.2.4
                                                              Dec 3, 2024 13:57:07.501411915 CET50131445192.168.2.4192.168.1.148
                                                              Dec 3, 2024 13:57:07.503041983 CET50176445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:07.503328085 CET50177445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:07.503345966 CET50178445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:07.503427029 CET50179445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:07.503511906 CET50180445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:07.504075050 CET50188445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:07.514864922 CET50189445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:07.515149117 CET50190445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:07.515355110 CET50191445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:07.515521049 CET50192445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:07.515698910 CET50193445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:07.528579950 CET50194445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:07.528969049 CET50195445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:07.529182911 CET50196445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:07.529387951 CET50197445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:07.529581070 CET50198445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:07.529804945 CET50199445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:07.532826900 CET44550132192.168.1.149192.168.2.4
                                                              Dec 3, 2024 13:57:07.532897949 CET50132445192.168.2.4192.168.1.149
                                                              Dec 3, 2024 13:57:07.535537958 CET44550124192.168.1.141192.168.2.4
                                                              Dec 3, 2024 13:57:07.536829948 CET50124445192.168.2.4192.168.1.141
                                                              Dec 3, 2024 13:57:07.540487051 CET50200445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:07.540771961 CET50201445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:07.540967941 CET50202445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:07.550153017 CET50203445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:07.550463915 CET50204445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:07.550713062 CET50205445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:07.558692932 CET50206445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:07.559019089 CET50207445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:07.559714079 CET50208445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:07.560112953 CET50209445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:07.561058044 CET50210445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:07.561305046 CET50211445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:07.561702013 CET50212445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:07.561954021 CET50213445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:07.562215090 CET50214445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:07.562413931 CET50215445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:07.562661886 CET50216445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:07.562870026 CET50217445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:07.563426018 CET50218445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:07.563653946 CET50219445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:07.564305067 CET50220445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:07.564344883 CET50221445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:07.564555883 CET50222445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:07.564723969 CET50223445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:07.564898968 CET50224445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:07.565063953 CET50225445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:07.565226078 CET50226445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:07.565676928 CET50227445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:07.566051006 CET44550133192.168.1.150192.168.2.4
                                                              Dec 3, 2024 13:57:07.566102982 CET50133445192.168.2.4192.168.1.150
                                                              Dec 3, 2024 13:57:07.566404104 CET50228445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:07.566474915 CET44550134192.168.1.151192.168.2.4
                                                              Dec 3, 2024 13:57:07.566535950 CET44550135192.168.1.152192.168.2.4
                                                              Dec 3, 2024 13:57:07.566545963 CET44550136192.168.1.153192.168.2.4
                                                              Dec 3, 2024 13:57:07.566559076 CET44550137192.168.1.154192.168.2.4
                                                              Dec 3, 2024 13:57:07.566569090 CET44550138192.168.1.155192.168.2.4
                                                              Dec 3, 2024 13:57:07.566581011 CET50134445192.168.2.4192.168.1.151
                                                              Dec 3, 2024 13:57:07.566591024 CET50135445192.168.2.4192.168.1.152
                                                              Dec 3, 2024 13:57:07.566617966 CET50136445192.168.2.4192.168.1.153
                                                              Dec 3, 2024 13:57:07.566629887 CET50137445192.168.2.4192.168.1.154
                                                              Dec 3, 2024 13:57:07.566648960 CET50138445192.168.2.4192.168.1.155
                                                              Dec 3, 2024 13:57:07.566986084 CET44550139192.168.1.156192.168.2.4
                                                              Dec 3, 2024 13:57:07.567027092 CET50139445192.168.2.4192.168.1.156
                                                              Dec 3, 2024 13:57:07.567054987 CET44550140192.168.1.157192.168.2.4
                                                              Dec 3, 2024 13:57:07.567069054 CET44550141192.168.1.158192.168.2.4
                                                              Dec 3, 2024 13:57:07.567080021 CET44550142192.168.1.159192.168.2.4
                                                              Dec 3, 2024 13:57:07.567090988 CET44550181192.168.1.198192.168.2.4
                                                              Dec 3, 2024 13:57:07.567092896 CET50140445192.168.2.4192.168.1.157
                                                              Dec 3, 2024 13:57:07.567101955 CET44550182192.168.1.199192.168.2.4
                                                              Dec 3, 2024 13:57:07.567120075 CET44550183192.168.1.200192.168.2.4
                                                              Dec 3, 2024 13:57:07.567125082 CET50142445192.168.2.4192.168.1.159
                                                              Dec 3, 2024 13:57:07.567128897 CET50141445192.168.2.4192.168.1.158
                                                              Dec 3, 2024 13:57:07.567197084 CET50182445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:07.567197084 CET50183445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:07.567203045 CET50181445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:07.567228079 CET44550184192.168.1.201192.168.2.4
                                                              Dec 3, 2024 13:57:07.567269087 CET50184445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:07.567298889 CET44550185192.168.1.202192.168.2.4
                                                              Dec 3, 2024 13:57:07.567307949 CET44550186192.168.1.203192.168.2.4
                                                              Dec 3, 2024 13:57:07.567323923 CET44550187192.168.1.204192.168.2.4
                                                              Dec 3, 2024 13:57:07.567332983 CET44550175192.168.1.192192.168.2.4
                                                              Dec 3, 2024 13:57:07.567342997 CET44550174192.168.1.191192.168.2.4
                                                              Dec 3, 2024 13:57:07.567362070 CET44550173192.168.1.190192.168.2.4
                                                              Dec 3, 2024 13:57:07.567365885 CET50186445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:07.567372084 CET44550172192.168.1.189192.168.2.4
                                                              Dec 3, 2024 13:57:07.567380905 CET44550171192.168.1.188192.168.2.4
                                                              Dec 3, 2024 13:57:07.567389965 CET44550170192.168.1.187192.168.2.4
                                                              Dec 3, 2024 13:57:07.567399979 CET50187445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:07.567409039 CET44550169192.168.1.186192.168.2.4
                                                              Dec 3, 2024 13:57:07.567418098 CET44550168192.168.1.185192.168.2.4
                                                              Dec 3, 2024 13:57:07.567428112 CET44550167192.168.1.184192.168.2.4
                                                              Dec 3, 2024 13:57:07.567436934 CET44550166192.168.1.183192.168.2.4
                                                              Dec 3, 2024 13:57:07.567449093 CET44550165192.168.1.182192.168.2.4
                                                              Dec 3, 2024 13:57:07.567457914 CET44550164192.168.1.181192.168.2.4
                                                              Dec 3, 2024 13:57:07.567507029 CET50185445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:07.567564964 CET44550159192.168.1.176192.168.2.4
                                                              Dec 3, 2024 13:57:07.567576885 CET44550157192.168.1.174192.168.2.4
                                                              Dec 3, 2024 13:57:07.567585945 CET44550163192.168.1.180192.168.2.4
                                                              Dec 3, 2024 13:57:07.567595959 CET44550162192.168.1.179192.168.2.4
                                                              Dec 3, 2024 13:57:07.567605019 CET44550161192.168.1.178192.168.2.4
                                                              Dec 3, 2024 13:57:07.567614079 CET44550160192.168.1.177192.168.2.4
                                                              Dec 3, 2024 13:57:07.567622900 CET44550158192.168.1.175192.168.2.4
                                                              Dec 3, 2024 13:57:07.567631960 CET44550156192.168.1.173192.168.2.4
                                                              Dec 3, 2024 13:57:07.567636967 CET44550155192.168.1.172192.168.2.4
                                                              Dec 3, 2024 13:57:07.567640066 CET44550154192.168.1.171192.168.2.4
                                                              Dec 3, 2024 13:57:07.567643881 CET44550153192.168.1.170192.168.2.4
                                                              Dec 3, 2024 13:57:07.567652941 CET44550149192.168.1.166192.168.2.4
                                                              Dec 3, 2024 13:57:07.567662001 CET44550145192.168.1.162192.168.2.4
                                                              Dec 3, 2024 13:57:07.567671061 CET44550152192.168.1.169192.168.2.4
                                                              Dec 3, 2024 13:57:07.567679882 CET44550151192.168.1.168192.168.2.4
                                                              Dec 3, 2024 13:57:07.567697048 CET44550150192.168.1.167192.168.2.4
                                                              Dec 3, 2024 13:57:07.567706108 CET44550148192.168.1.165192.168.2.4
                                                              Dec 3, 2024 13:57:07.567713976 CET44550147192.168.1.164192.168.2.4
                                                              Dec 3, 2024 13:57:07.567723036 CET44550146192.168.1.163192.168.2.4
                                                              Dec 3, 2024 13:57:07.567732096 CET44550144192.168.1.161192.168.2.4
                                                              Dec 3, 2024 13:57:07.567740917 CET44550143192.168.1.160192.168.2.4
                                                              Dec 3, 2024 13:57:07.567917109 CET44550143192.168.1.160192.168.2.4
                                                              Dec 3, 2024 13:57:07.567949057 CET50143445192.168.2.4192.168.1.160
                                                              Dec 3, 2024 13:57:07.567969084 CET44550144192.168.1.161192.168.2.4
                                                              Dec 3, 2024 13:57:07.568003893 CET50144445192.168.2.4192.168.1.161
                                                              Dec 3, 2024 13:57:07.568099976 CET44550146192.168.1.163192.168.2.4
                                                              Dec 3, 2024 13:57:07.568109035 CET44550147192.168.1.164192.168.2.4
                                                              Dec 3, 2024 13:57:07.568140030 CET44550148192.168.1.165192.168.2.4
                                                              Dec 3, 2024 13:57:07.568141937 CET50146445192.168.2.4192.168.1.163
                                                              Dec 3, 2024 13:57:07.568146944 CET50147445192.168.2.4192.168.1.164
                                                              Dec 3, 2024 13:57:07.568169117 CET50148445192.168.2.4192.168.1.165
                                                              Dec 3, 2024 13:57:07.568172932 CET44550150192.168.1.167192.168.2.4
                                                              Dec 3, 2024 13:57:07.568205118 CET50150445192.168.2.4192.168.1.167
                                                              Dec 3, 2024 13:57:07.568298101 CET44550151192.168.1.168192.168.2.4
                                                              Dec 3, 2024 13:57:07.568306923 CET44550152192.168.1.169192.168.2.4
                                                              Dec 3, 2024 13:57:07.568339109 CET50151445192.168.2.4192.168.1.168
                                                              Dec 3, 2024 13:57:07.568346024 CET44550145192.168.1.162192.168.2.4
                                                              Dec 3, 2024 13:57:07.568346024 CET50152445192.168.2.4192.168.1.169
                                                              Dec 3, 2024 13:57:07.568356037 CET44550149192.168.1.166192.168.2.4
                                                              Dec 3, 2024 13:57:07.568367958 CET44550153192.168.1.170192.168.2.4
                                                              Dec 3, 2024 13:57:07.568409920 CET50145445192.168.2.4192.168.1.162
                                                              Dec 3, 2024 13:57:07.568409920 CET50149445192.168.2.4192.168.1.166
                                                              Dec 3, 2024 13:57:07.568449020 CET44550154192.168.1.171192.168.2.4
                                                              Dec 3, 2024 13:57:07.568458080 CET44550155192.168.1.172192.168.2.4
                                                              Dec 3, 2024 13:57:07.568485022 CET50154445192.168.2.4192.168.1.171
                                                              Dec 3, 2024 13:57:07.568492889 CET50155445192.168.2.4192.168.1.172
                                                              Dec 3, 2024 13:57:07.568564892 CET50187445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:07.568568945 CET44550156192.168.1.173192.168.2.4
                                                              Dec 3, 2024 13:57:07.568572044 CET50153445192.168.2.4192.168.1.170
                                                              Dec 3, 2024 13:57:07.568639994 CET50156445192.168.2.4192.168.1.173
                                                              Dec 3, 2024 13:57:07.568731070 CET50186445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:07.568783045 CET44550158192.168.1.175192.168.2.4
                                                              Dec 3, 2024 13:57:07.568828106 CET50158445192.168.2.4192.168.1.175
                                                              Dec 3, 2024 13:57:07.568831921 CET44550160192.168.1.177192.168.2.4
                                                              Dec 3, 2024 13:57:07.568845987 CET44550161192.168.1.178192.168.2.4
                                                              Dec 3, 2024 13:57:07.568855047 CET44550162192.168.1.179192.168.2.4
                                                              Dec 3, 2024 13:57:07.568857908 CET50185445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:07.568865061 CET44550163192.168.1.180192.168.2.4
                                                              Dec 3, 2024 13:57:07.568872929 CET44550157192.168.1.174192.168.2.4
                                                              Dec 3, 2024 13:57:07.568886995 CET50160445192.168.2.4192.168.1.177
                                                              Dec 3, 2024 13:57:07.568898916 CET50161445192.168.2.4192.168.1.178
                                                              Dec 3, 2024 13:57:07.568902016 CET50162445192.168.2.4192.168.1.179
                                                              Dec 3, 2024 13:57:07.568913937 CET44550159192.168.1.176192.168.2.4
                                                              Dec 3, 2024 13:57:07.568939924 CET50163445192.168.2.4192.168.1.180
                                                              Dec 3, 2024 13:57:07.568975925 CET50157445192.168.2.4192.168.1.174
                                                              Dec 3, 2024 13:57:07.568975925 CET50159445192.168.2.4192.168.1.176
                                                              Dec 3, 2024 13:57:07.568979979 CET44550164192.168.1.181192.168.2.4
                                                              Dec 3, 2024 13:57:07.568989992 CET44550165192.168.1.182192.168.2.4
                                                              Dec 3, 2024 13:57:07.569000006 CET44550166192.168.1.183192.168.2.4
                                                              Dec 3, 2024 13:57:07.569030046 CET50164445192.168.2.4192.168.1.181
                                                              Dec 3, 2024 13:57:07.569032907 CET50165445192.168.2.4192.168.1.182
                                                              Dec 3, 2024 13:57:07.569055080 CET44550167192.168.1.184192.168.2.4
                                                              Dec 3, 2024 13:57:07.569061041 CET50166445192.168.2.4192.168.1.183
                                                              Dec 3, 2024 13:57:07.569065094 CET44550168192.168.1.185192.168.2.4
                                                              Dec 3, 2024 13:57:07.569073915 CET44550169192.168.1.186192.168.2.4
                                                              Dec 3, 2024 13:57:07.569092035 CET50167445192.168.2.4192.168.1.184
                                                              Dec 3, 2024 13:57:07.569102049 CET50168445192.168.2.4192.168.1.185
                                                              Dec 3, 2024 13:57:07.569118977 CET50169445192.168.2.4192.168.1.186
                                                              Dec 3, 2024 13:57:07.569128990 CET44550170192.168.1.187192.168.2.4
                                                              Dec 3, 2024 13:57:07.569169998 CET50170445192.168.2.4192.168.1.187
                                                              Dec 3, 2024 13:57:07.569173098 CET44550171192.168.1.188192.168.2.4
                                                              Dec 3, 2024 13:57:07.569210052 CET50171445192.168.2.4192.168.1.188
                                                              Dec 3, 2024 13:57:07.569257021 CET44550172192.168.1.189192.168.2.4
                                                              Dec 3, 2024 13:57:07.569297075 CET44550173192.168.1.190192.168.2.4
                                                              Dec 3, 2024 13:57:07.569298983 CET50172445192.168.2.4192.168.1.189
                                                              Dec 3, 2024 13:57:07.569370031 CET44550174192.168.1.191192.168.2.4
                                                              Dec 3, 2024 13:57:07.569399118 CET44550175192.168.1.192192.168.2.4
                                                              Dec 3, 2024 13:57:07.569405079 CET50173445192.168.2.4192.168.1.190
                                                              Dec 3, 2024 13:57:07.569415092 CET50174445192.168.2.4192.168.1.191
                                                              Dec 3, 2024 13:57:07.569436073 CET50175445192.168.2.4192.168.1.192
                                                              Dec 3, 2024 13:57:07.569533110 CET50184445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:07.569603920 CET50183445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:07.569746971 CET50182445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:07.569802999 CET50181445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:07.570029974 CET50229445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:07.570337057 CET50230445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:07.570796013 CET50231445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:07.571369886 CET50232445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:07.571630955 CET50233445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:07.571971893 CET50234445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:07.572170973 CET50235445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:07.572447062 CET50236445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:07.573483944 CET50237445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:07.627016068 CET44550176192.168.1.193192.168.2.4
                                                              Dec 3, 2024 13:57:07.627254963 CET50176445192.168.2.4192.168.1.193
                                                              Dec 3, 2024 13:57:07.627502918 CET44550177192.168.1.194192.168.2.4
                                                              Dec 3, 2024 13:57:07.627532959 CET44550178192.168.1.195192.168.2.4
                                                              Dec 3, 2024 13:57:07.627567053 CET50177445192.168.2.4192.168.1.194
                                                              Dec 3, 2024 13:57:07.627588987 CET44550179192.168.1.196192.168.2.4
                                                              Dec 3, 2024 13:57:07.627593994 CET50178445192.168.2.4192.168.1.195
                                                              Dec 3, 2024 13:57:07.627599955 CET44550180192.168.1.197192.168.2.4
                                                              Dec 3, 2024 13:57:07.627629042 CET44550188192.168.1.205192.168.2.4
                                                              Dec 3, 2024 13:57:07.627643108 CET50179445192.168.2.4192.168.1.196
                                                              Dec 3, 2024 13:57:07.627655983 CET50180445192.168.2.4192.168.1.197
                                                              Dec 3, 2024 13:57:07.627688885 CET50188445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:07.628030062 CET50188445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:07.639764071 CET44550189192.168.1.206192.168.2.4
                                                              Dec 3, 2024 13:57:07.639843941 CET50189445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:07.639977932 CET44550190192.168.1.207192.168.2.4
                                                              Dec 3, 2024 13:57:07.640119076 CET50190445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:07.640130997 CET44550191192.168.1.208192.168.2.4
                                                              Dec 3, 2024 13:57:07.640191078 CET50191445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:07.640366077 CET44550192192.168.1.209192.168.2.4
                                                              Dec 3, 2024 13:57:07.640420914 CET50192445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:07.640470028 CET44550193192.168.1.210192.168.2.4
                                                              Dec 3, 2024 13:57:07.640511036 CET50190445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:07.640554905 CET50193445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:07.640697002 CET50189445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:07.640885115 CET50191445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:07.640918016 CET50192445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:07.640995026 CET50193445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:07.653510094 CET44550194192.168.1.211192.168.2.4
                                                              Dec 3, 2024 13:57:07.653580904 CET50194445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:07.653655052 CET50194445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:07.653826952 CET44550195192.168.1.212192.168.2.4
                                                              Dec 3, 2024 13:57:07.653882980 CET50195445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:07.653989077 CET50195445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:07.654117107 CET44550196192.168.1.213192.168.2.4
                                                              Dec 3, 2024 13:57:07.654181004 CET50196445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:07.654274940 CET44550197192.168.1.214192.168.2.4
                                                              Dec 3, 2024 13:57:07.654323101 CET50196445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:07.654349089 CET44550198192.168.1.215192.168.2.4
                                                              Dec 3, 2024 13:57:07.654351950 CET50197445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:07.654391050 CET50198445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:07.654548883 CET50197445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:07.654675007 CET50198445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:07.654685974 CET44550199192.168.1.216192.168.2.4
                                                              Dec 3, 2024 13:57:07.654730082 CET50199445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:07.654863119 CET50199445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:07.664833069 CET44550200192.168.1.217192.168.2.4
                                                              Dec 3, 2024 13:57:07.664896965 CET50200445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:07.664937019 CET44550201192.168.1.218192.168.2.4
                                                              Dec 3, 2024 13:57:07.664987087 CET50201445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:07.665076971 CET50200445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:07.665162086 CET44550202192.168.1.219192.168.2.4
                                                              Dec 3, 2024 13:57:07.665218115 CET50202445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:07.667121887 CET50201445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:07.667232990 CET50202445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:07.673376083 CET44550203192.168.1.220192.168.2.4
                                                              Dec 3, 2024 13:57:07.673438072 CET50203445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:07.673511982 CET44550204192.168.1.221192.168.2.4
                                                              Dec 3, 2024 13:57:07.673516989 CET50203445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:07.673599958 CET50204445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:07.673723936 CET50204445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:07.673789978 CET44550205192.168.1.222192.168.2.4
                                                              Dec 3, 2024 13:57:07.674536943 CET50205445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:07.674618006 CET50205445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:07.681651115 CET44550206192.168.1.223192.168.2.4
                                                              Dec 3, 2024 13:57:07.681721926 CET50206445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:07.681757927 CET44550207192.168.1.224192.168.2.4
                                                              Dec 3, 2024 13:57:07.681871891 CET50207445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:07.682699919 CET44550208192.168.1.225192.168.2.4
                                                              Dec 3, 2024 13:57:07.682792902 CET50208445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:07.683016062 CET44550209192.168.1.226192.168.2.4
                                                              Dec 3, 2024 13:57:07.683064938 CET50209445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:07.683809042 CET44550210192.168.1.227192.168.2.4
                                                              Dec 3, 2024 13:57:07.683859110 CET50210445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:07.684108973 CET44550211192.168.1.228192.168.2.4
                                                              Dec 3, 2024 13:57:07.684149981 CET50211445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:07.684461117 CET44550212192.168.1.229192.168.2.4
                                                              Dec 3, 2024 13:57:07.684593916 CET44550213192.168.1.230192.168.2.4
                                                              Dec 3, 2024 13:57:07.684681892 CET50212445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:07.684770107 CET44550214192.168.1.231192.168.2.4
                                                              Dec 3, 2024 13:57:07.684801102 CET50213445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:07.684823990 CET50214445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:07.684916019 CET44550215192.168.1.232192.168.2.4
                                                              Dec 3, 2024 13:57:07.685028076 CET50215445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:07.685030937 CET50206445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:07.685132027 CET44550216192.168.1.233192.168.2.4
                                                              Dec 3, 2024 13:57:07.685197115 CET50216445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:07.685273886 CET50207445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:07.685285091 CET44550217192.168.1.234192.168.2.4
                                                              Dec 3, 2024 13:57:07.685403109 CET50217445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:07.685741901 CET44550218192.168.1.235192.168.2.4
                                                              Dec 3, 2024 13:57:07.685816050 CET50218445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:07.685841084 CET50208445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:07.685987949 CET44550219192.168.1.236192.168.2.4
                                                              Dec 3, 2024 13:57:07.686038971 CET50219445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:07.686067104 CET50209445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:07.686167955 CET50210445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:07.686362982 CET50211445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:07.686496019 CET50212445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:07.686604023 CET44550220192.168.1.237192.168.2.4
                                                              Dec 3, 2024 13:57:07.686645031 CET44550221192.168.1.238192.168.2.4
                                                              Dec 3, 2024 13:57:07.686669111 CET50220445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:07.686697006 CET50221445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:07.686780930 CET44550222192.168.1.239192.168.2.4
                                                              Dec 3, 2024 13:57:07.686911106 CET50222445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:07.686935902 CET44550223192.168.1.240192.168.2.4
                                                              Dec 3, 2024 13:57:07.686950922 CET50213445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:07.687076092 CET50214445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:07.687097073 CET50223445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:07.687103987 CET44550224192.168.1.241192.168.2.4
                                                              Dec 3, 2024 13:57:07.687155962 CET50224445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:07.687278032 CET44550225192.168.1.242192.168.2.4
                                                              Dec 3, 2024 13:57:07.687330961 CET50225445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:07.687333107 CET50215445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:07.687439919 CET44550226192.168.1.243192.168.2.4
                                                              Dec 3, 2024 13:57:07.687494040 CET50226445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:07.687596083 CET50216445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:07.687725067 CET50217445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:07.687824011 CET50218445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:07.687879086 CET44550227192.168.1.244192.168.2.4
                                                              Dec 3, 2024 13:57:07.688040972 CET50227445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:07.688143969 CET50219445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:07.688246965 CET50220445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:07.688308954 CET50221445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:07.688476086 CET44550228192.168.1.245192.168.2.4
                                                              Dec 3, 2024 13:57:07.688499928 CET50222445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:07.688533068 CET50228445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:07.688716888 CET50223445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:07.688863039 CET50224445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:07.688950062 CET50225445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:07.689141989 CET50226445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:07.689145088 CET50227445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:07.689219952 CET50228445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:07.691262007 CET44550185192.168.1.202192.168.2.4
                                                              Dec 3, 2024 13:57:07.691337109 CET44550186192.168.1.203192.168.2.4
                                                              Dec 3, 2024 13:57:07.691369057 CET44550187192.168.1.204192.168.2.4
                                                              Dec 3, 2024 13:57:07.691675901 CET44550186192.168.1.203192.168.2.4
                                                              Dec 3, 2024 13:57:07.691725016 CET50186445192.168.2.4192.168.1.203
                                                              Dec 3, 2024 13:57:07.692063093 CET44550229192.168.1.246192.168.2.4
                                                              Dec 3, 2024 13:57:07.692085028 CET44550230192.168.1.247192.168.2.4
                                                              Dec 3, 2024 13:57:07.692145109 CET50229445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:07.692220926 CET50230445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:07.692235947 CET44550231192.168.1.248192.168.2.4
                                                              Dec 3, 2024 13:57:07.692249060 CET44550184192.168.1.201192.168.2.4
                                                              Dec 3, 2024 13:57:07.692257881 CET44550183192.168.1.200192.168.2.4
                                                              Dec 3, 2024 13:57:07.692276955 CET44550182192.168.1.199192.168.2.4
                                                              Dec 3, 2024 13:57:07.692287922 CET44550181192.168.1.198192.168.2.4
                                                              Dec 3, 2024 13:57:07.692296028 CET44550187192.168.1.204192.168.2.4
                                                              Dec 3, 2024 13:57:07.692297935 CET50184445192.168.2.4192.168.1.201
                                                              Dec 3, 2024 13:57:07.692298889 CET50231445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:07.692327976 CET50183445192.168.2.4192.168.1.200
                                                              Dec 3, 2024 13:57:07.692337990 CET50182445192.168.2.4192.168.1.199
                                                              Dec 3, 2024 13:57:07.692365885 CET50181445192.168.2.4192.168.1.198
                                                              Dec 3, 2024 13:57:07.692378998 CET50187445192.168.2.4192.168.1.204
                                                              Dec 3, 2024 13:57:07.692517042 CET50229445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:07.693120003 CET50230445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:07.693252087 CET50231445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:07.696147919 CET44550185192.168.1.202192.168.2.4
                                                              Dec 3, 2024 13:57:07.696157932 CET44550232192.168.1.249192.168.2.4
                                                              Dec 3, 2024 13:57:07.696199894 CET44550233192.168.1.250192.168.2.4
                                                              Dec 3, 2024 13:57:07.696209908 CET44550234192.168.1.251192.168.2.4
                                                              Dec 3, 2024 13:57:07.696219921 CET44550235192.168.1.252192.168.2.4
                                                              Dec 3, 2024 13:57:07.696233988 CET50185445192.168.2.4192.168.1.202
                                                              Dec 3, 2024 13:57:07.696243048 CET44550236192.168.1.253192.168.2.4
                                                              Dec 3, 2024 13:57:07.696268082 CET44550237192.168.1.254192.168.2.4
                                                              Dec 3, 2024 13:57:07.696281910 CET50232445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:07.696299076 CET50233445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:07.696301937 CET50234445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:07.696335077 CET50236445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:07.696340084 CET50235445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:07.696369886 CET50237445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:07.696451902 CET50232445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:07.696631908 CET50233445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:07.696726084 CET50234445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:07.697026014 CET50235445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:07.697110891 CET50236445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:07.697185993 CET50237445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:07.748162031 CET44550188192.168.1.205192.168.2.4
                                                              Dec 3, 2024 13:57:07.748245955 CET50188445192.168.2.4192.168.1.205
                                                              Dec 3, 2024 13:57:07.760679960 CET44550190192.168.1.207192.168.2.4
                                                              Dec 3, 2024 13:57:07.760746956 CET50190445192.168.2.4192.168.1.207
                                                              Dec 3, 2024 13:57:07.760962009 CET44550189192.168.1.206192.168.2.4
                                                              Dec 3, 2024 13:57:07.761040926 CET50189445192.168.2.4192.168.1.206
                                                              Dec 3, 2024 13:57:07.761202097 CET44550191192.168.1.208192.168.2.4
                                                              Dec 3, 2024 13:57:07.761212111 CET44550192192.168.1.209192.168.2.4
                                                              Dec 3, 2024 13:57:07.761220932 CET44550193192.168.1.210192.168.2.4
                                                              Dec 3, 2024 13:57:07.761270046 CET50192445192.168.2.4192.168.1.209
                                                              Dec 3, 2024 13:57:07.761279106 CET50193445192.168.2.4192.168.1.210
                                                              Dec 3, 2024 13:57:07.761308908 CET50191445192.168.2.4192.168.1.208
                                                              Dec 3, 2024 13:57:07.774390936 CET44550194192.168.1.211192.168.2.4
                                                              Dec 3, 2024 13:57:07.774739027 CET44550195192.168.1.212192.168.2.4
                                                              Dec 3, 2024 13:57:07.774796963 CET50194445192.168.2.4192.168.1.211
                                                              Dec 3, 2024 13:57:07.774816990 CET50195445192.168.2.4192.168.1.212
                                                              Dec 3, 2024 13:57:07.775007963 CET44550196192.168.1.213192.168.2.4
                                                              Dec 3, 2024 13:57:07.775058985 CET50196445192.168.2.4192.168.1.213
                                                              Dec 3, 2024 13:57:07.775155067 CET44550199192.168.1.216192.168.2.4
                                                              Dec 3, 2024 13:57:07.775202036 CET44550198192.168.1.215192.168.2.4
                                                              Dec 3, 2024 13:57:07.775211096 CET44550197192.168.1.214192.168.2.4
                                                              Dec 3, 2024 13:57:07.775342941 CET44550197192.168.1.214192.168.2.4
                                                              Dec 3, 2024 13:57:07.775604963 CET44550198192.168.1.215192.168.2.4
                                                              Dec 3, 2024 13:57:07.775650978 CET50197445192.168.2.4192.168.1.214
                                                              Dec 3, 2024 13:57:07.775660992 CET50198445192.168.2.4192.168.1.215
                                                              Dec 3, 2024 13:57:07.775724888 CET44550199192.168.1.216192.168.2.4
                                                              Dec 3, 2024 13:57:07.777405977 CET50199445192.168.2.4192.168.1.216
                                                              Dec 3, 2024 13:57:07.785823107 CET44550200192.168.1.217192.168.2.4
                                                              Dec 3, 2024 13:57:07.786403894 CET50200445192.168.2.4192.168.1.217
                                                              Dec 3, 2024 13:57:07.787322998 CET44550201192.168.1.218192.168.2.4
                                                              Dec 3, 2024 13:57:07.787379980 CET50201445192.168.2.4192.168.1.218
                                                              Dec 3, 2024 13:57:07.787437916 CET44550202192.168.1.219192.168.2.4
                                                              Dec 3, 2024 13:57:07.787486076 CET50202445192.168.2.4192.168.1.219
                                                              Dec 3, 2024 13:57:07.794373989 CET44550203192.168.1.220192.168.2.4
                                                              Dec 3, 2024 13:57:07.794781923 CET44550204192.168.1.221192.168.2.4
                                                              Dec 3, 2024 13:57:07.794843912 CET50203445192.168.2.4192.168.1.220
                                                              Dec 3, 2024 13:57:07.794859886 CET50204445192.168.2.4192.168.1.221
                                                              Dec 3, 2024 13:57:07.796282053 CET44550205192.168.1.222192.168.2.4
                                                              Dec 3, 2024 13:57:07.796358109 CET50205445192.168.2.4192.168.1.222
                                                              Dec 3, 2024 13:57:07.805856943 CET44550206192.168.1.223192.168.2.4
                                                              Dec 3, 2024 13:57:07.805917025 CET50206445192.168.2.4192.168.1.223
                                                              Dec 3, 2024 13:57:07.806164980 CET44550207192.168.1.224192.168.2.4
                                                              Dec 3, 2024 13:57:07.806216955 CET50207445192.168.2.4192.168.1.224
                                                              Dec 3, 2024 13:57:07.806416035 CET44550208192.168.1.225192.168.2.4
                                                              Dec 3, 2024 13:57:07.806554079 CET50208445192.168.2.4192.168.1.225
                                                              Dec 3, 2024 13:57:07.806710005 CET44550209192.168.1.226192.168.2.4
                                                              Dec 3, 2024 13:57:07.806757927 CET50209445192.168.2.4192.168.1.226
                                                              Dec 3, 2024 13:57:07.806759119 CET44550210192.168.1.227192.168.2.4
                                                              Dec 3, 2024 13:57:07.806813955 CET50210445192.168.2.4192.168.1.227
                                                              Dec 3, 2024 13:57:07.807187080 CET44550212192.168.1.229192.168.2.4
                                                              Dec 3, 2024 13:57:07.807197094 CET44550211192.168.1.228192.168.2.4
                                                              Dec 3, 2024 13:57:07.807208061 CET44550211192.168.1.228192.168.2.4
                                                              Dec 3, 2024 13:57:07.807260990 CET44550212192.168.1.229192.168.2.4
                                                              Dec 3, 2024 13:57:07.807307005 CET50211445192.168.2.4192.168.1.228
                                                              Dec 3, 2024 13:57:07.807329893 CET50212445192.168.2.4192.168.1.229
                                                              Dec 3, 2024 13:57:07.807663918 CET44550213192.168.1.230192.168.2.4
                                                              Dec 3, 2024 13:57:07.807693958 CET44550214192.168.1.231192.168.2.4
                                                              Dec 3, 2024 13:57:07.807724953 CET50213445192.168.2.4192.168.1.230
                                                              Dec 3, 2024 13:57:07.807755947 CET50214445192.168.2.4192.168.1.231
                                                              Dec 3, 2024 13:57:07.808073044 CET44550215192.168.1.232192.168.2.4
                                                              Dec 3, 2024 13:57:07.808118105 CET50215445192.168.2.4192.168.1.232
                                                              Dec 3, 2024 13:57:07.808144093 CET44550216192.168.1.233192.168.2.4
                                                              Dec 3, 2024 13:57:07.808223009 CET50216445192.168.2.4192.168.1.233
                                                              Dec 3, 2024 13:57:07.808615923 CET44550217192.168.1.234192.168.2.4
                                                              Dec 3, 2024 13:57:07.808625937 CET44550218192.168.1.235192.168.2.4
                                                              Dec 3, 2024 13:57:07.808671951 CET50217445192.168.2.4192.168.1.234
                                                              Dec 3, 2024 13:57:07.808685064 CET50218445192.168.2.4192.168.1.235
                                                              Dec 3, 2024 13:57:07.809084892 CET44550219192.168.1.236192.168.2.4
                                                              Dec 3, 2024 13:57:07.809129000 CET44550220192.168.1.237192.168.2.4
                                                              Dec 3, 2024 13:57:07.809130907 CET50219445192.168.2.4192.168.1.236
                                                              Dec 3, 2024 13:57:07.809247017 CET44550221192.168.1.238192.168.2.4
                                                              Dec 3, 2024 13:57:07.809326887 CET44550222192.168.1.239192.168.2.4
                                                              Dec 3, 2024 13:57:07.809329987 CET50220445192.168.2.4192.168.1.237
                                                              Dec 3, 2024 13:57:07.809335947 CET50221445192.168.2.4192.168.1.238
                                                              Dec 3, 2024 13:57:07.809467077 CET50222445192.168.2.4192.168.1.239
                                                              Dec 3, 2024 13:57:07.809670925 CET44550223192.168.1.240192.168.2.4
                                                              Dec 3, 2024 13:57:07.809716940 CET50223445192.168.2.4192.168.1.240
                                                              Dec 3, 2024 13:57:07.810338020 CET44550224192.168.1.241192.168.2.4
                                                              Dec 3, 2024 13:57:07.810386896 CET50224445192.168.2.4192.168.1.241
                                                              Dec 3, 2024 13:57:07.810606956 CET44550225192.168.1.242192.168.2.4
                                                              Dec 3, 2024 13:57:07.810657978 CET50225445192.168.2.4192.168.1.242
                                                              Dec 3, 2024 13:57:07.810992956 CET44550226192.168.1.243192.168.2.4
                                                              Dec 3, 2024 13:57:07.811041117 CET50226445192.168.2.4192.168.1.243
                                                              Dec 3, 2024 13:57:07.811167955 CET44550228192.168.1.245192.168.2.4
                                                              Dec 3, 2024 13:57:07.811186075 CET44550227192.168.1.244192.168.2.4
                                                              Dec 3, 2024 13:57:07.811295986 CET44550227192.168.1.244192.168.2.4
                                                              Dec 3, 2024 13:57:07.811395884 CET50227445192.168.2.4192.168.1.244
                                                              Dec 3, 2024 13:57:07.811482906 CET44550228192.168.1.245192.168.2.4
                                                              Dec 3, 2024 13:57:07.811527967 CET50228445192.168.2.4192.168.1.245
                                                              Dec 3, 2024 13:57:07.812819958 CET44550229192.168.1.246192.168.2.4
                                                              Dec 3, 2024 13:57:07.812865973 CET50229445192.168.2.4192.168.1.246
                                                              Dec 3, 2024 13:57:07.813172102 CET44550230192.168.1.247192.168.2.4
                                                              Dec 3, 2024 13:57:07.813225985 CET50230445192.168.2.4192.168.1.247
                                                              Dec 3, 2024 13:57:07.813313961 CET44550231192.168.1.248192.168.2.4
                                                              Dec 3, 2024 13:57:07.813359976 CET50231445192.168.2.4192.168.1.248
                                                              Dec 3, 2024 13:57:07.817018032 CET44550232192.168.1.249192.168.2.4
                                                              Dec 3, 2024 13:57:07.817121029 CET50232445192.168.2.4192.168.1.249
                                                              Dec 3, 2024 13:57:07.817372084 CET44550233192.168.1.250192.168.2.4
                                                              Dec 3, 2024 13:57:07.817419052 CET50233445192.168.2.4192.168.1.250
                                                              Dec 3, 2024 13:57:07.817682981 CET44550234192.168.1.251192.168.2.4
                                                              Dec 3, 2024 13:57:07.817966938 CET50234445192.168.2.4192.168.1.251
                                                              Dec 3, 2024 13:57:07.818018913 CET44550236192.168.1.253192.168.2.4
                                                              Dec 3, 2024 13:57:07.818062067 CET50236445192.168.2.4192.168.1.253
                                                              Dec 3, 2024 13:57:07.818327904 CET44550235192.168.1.252192.168.2.4
                                                              Dec 3, 2024 13:57:07.818372011 CET50235445192.168.2.4192.168.1.252
                                                              Dec 3, 2024 13:57:07.818454027 CET44550237192.168.1.254192.168.2.4
                                                              Dec 3, 2024 13:57:07.818500996 CET50237445192.168.2.4192.168.1.254
                                                              Dec 3, 2024 13:57:08.022732973 CET50238445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:08.142851114 CET44550238192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:08.142966986 CET50238445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:08.143044949 CET50238445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:08.262959957 CET44550238192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:30.047559023 CET44550238192.168.1.1192.168.2.4
                                                              Dec 3, 2024 13:57:30.050435066 CET50238445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:30.050483942 CET50238445192.168.2.4192.168.1.1
                                                              Dec 3, 2024 13:57:30.245117903 CET50245445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:30.365163088 CET44550245192.168.1.2192.168.2.4
                                                              Dec 3, 2024 13:57:30.365272999 CET50245445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:30.383202076 CET50245445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:30.503190041 CET44550245192.168.1.2192.168.2.4
                                                              Dec 3, 2024 13:57:51.190926075 CET50245445192.168.2.4192.168.1.2
                                                              Dec 3, 2024 13:57:51.784800053 CET50246445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:51.905961037 CET44550246192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:57:51.906115055 CET50246445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:51.906183004 CET50246445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:57:52.026776075 CET44550246192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:58:13.854738951 CET44550246192.168.1.3192.168.2.4
                                                              Dec 3, 2024 13:58:13.854856968 CET50246445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:58:13.854952097 CET50246445192.168.2.4192.168.1.3
                                                              Dec 3, 2024 13:58:14.260318995 CET50279445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:58:14.383296967 CET44550279192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:58:14.383433104 CET50279445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:58:14.383474112 CET50279445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:58:14.503511906 CET44550279192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:58:36.339097977 CET44550279192.168.1.4192.168.2.4
                                                              Dec 3, 2024 13:58:36.339165926 CET50279445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:58:36.339222908 CET50279445192.168.2.4192.168.1.4
                                                              Dec 3, 2024 13:58:37.505820990 CET50333445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:58:37.625827074 CET44550333192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:58:37.625956059 CET50333445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:58:37.626007080 CET50333445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:58:37.746192932 CET44550333192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:58:59.573724985 CET44550333192.168.1.5192.168.2.4
                                                              Dec 3, 2024 13:58:59.573798895 CET50333445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:58:59.573924065 CET50333445192.168.2.4192.168.1.5
                                                              Dec 3, 2024 13:58:59.769057989 CET50383445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:58:59.893445015 CET44550383192.168.1.6192.168.2.4
                                                              Dec 3, 2024 13:58:59.893520117 CET50383445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:58:59.893593073 CET50383445192.168.2.4192.168.1.6
                                                              Dec 3, 2024 13:59:00.013675928 CET44550383192.168.1.6192.168.2.4

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:07:57:04
                                                              Start date:03/12/2024
                                                              Path:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\uOsIQqfgiT.exe"
                                                              Imagebase:0x7ff601980000
                                                              File size:6'746'220 bytes
                                                              MD5 hash:A12133B2AADD267558975A8952DAAC3E
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:1
                                                              Start time:07:57:05
                                                              Start date:03/12/2024
                                                              Path:C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\uOsIQqfgiT.exe"
                                                              Imagebase:0x7ff601980000
                                                              File size:6'746'220 bytes
                                                              MD5 hash:A12133B2AADD267558975A8952DAAC3E
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:2
                                                              Start time:07:57:07
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\cmd.exe /c "net view \\192.168.1.1"
                                                              Imagebase:0x7ff7ecd80000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:07:57:07
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:07:57:07
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\net.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:net view \\192.168.1.1
                                                              Imagebase:0x7ff6ba170000
                                                              File size:59'904 bytes
                                                              MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:8
                                                              Start time:07:57:29
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\cmd.exe /c "net view \\192.168.1.2"
                                                              Imagebase:0x7ff7ecd80000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:9
                                                              Start time:07:57:29
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:10
                                                              Start time:07:57:29
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\net.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:net view \\192.168.1.2
                                                              Imagebase:0x7ff6ba170000
                                                              File size:59'904 bytes
                                                              MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:11
                                                              Start time:07:57:50
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\cmd.exe /c "net view \\192.168.1.3"
                                                              Imagebase:0x7ff7ecd80000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:12
                                                              Start time:07:57:50
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:13
                                                              Start time:07:57:51
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\net.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:net view \\192.168.1.3
                                                              Imagebase:0x7ff6ba170000
                                                              File size:59'904 bytes
                                                              MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:14
                                                              Start time:07:58:13
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\cmd.exe /c "net view \\192.168.1.4"
                                                              Imagebase:0x7ff7ecd80000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:15
                                                              Start time:07:58:13
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:16
                                                              Start time:07:58:13
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\net.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:net view \\192.168.1.4
                                                              Imagebase:0x7ff6ba170000
                                                              File size:59'904 bytes
                                                              MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:18
                                                              Start time:07:58:36
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\cmd.exe /c "net view \\192.168.1.5"
                                                              Imagebase:0x7ff7ecd80000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:19
                                                              Start time:07:58:36
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:20
                                                              Start time:07:58:36
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\net.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:net view \\192.168.1.5
                                                              Imagebase:0x7ff6ba170000
                                                              File size:59'904 bytes
                                                              MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:21
                                                              Start time:07:58:59
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\cmd.exe /c "net view \\192.168.1.6"
                                                              Imagebase:0x7ff7ecd80000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:22
                                                              Start time:07:58:59
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:23
                                                              Start time:07:58:59
                                                              Start date:03/12/2024
                                                              Path:C:\Windows\System32\net.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:net view \\192.168.1.6
                                                              Imagebase:0x7ff6ba170000
                                                              File size:59'904 bytes
                                                              MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:7.6%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:19.1%
                                                                Total number of Nodes:2000
                                                                Total number of Limit Nodes:30
                                                                execution_graph 18671 7ff60199a2e0 18672 7ff60199a2e5 18671->18672 18676 7ff60199a2fa 18671->18676 18677 7ff60199a300 18672->18677 18678 7ff60199a34a 18677->18678 18679 7ff60199a342 18677->18679 18680 7ff601999c58 __free_lconv_num 11 API calls 18678->18680 18681 7ff601999c58 __free_lconv_num 11 API calls 18679->18681 18682 7ff60199a357 18680->18682 18681->18678 18683 7ff601999c58 __free_lconv_num 11 API calls 18682->18683 18684 7ff60199a364 18683->18684 18685 7ff601999c58 __free_lconv_num 11 API calls 18684->18685 18686 7ff60199a371 18685->18686 18687 7ff601999c58 __free_lconv_num 11 API calls 18686->18687 18688 7ff60199a37e 18687->18688 18689 7ff601999c58 __free_lconv_num 11 API calls 18688->18689 18690 7ff60199a38b 18689->18690 18691 7ff601999c58 __free_lconv_num 11 API calls 18690->18691 18692 7ff60199a398 18691->18692 18693 7ff601999c58 __free_lconv_num 11 API calls 18692->18693 18694 7ff60199a3a5 18693->18694 18695 7ff601999c58 __free_lconv_num 11 API calls 18694->18695 18696 7ff60199a3b5 18695->18696 18697 7ff601999c58 __free_lconv_num 11 API calls 18696->18697 18698 7ff60199a3c5 18697->18698 18703 7ff60199a1a4 18698->18703 18717 7ff60199f5e8 EnterCriticalSection 18703->18717 19607 7ff601999060 19610 7ff601998fe4 19607->19610 19617 7ff60199f5e8 EnterCriticalSection 19610->19617 18719 7ff60199fbd8 18720 7ff60199fbfc 18719->18720 18723 7ff60199fc0c 18719->18723 18721 7ff6019943f4 _get_daylight 11 API calls 18720->18721 18722 7ff60199fc01 18721->18722 18724 7ff60199feec 18723->18724 18725 7ff60199fc2e 18723->18725 18726 7ff6019943f4 _get_daylight 11 API calls 18724->18726 18727 7ff60199fc4f 18725->18727 18850 7ff6019a0294 18725->18850 18728 7ff60199fef1 18726->18728 18731 7ff60199fcc1 18727->18731 18733 7ff60199fc75 18727->18733 18738 7ff60199fcb5 18727->18738 18730 7ff601999c58 __free_lconv_num 11 API calls 18728->18730 18730->18722 18735 7ff60199dea8 _get_daylight 11 API calls 18731->18735 18750 7ff60199fc84 18731->18750 18732 7ff60199fd6e 18741 7ff60199fd8b 18732->18741 18748 7ff60199fddd 18732->18748 18865 7ff6019989d8 18733->18865 18739 7ff60199fcd7 18735->18739 18737 7ff601999c58 __free_lconv_num 11 API calls 18737->18722 18738->18732 18738->18750 18871 7ff6019a643c 18738->18871 18742 7ff601999c58 __free_lconv_num 11 API calls 18739->18742 18745 7ff601999c58 __free_lconv_num 11 API calls 18741->18745 18746 7ff60199fce5 18742->18746 18743 7ff60199fc7f 18747 7ff6019943f4 _get_daylight 11 API calls 18743->18747 18744 7ff60199fc9d 18744->18738 18749 7ff6019a0294 45 API calls 18744->18749 18754 7ff60199fd94 18745->18754 18746->18738 18746->18750 18752 7ff60199dea8 _get_daylight 11 API calls 18746->18752 18747->18750 18748->18750 18751 7ff6019a26ec 40 API calls 18748->18751 18749->18738 18750->18737 18753 7ff60199fe1a 18751->18753 18755 7ff60199fd07 18752->18755 18756 7ff601999c58 __free_lconv_num 11 API calls 18753->18756 18763 7ff60199fd99 18754->18763 18907 7ff6019a26ec 18754->18907 18758 7ff601999c58 __free_lconv_num 11 API calls 18755->18758 18759 7ff60199fe24 18756->18759 18758->18738 18759->18750 18759->18763 18760 7ff60199fee0 18762 7ff601999c58 __free_lconv_num 11 API calls 18760->18762 18761 7ff60199fdc5 18764 7ff601999c58 __free_lconv_num 11 API calls 18761->18764 18762->18722 18763->18760 18763->18763 18765 7ff60199dea8 _get_daylight 11 API calls 18763->18765 18764->18763 18766 7ff60199fe68 18765->18766 18767 7ff60199fe70 18766->18767 18768 7ff60199fe79 18766->18768 18769 7ff601999c58 __free_lconv_num 11 API calls 18767->18769 18770 7ff6019997b4 __std_exception_copy 37 API calls 18768->18770 18771 7ff60199fe77 18769->18771 18772 7ff60199fe88 18770->18772 18777 7ff601999c58 __free_lconv_num 11 API calls 18771->18777 18773 7ff60199fe90 18772->18773 18774 7ff60199ff1b 18772->18774 18916 7ff6019a6554 18773->18916 18776 7ff601999c10 _isindst 17 API calls 18774->18776 18779 7ff60199ff2f 18776->18779 18777->18722 18782 7ff60199ff58 18779->18782 18787 7ff60199ff68 18779->18787 18780 7ff60199feb7 18784 7ff6019943f4 _get_daylight 11 API calls 18780->18784 18781 7ff60199fed8 18783 7ff601999c58 __free_lconv_num 11 API calls 18781->18783 18785 7ff6019943f4 _get_daylight 11 API calls 18782->18785 18783->18760 18786 7ff60199febc 18784->18786 18809 7ff60199ff5d 18785->18809 18789 7ff601999c58 __free_lconv_num 11 API calls 18786->18789 18788 7ff6019a024b 18787->18788 18790 7ff60199ff8a 18787->18790 18791 7ff6019943f4 _get_daylight 11 API calls 18788->18791 18789->18771 18792 7ff60199ffa7 18790->18792 18935 7ff6019a037c 18790->18935 18793 7ff6019a0250 18791->18793 18796 7ff6019a001b 18792->18796 18798 7ff60199ffcf 18792->18798 18804 7ff6019a000f 18792->18804 18795 7ff601999c58 __free_lconv_num 11 API calls 18793->18795 18795->18809 18800 7ff6019a0043 18796->18800 18805 7ff60199dea8 _get_daylight 11 API calls 18796->18805 18817 7ff60199ffde 18796->18817 18797 7ff6019a00ce 18807 7ff6019a00eb 18797->18807 18818 7ff6019a013e 18797->18818 18950 7ff601998a14 18798->18950 18802 7ff60199dea8 _get_daylight 11 API calls 18800->18802 18800->18804 18800->18817 18808 7ff6019a0065 18802->18808 18803 7ff601999c58 __free_lconv_num 11 API calls 18803->18809 18804->18797 18804->18817 18956 7ff6019a62fc 18804->18956 18810 7ff6019a0035 18805->18810 18814 7ff601999c58 __free_lconv_num 11 API calls 18807->18814 18815 7ff601999c58 __free_lconv_num 11 API calls 18808->18815 18816 7ff601999c58 __free_lconv_num 11 API calls 18810->18816 18811 7ff60199fff7 18811->18804 18820 7ff6019a037c 45 API calls 18811->18820 18812 7ff60199ffd9 18813 7ff6019943f4 _get_daylight 11 API calls 18812->18813 18813->18817 18819 7ff6019a00f4 18814->18819 18815->18804 18816->18800 18817->18803 18818->18817 18821 7ff6019a26ec 40 API calls 18818->18821 18824 7ff6019a26ec 40 API calls 18819->18824 18827 7ff6019a00fa 18819->18827 18820->18804 18822 7ff6019a017c 18821->18822 18823 7ff601999c58 __free_lconv_num 11 API calls 18822->18823 18825 7ff6019a0186 18823->18825 18828 7ff6019a0126 18824->18828 18825->18817 18825->18827 18826 7ff6019a023f 18829 7ff601999c58 __free_lconv_num 11 API calls 18826->18829 18827->18826 18831 7ff60199dea8 _get_daylight 11 API calls 18827->18831 18830 7ff601999c58 __free_lconv_num 11 API calls 18828->18830 18829->18809 18830->18827 18832 7ff6019a01cb 18831->18832 18833 7ff6019a01d3 18832->18833 18834 7ff6019a01dc 18832->18834 18835 7ff601999c58 __free_lconv_num 11 API calls 18833->18835 18836 7ff60199f784 37 API calls 18834->18836 18837 7ff6019a01da 18835->18837 18838 7ff6019a01ea 18836->18838 18844 7ff601999c58 __free_lconv_num 11 API calls 18837->18844 18839 7ff6019a027f 18838->18839 18840 7ff6019a01f2 SetEnvironmentVariableW 18838->18840 18843 7ff601999c10 _isindst 17 API calls 18839->18843 18841 7ff6019a0237 18840->18841 18842 7ff6019a0216 18840->18842 18845 7ff601999c58 __free_lconv_num 11 API calls 18841->18845 18846 7ff6019943f4 _get_daylight 11 API calls 18842->18846 18847 7ff6019a0293 18843->18847 18844->18809 18845->18826 18848 7ff6019a021b 18846->18848 18849 7ff601999c58 __free_lconv_num 11 API calls 18848->18849 18849->18837 18851 7ff6019a02c9 18850->18851 18857 7ff6019a02b1 18850->18857 18852 7ff60199dea8 _get_daylight 11 API calls 18851->18852 18860 7ff6019a02ed 18852->18860 18853 7ff601999814 __CxxCallCatchBlock 45 API calls 18855 7ff6019a0378 18853->18855 18854 7ff6019a034e 18856 7ff601999c58 __free_lconv_num 11 API calls 18854->18856 18856->18857 18857->18727 18858 7ff60199dea8 _get_daylight 11 API calls 18858->18860 18859 7ff601999c58 __free_lconv_num 11 API calls 18859->18860 18860->18854 18860->18858 18860->18859 18861 7ff6019997b4 __std_exception_copy 37 API calls 18860->18861 18862 7ff6019a035d 18860->18862 18864 7ff6019a0372 18860->18864 18861->18860 18863 7ff601999c10 _isindst 17 API calls 18862->18863 18863->18864 18864->18853 18866 7ff6019989e8 18865->18866 18870 7ff6019989f1 18865->18870 18866->18870 18980 7ff6019984b0 18866->18980 18870->18743 18870->18744 18872 7ff6019a5564 18871->18872 18873 7ff6019a6449 18871->18873 18874 7ff6019a5571 18872->18874 18881 7ff6019a55a7 18872->18881 18875 7ff601994178 45 API calls 18873->18875 18876 7ff6019943f4 _get_daylight 11 API calls 18874->18876 18894 7ff6019a5518 18874->18894 18878 7ff6019a647d 18875->18878 18879 7ff6019a557b 18876->18879 18877 7ff6019a55d1 18880 7ff6019943f4 _get_daylight 11 API calls 18877->18880 18882 7ff6019a6493 18878->18882 18886 7ff6019a64aa 18878->18886 18904 7ff6019a6482 18878->18904 18883 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 18879->18883 18884 7ff6019a55d6 18880->18884 18881->18877 18885 7ff6019a55f6 18881->18885 18887 7ff6019943f4 _get_daylight 11 API calls 18882->18887 18888 7ff6019a5586 18883->18888 18889 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 18884->18889 18890 7ff601994178 45 API calls 18885->18890 18895 7ff6019a55e1 18885->18895 18892 7ff6019a64b4 18886->18892 18893 7ff6019a64c6 18886->18893 18891 7ff6019a6498 18887->18891 18888->18738 18889->18895 18890->18895 18896 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 18891->18896 18897 7ff6019943f4 _get_daylight 11 API calls 18892->18897 18898 7ff6019a64ee 18893->18898 18899 7ff6019a64d7 18893->18899 18894->18738 18895->18738 18896->18904 18902 7ff6019a64b9 18897->18902 19212 7ff6019a825c 18898->19212 19203 7ff6019a55b4 18899->19203 18903 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 18902->18903 18903->18904 18904->18738 18906 7ff6019943f4 _get_daylight 11 API calls 18906->18904 18908 7ff6019a270e 18907->18908 18909 7ff6019a272b 18907->18909 18908->18909 18910 7ff6019a271c 18908->18910 18911 7ff6019a2735 18909->18911 19252 7ff6019a6f48 18909->19252 18912 7ff6019943f4 _get_daylight 11 API calls 18910->18912 19259 7ff6019a6f84 18911->19259 18915 7ff6019a2721 __scrt_get_show_window_mode 18912->18915 18915->18761 18917 7ff601994178 45 API calls 18916->18917 18918 7ff6019a65ba 18917->18918 18919 7ff6019a65c8 18918->18919 19271 7ff60199e234 18918->19271 19274 7ff6019947bc 18919->19274 18923 7ff6019a66b4 18926 7ff601999c58 __free_lconv_num 11 API calls 18923->18926 18928 7ff6019a66c5 18923->18928 18924 7ff601994178 45 API calls 18925 7ff6019a6637 18924->18925 18929 7ff60199e234 5 API calls 18925->18929 18931 7ff6019a6640 18925->18931 18926->18928 18927 7ff60199feb3 18927->18780 18927->18781 18928->18927 18930 7ff601999c58 __free_lconv_num 11 API calls 18928->18930 18929->18931 18930->18927 18932 7ff6019947bc 14 API calls 18931->18932 18933 7ff6019a669b 18932->18933 18933->18923 18934 7ff6019a66a3 SetEnvironmentVariableW 18933->18934 18934->18923 18936 7ff6019a039f 18935->18936 18937 7ff6019a03bc 18935->18937 18936->18792 18938 7ff60199dea8 _get_daylight 11 API calls 18937->18938 18945 7ff6019a03e0 18938->18945 18939 7ff6019a0464 18940 7ff601999814 __CxxCallCatchBlock 45 API calls 18939->18940 18942 7ff6019a046a 18940->18942 18941 7ff6019a0441 18943 7ff601999c58 __free_lconv_num 11 API calls 18941->18943 18943->18936 18944 7ff60199dea8 _get_daylight 11 API calls 18944->18945 18945->18939 18945->18941 18945->18944 18946 7ff601999c58 __free_lconv_num 11 API calls 18945->18946 18947 7ff60199f784 37 API calls 18945->18947 18948 7ff6019a0450 18945->18948 18946->18945 18947->18945 18949 7ff601999c10 _isindst 17 API calls 18948->18949 18949->18939 18951 7ff601998a24 18950->18951 18952 7ff601998a2d 18950->18952 18951->18952 19296 7ff601998524 18951->19296 18952->18811 18952->18812 18957 7ff6019a6309 18956->18957 18960 7ff6019a6336 18956->18960 18958 7ff6019a630e 18957->18958 18957->18960 18959 7ff6019943f4 _get_daylight 11 API calls 18958->18959 18962 7ff6019a6313 18959->18962 18961 7ff6019a637a 18960->18961 18964 7ff6019a6399 18960->18964 18978 7ff6019a636e __crtLCMapStringW 18960->18978 18963 7ff6019943f4 _get_daylight 11 API calls 18961->18963 18965 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 18962->18965 18966 7ff6019a637f 18963->18966 18967 7ff6019a63a3 18964->18967 18968 7ff6019a63b5 18964->18968 18969 7ff6019a631e 18965->18969 18971 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 18966->18971 18972 7ff6019943f4 _get_daylight 11 API calls 18967->18972 18970 7ff601994178 45 API calls 18968->18970 18969->18804 18974 7ff6019a63c2 18970->18974 18971->18978 18973 7ff6019a63a8 18972->18973 18975 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 18973->18975 18974->18978 19343 7ff6019a7e18 18974->19343 18975->18978 18978->18804 18979 7ff6019943f4 _get_daylight 11 API calls 18979->18978 18981 7ff6019984c5 18980->18981 18982 7ff6019984c9 18980->18982 18981->18870 18995 7ff601998804 18981->18995 19003 7ff6019a1900 18982->19003 18987 7ff6019984e7 19029 7ff601998594 18987->19029 18988 7ff6019984db 18989 7ff601999c58 __free_lconv_num 11 API calls 18988->18989 18989->18981 18992 7ff601999c58 __free_lconv_num 11 API calls 18993 7ff60199850e 18992->18993 18994 7ff601999c58 __free_lconv_num 11 API calls 18993->18994 18994->18981 18996 7ff60199882d 18995->18996 19001 7ff601998846 18995->19001 18996->18870 18997 7ff60199faf8 WideCharToMultiByte 18997->19001 18998 7ff60199dea8 _get_daylight 11 API calls 18998->19001 18999 7ff6019988d6 19000 7ff601999c58 __free_lconv_num 11 API calls 18999->19000 19000->18996 19001->18996 19001->18997 19001->18998 19001->18999 19002 7ff601999c58 __free_lconv_num 11 API calls 19001->19002 19002->19001 19004 7ff6019984ce 19003->19004 19005 7ff6019a190d 19003->19005 19009 7ff6019a1c3c GetEnvironmentStringsW 19004->19009 19048 7ff60199a534 19005->19048 19010 7ff6019984d3 19009->19010 19011 7ff6019a1c6c 19009->19011 19010->18987 19010->18988 19012 7ff60199faf8 WideCharToMultiByte 19011->19012 19013 7ff6019a1cbd 19012->19013 19014 7ff6019a1cc4 FreeEnvironmentStringsW 19013->19014 19015 7ff60199c90c _fread_nolock 12 API calls 19013->19015 19014->19010 19016 7ff6019a1cd7 19015->19016 19017 7ff6019a1cdf 19016->19017 19018 7ff6019a1ce8 19016->19018 19020 7ff601999c58 __free_lconv_num 11 API calls 19017->19020 19019 7ff60199faf8 WideCharToMultiByte 19018->19019 19021 7ff6019a1d0b 19019->19021 19022 7ff6019a1ce6 19020->19022 19023 7ff6019a1d0f 19021->19023 19024 7ff6019a1d19 19021->19024 19022->19014 19025 7ff601999c58 __free_lconv_num 11 API calls 19023->19025 19026 7ff601999c58 __free_lconv_num 11 API calls 19024->19026 19027 7ff6019a1d17 FreeEnvironmentStringsW 19025->19027 19026->19027 19027->19010 19030 7ff6019985b9 19029->19030 19031 7ff60199dea8 _get_daylight 11 API calls 19030->19031 19044 7ff6019985ef 19031->19044 19032 7ff6019985f7 19033 7ff601999c58 __free_lconv_num 11 API calls 19032->19033 19034 7ff6019984ef 19033->19034 19034->18992 19035 7ff60199866a 19036 7ff601999c58 __free_lconv_num 11 API calls 19035->19036 19036->19034 19037 7ff60199dea8 _get_daylight 11 API calls 19037->19044 19038 7ff601998659 19197 7ff6019987c0 19038->19197 19040 7ff6019997b4 __std_exception_copy 37 API calls 19040->19044 19042 7ff601999c58 __free_lconv_num 11 API calls 19042->19032 19043 7ff60199868f 19045 7ff601999c10 _isindst 17 API calls 19043->19045 19044->19032 19044->19035 19044->19037 19044->19038 19044->19040 19044->19043 19046 7ff601999c58 __free_lconv_num 11 API calls 19044->19046 19047 7ff6019986a2 19045->19047 19046->19044 19049 7ff60199a560 FlsSetValue 19048->19049 19050 7ff60199a545 FlsGetValue 19048->19050 19051 7ff60199a552 19049->19051 19053 7ff60199a56d 19049->19053 19050->19051 19052 7ff60199a55a 19050->19052 19054 7ff601999814 __CxxCallCatchBlock 45 API calls 19051->19054 19056 7ff60199a558 19051->19056 19052->19049 19055 7ff60199dea8 _get_daylight 11 API calls 19053->19055 19057 7ff60199a5d5 19054->19057 19058 7ff60199a57c 19055->19058 19068 7ff6019a15d4 19056->19068 19059 7ff60199a59a FlsSetValue 19058->19059 19060 7ff60199a58a FlsSetValue 19058->19060 19062 7ff60199a5a6 FlsSetValue 19059->19062 19063 7ff60199a5b8 19059->19063 19061 7ff60199a593 19060->19061 19064 7ff601999c58 __free_lconv_num 11 API calls 19061->19064 19062->19061 19065 7ff60199a204 _get_daylight 11 API calls 19063->19065 19064->19051 19066 7ff60199a5c0 19065->19066 19067 7ff601999c58 __free_lconv_num 11 API calls 19066->19067 19067->19056 19091 7ff6019a1844 19068->19091 19070 7ff6019a1609 19106 7ff6019a12d4 19070->19106 19073 7ff60199c90c _fread_nolock 12 API calls 19074 7ff6019a1637 19073->19074 19075 7ff6019a163f 19074->19075 19077 7ff6019a164e 19074->19077 19076 7ff601999c58 __free_lconv_num 11 API calls 19075->19076 19089 7ff6019a1626 19076->19089 19077->19077 19113 7ff6019a197c 19077->19113 19080 7ff6019a174a 19081 7ff6019943f4 _get_daylight 11 API calls 19080->19081 19082 7ff6019a174f 19081->19082 19084 7ff601999c58 __free_lconv_num 11 API calls 19082->19084 19083 7ff6019a17a5 19090 7ff6019a180c 19083->19090 19124 7ff6019a1104 19083->19124 19084->19089 19085 7ff6019a1764 19085->19083 19087 7ff601999c58 __free_lconv_num 11 API calls 19085->19087 19086 7ff601999c58 __free_lconv_num 11 API calls 19086->19089 19087->19083 19089->19004 19090->19086 19092 7ff6019a1867 19091->19092 19093 7ff6019a1871 19092->19093 19139 7ff60199f5e8 EnterCriticalSection 19092->19139 19095 7ff6019a18e3 19093->19095 19098 7ff601999814 __CxxCallCatchBlock 45 API calls 19093->19098 19095->19070 19100 7ff6019a18fb 19098->19100 19101 7ff6019a1952 19100->19101 19103 7ff60199a534 50 API calls 19100->19103 19101->19070 19104 7ff6019a193c 19103->19104 19105 7ff6019a15d4 65 API calls 19104->19105 19105->19101 19107 7ff601994178 45 API calls 19106->19107 19108 7ff6019a12e8 19107->19108 19109 7ff6019a12f4 GetOEMCP 19108->19109 19110 7ff6019a1306 19108->19110 19111 7ff6019a131b 19109->19111 19110->19111 19112 7ff6019a130b GetACP 19110->19112 19111->19073 19111->19089 19112->19111 19114 7ff6019a12d4 47 API calls 19113->19114 19115 7ff6019a19a9 19114->19115 19117 7ff6019a19e6 IsValidCodePage 19115->19117 19121 7ff6019a1aff 19115->19121 19123 7ff6019a1a00 __scrt_get_show_window_mode 19115->19123 19116 7ff60198b870 _log10_special 8 API calls 19118 7ff6019a1741 19116->19118 19119 7ff6019a19f7 19117->19119 19117->19121 19118->19080 19118->19085 19120 7ff6019a1a26 GetCPInfo 19119->19120 19119->19123 19120->19121 19120->19123 19121->19116 19140 7ff6019a13ec 19123->19140 19196 7ff60199f5e8 EnterCriticalSection 19124->19196 19141 7ff6019a1429 GetCPInfo 19140->19141 19142 7ff6019a151f 19140->19142 19141->19142 19143 7ff6019a143c 19141->19143 19144 7ff60198b870 _log10_special 8 API calls 19142->19144 19145 7ff6019a2150 48 API calls 19143->19145 19146 7ff6019a15be 19144->19146 19147 7ff6019a14b3 19145->19147 19146->19121 19151 7ff6019a6e94 19147->19151 19150 7ff6019a6e94 54 API calls 19150->19142 19152 7ff601994178 45 API calls 19151->19152 19153 7ff6019a6eb9 19152->19153 19156 7ff6019a6b60 19153->19156 19157 7ff6019a6ba1 19156->19157 19158 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19157->19158 19162 7ff6019a6beb 19158->19162 19159 7ff6019a6e69 19161 7ff60198b870 _log10_special 8 API calls 19159->19161 19160 7ff6019a6d21 19160->19159 19165 7ff601999c58 __free_lconv_num 11 API calls 19160->19165 19163 7ff6019a14e6 19161->19163 19162->19159 19162->19160 19164 7ff60199c90c _fread_nolock 12 API calls 19162->19164 19166 7ff6019a6c23 19162->19166 19163->19150 19164->19166 19165->19159 19166->19160 19167 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19166->19167 19168 7ff6019a6c96 19167->19168 19168->19160 19187 7ff60199e3f4 19168->19187 19171 7ff6019a6ce1 19171->19160 19175 7ff60199e3f4 __crtLCMapStringW 6 API calls 19171->19175 19172 7ff6019a6d32 19173 7ff6019a6d50 19172->19173 19174 7ff60199c90c _fread_nolock 12 API calls 19172->19174 19176 7ff6019a6e04 19172->19176 19173->19160 19178 7ff60199e3f4 __crtLCMapStringW 6 API calls 19173->19178 19174->19173 19175->19160 19176->19160 19177 7ff601999c58 __free_lconv_num 11 API calls 19176->19177 19177->19160 19179 7ff6019a6dd0 19178->19179 19179->19176 19180 7ff6019a6df0 19179->19180 19181 7ff6019a6e06 19179->19181 19183 7ff60199faf8 WideCharToMultiByte 19180->19183 19182 7ff60199faf8 WideCharToMultiByte 19181->19182 19184 7ff6019a6dfe 19182->19184 19183->19184 19184->19176 19185 7ff6019a6e1e 19184->19185 19185->19160 19186 7ff601999c58 __free_lconv_num 11 API calls 19185->19186 19186->19160 19188 7ff60199e020 __crtLCMapStringW 5 API calls 19187->19188 19189 7ff60199e432 19188->19189 19191 7ff60199e43a 19189->19191 19193 7ff60199e4e0 19189->19193 19191->19160 19191->19171 19191->19172 19192 7ff60199e4a3 LCMapStringW 19192->19191 19194 7ff60199e020 __crtLCMapStringW 5 API calls 19193->19194 19195 7ff60199e50e __crtLCMapStringW 19194->19195 19195->19192 19198 7ff6019987c5 19197->19198 19202 7ff601998661 19197->19202 19199 7ff6019987ee 19198->19199 19200 7ff601999c58 __free_lconv_num 11 API calls 19198->19200 19201 7ff601999c58 __free_lconv_num 11 API calls 19199->19201 19200->19198 19201->19202 19202->19042 19204 7ff6019a55d1 19203->19204 19205 7ff6019a55e8 19203->19205 19206 7ff6019943f4 _get_daylight 11 API calls 19204->19206 19205->19204 19208 7ff6019a55f6 19205->19208 19207 7ff6019a55d6 19206->19207 19209 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 19207->19209 19210 7ff601994178 45 API calls 19208->19210 19211 7ff6019a55e1 19208->19211 19209->19211 19210->19211 19211->18904 19213 7ff601994178 45 API calls 19212->19213 19214 7ff6019a8281 19213->19214 19217 7ff6019a7ed8 19214->19217 19220 7ff6019a7f26 19217->19220 19218 7ff60198b870 _log10_special 8 API calls 19219 7ff6019a6515 19218->19219 19219->18904 19219->18906 19221 7ff6019a7fad 19220->19221 19223 7ff6019a7f98 GetCPInfo 19220->19223 19226 7ff6019a7fb1 19220->19226 19222 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19221->19222 19221->19226 19224 7ff6019a8045 19222->19224 19223->19221 19223->19226 19225 7ff60199c90c _fread_nolock 12 API calls 19224->19225 19224->19226 19227 7ff6019a807c 19224->19227 19225->19227 19226->19218 19227->19226 19228 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19227->19228 19229 7ff6019a80ea 19228->19229 19230 7ff6019a81cc 19229->19230 19231 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19229->19231 19230->19226 19232 7ff601999c58 __free_lconv_num 11 API calls 19230->19232 19233 7ff6019a8110 19231->19233 19232->19226 19233->19230 19234 7ff60199c90c _fread_nolock 12 API calls 19233->19234 19235 7ff6019a813d 19233->19235 19234->19235 19235->19230 19236 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19235->19236 19237 7ff6019a81b4 19236->19237 19238 7ff6019a81d4 19237->19238 19239 7ff6019a81ba 19237->19239 19246 7ff60199e278 19238->19246 19239->19230 19242 7ff601999c58 __free_lconv_num 11 API calls 19239->19242 19242->19230 19243 7ff601999c58 __free_lconv_num 11 API calls 19244 7ff6019a8213 19243->19244 19244->19226 19245 7ff601999c58 __free_lconv_num 11 API calls 19244->19245 19245->19226 19247 7ff60199e020 __crtLCMapStringW 5 API calls 19246->19247 19248 7ff60199e2b6 19247->19248 19249 7ff60199e2be 19248->19249 19250 7ff60199e4e0 __crtLCMapStringW 5 API calls 19248->19250 19249->19243 19249->19244 19251 7ff60199e327 CompareStringW 19250->19251 19251->19249 19253 7ff6019a6f51 19252->19253 19254 7ff6019a6f6a HeapSize 19252->19254 19255 7ff6019943f4 _get_daylight 11 API calls 19253->19255 19256 7ff6019a6f56 19255->19256 19257 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 19256->19257 19258 7ff6019a6f61 19257->19258 19258->18911 19260 7ff6019a6fa3 19259->19260 19261 7ff6019a6f99 19259->19261 19263 7ff6019a6fa8 19260->19263 19269 7ff6019a6faf _get_daylight 19260->19269 19262 7ff60199c90c _fread_nolock 12 API calls 19261->19262 19267 7ff6019a6fa1 19262->19267 19264 7ff601999c58 __free_lconv_num 11 API calls 19263->19264 19264->19267 19265 7ff6019a6fe2 HeapReAlloc 19265->19267 19265->19269 19266 7ff6019a6fb5 19268 7ff6019943f4 _get_daylight 11 API calls 19266->19268 19267->18915 19268->19267 19269->19265 19269->19266 19270 7ff6019a28a0 _get_daylight 2 API calls 19269->19270 19270->19269 19272 7ff60199e020 __crtLCMapStringW 5 API calls 19271->19272 19273 7ff60199e254 19272->19273 19273->18919 19275 7ff60199480a 19274->19275 19276 7ff6019947e6 19274->19276 19277 7ff60199480f 19275->19277 19278 7ff601994864 19275->19278 19280 7ff601999c58 __free_lconv_num 11 API calls 19276->19280 19283 7ff6019947f5 19276->19283 19281 7ff601994824 19277->19281 19277->19283 19284 7ff601999c58 __free_lconv_num 11 API calls 19277->19284 19279 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19278->19279 19291 7ff601994880 19279->19291 19280->19283 19285 7ff60199c90c _fread_nolock 12 API calls 19281->19285 19282 7ff601994887 GetLastError 19286 7ff601994368 _fread_nolock 11 API calls 19282->19286 19283->18923 19283->18924 19284->19281 19285->19283 19289 7ff601994894 19286->19289 19287 7ff6019948c2 19287->19283 19288 7ff60199ebb0 _fread_nolock MultiByteToWideChar 19287->19288 19293 7ff601994906 19288->19293 19294 7ff6019943f4 _get_daylight 11 API calls 19289->19294 19290 7ff6019948b5 19292 7ff60199c90c _fread_nolock 12 API calls 19290->19292 19291->19282 19291->19287 19291->19290 19295 7ff601999c58 __free_lconv_num 11 API calls 19291->19295 19292->19287 19293->19282 19293->19283 19294->19283 19295->19290 19297 7ff60199853d 19296->19297 19298 7ff601998539 19296->19298 19317 7ff6019a1d4c GetEnvironmentStringsW 19297->19317 19298->18952 19309 7ff6019988e4 19298->19309 19301 7ff601998556 19324 7ff6019986a4 19301->19324 19302 7ff60199854a 19303 7ff601999c58 __free_lconv_num 11 API calls 19302->19303 19303->19298 19306 7ff601999c58 __free_lconv_num 11 API calls 19307 7ff60199857d 19306->19307 19308 7ff601999c58 __free_lconv_num 11 API calls 19307->19308 19308->19298 19310 7ff601998907 19309->19310 19315 7ff60199891e 19309->19315 19310->18952 19311 7ff60199ebb0 MultiByteToWideChar _fread_nolock 19311->19315 19312 7ff60199dea8 _get_daylight 11 API calls 19312->19315 19313 7ff601998992 19314 7ff601999c58 __free_lconv_num 11 API calls 19313->19314 19314->19310 19315->19310 19315->19311 19315->19312 19315->19313 19316 7ff601999c58 __free_lconv_num 11 API calls 19315->19316 19316->19315 19318 7ff6019a1d70 19317->19318 19319 7ff601998542 19317->19319 19320 7ff60199c90c _fread_nolock 12 API calls 19318->19320 19319->19301 19319->19302 19321 7ff6019a1da7 memcpy_s 19320->19321 19322 7ff601999c58 __free_lconv_num 11 API calls 19321->19322 19323 7ff6019a1dc7 FreeEnvironmentStringsW 19322->19323 19323->19319 19325 7ff6019986cc 19324->19325 19326 7ff60199dea8 _get_daylight 11 API calls 19325->19326 19337 7ff601998707 19326->19337 19327 7ff60199870f 19328 7ff601999c58 __free_lconv_num 11 API calls 19327->19328 19329 7ff60199855e 19328->19329 19329->19306 19330 7ff601998789 19331 7ff601999c58 __free_lconv_num 11 API calls 19330->19331 19331->19329 19332 7ff60199dea8 _get_daylight 11 API calls 19332->19337 19333 7ff601998778 19335 7ff6019987c0 11 API calls 19333->19335 19334 7ff60199f784 37 API calls 19334->19337 19336 7ff601998780 19335->19336 19339 7ff601999c58 __free_lconv_num 11 API calls 19336->19339 19337->19327 19337->19330 19337->19332 19337->19333 19337->19334 19338 7ff6019987ac 19337->19338 19341 7ff601999c58 __free_lconv_num 11 API calls 19337->19341 19340 7ff601999c10 _isindst 17 API calls 19338->19340 19339->19327 19342 7ff6019987be 19340->19342 19341->19337 19344 7ff6019a7e41 __crtLCMapStringW 19343->19344 19345 7ff6019a63fe 19344->19345 19346 7ff60199e278 6 API calls 19344->19346 19345->18978 19345->18979 19346->19345 16197 7ff60198bf5c 16218 7ff60198c12c 16197->16218 16200 7ff60198c0a8 16341 7ff60198c44c IsProcessorFeaturePresent 16200->16341 16201 7ff60198bf78 __scrt_acquire_startup_lock 16203 7ff60198c0b2 16201->16203 16206 7ff60198bf96 __scrt_release_startup_lock 16201->16206 16204 7ff60198c44c 7 API calls 16203->16204 16207 7ff60198c0bd __CxxCallCatchBlock 16204->16207 16205 7ff60198bfbb 16206->16205 16208 7ff60198c041 16206->16208 16330 7ff601998e44 16206->16330 16224 7ff60198c594 16208->16224 16210 7ff60198c046 16227 7ff601981000 16210->16227 16215 7ff60198c069 16215->16207 16337 7ff60198c2b0 16215->16337 16219 7ff60198c134 16218->16219 16220 7ff60198c140 __scrt_dllmain_crt_thread_attach 16219->16220 16221 7ff60198c14d 16220->16221 16223 7ff60198bf70 16220->16223 16221->16223 16348 7ff60198cba8 16221->16348 16223->16200 16223->16201 16225 7ff6019a97e0 __scrt_get_show_window_mode 16224->16225 16226 7ff60198c5ab GetStartupInfoW 16225->16226 16226->16210 16228 7ff601981009 16227->16228 16375 7ff601994794 16228->16375 16230 7ff60198352b 16382 7ff6019833e0 16230->16382 16233 7ff601983538 16235 7ff60198b870 _log10_special 8 API calls 16233->16235 16237 7ff60198372a 16235->16237 16335 7ff60198c5d8 GetModuleHandleW 16237->16335 16238 7ff60198356c 16241 7ff601981bf0 49 API calls 16238->16241 16239 7ff601983736 16573 7ff601983f70 16239->16573 16254 7ff601983588 16241->16254 16243 7ff601983785 16245 7ff6019825f0 53 API calls 16243->16245 16245->16233 16247 7ff60198365f __std_exception_copy 16255 7ff601987e10 14 API calls 16247->16255 16283 7ff601983834 16247->16283 16248 7ff601983778 16249 7ff60198377d 16248->16249 16250 7ff60198379f 16248->16250 16592 7ff60198f36c 16249->16592 16251 7ff601981bf0 49 API calls 16250->16251 16253 7ff6019837be 16251->16253 16262 7ff6019818f0 115 API calls 16253->16262 16444 7ff601987e10 16254->16444 16257 7ff6019836ae 16255->16257 16457 7ff601987f80 16257->16457 16258 7ff601983852 16260 7ff601983865 16258->16260 16261 7ff601983871 16258->16261 16599 7ff601983fe0 16260->16599 16265 7ff601981bf0 49 API calls 16261->16265 16267 7ff6019837df 16262->16267 16263 7ff6019836bd 16268 7ff60198380f 16263->16268 16271 7ff6019836cf 16263->16271 16266 7ff601983805 __std_exception_copy 16265->16266 16517 7ff6019886b0 16266->16517 16267->16254 16270 7ff6019837ef 16267->16270 16466 7ff601988400 16268->16466 16275 7ff6019825f0 53 API calls 16270->16275 16462 7ff601981bf0 16271->16462 16274 7ff60198389e SetDllDirectoryW 16280 7ff6019838c3 16274->16280 16275->16233 16284 7ff601983a50 16280->16284 16522 7ff601986560 16280->16522 16281 7ff6019836fc 16562 7ff6019825f0 16281->16562 16283->16266 16596 7ff601983e90 16283->16596 16286 7ff601983a7d 16284->16286 16287 7ff601983a5a PostMessageW GetMessageW 16284->16287 16657 7ff601983080 16286->16657 16287->16286 16290 7ff6019838ea 16292 7ff601983947 16290->16292 16294 7ff601983901 16290->16294 16602 7ff6019865a0 16290->16602 16292->16284 16298 7ff60198395c 16292->16298 16306 7ff601983905 16294->16306 16623 7ff601986970 16294->16623 16542 7ff6019830e0 16298->16542 16306->16292 16639 7ff601982870 16306->16639 16331 7ff601998e5b 16330->16331 16332 7ff601998e7c 16330->16332 16331->16208 18574 7ff6019996e8 16332->18574 16336 7ff60198c5e9 16335->16336 16336->16215 16339 7ff60198c2c1 16337->16339 16338 7ff60198c080 16338->16205 16339->16338 16340 7ff60198cba8 7 API calls 16339->16340 16340->16338 16342 7ff60198c472 _isindst __scrt_get_show_window_mode 16341->16342 16343 7ff60198c491 RtlCaptureContext RtlLookupFunctionEntry 16342->16343 16344 7ff60198c4f6 __scrt_get_show_window_mode 16343->16344 16345 7ff60198c4ba RtlVirtualUnwind 16343->16345 16346 7ff60198c528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16344->16346 16345->16344 16347 7ff60198c576 _isindst 16346->16347 16347->16203 16349 7ff60198cbb0 16348->16349 16350 7ff60198cbba 16348->16350 16354 7ff60198cf44 16349->16354 16350->16223 16355 7ff60198cbb5 16354->16355 16356 7ff60198cf53 16354->16356 16358 7ff60198cfb0 16355->16358 16362 7ff60198d180 16356->16362 16359 7ff60198cfdb 16358->16359 16360 7ff60198cfbe DeleteCriticalSection 16359->16360 16361 7ff60198cfdf 16359->16361 16360->16359 16361->16350 16366 7ff60198cfe8 16362->16366 16367 7ff60198d0d2 TlsFree 16366->16367 16372 7ff60198d02c __vcrt_FlsAlloc 16366->16372 16368 7ff60198d05a LoadLibraryExW 16370 7ff60198d0f9 16368->16370 16371 7ff60198d07b GetLastError 16368->16371 16369 7ff60198d119 GetProcAddress 16369->16367 16370->16369 16373 7ff60198d110 FreeLibrary 16370->16373 16371->16372 16372->16367 16372->16368 16372->16369 16374 7ff60198d09d LoadLibraryExW 16372->16374 16373->16369 16374->16370 16374->16372 16378 7ff60199e790 16375->16378 16376 7ff60199e7e3 16377 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16376->16377 16381 7ff60199e80c 16377->16381 16378->16376 16379 7ff60199e836 16378->16379 16670 7ff60199e668 16379->16670 16381->16230 16678 7ff60198bb70 16382->16678 16385 7ff60198341b 16685 7ff6019829e0 16385->16685 16386 7ff601983438 16680 7ff6019885a0 FindFirstFileExW 16386->16680 16390 7ff60198344b 16695 7ff601988620 CreateFileW 16390->16695 16391 7ff6019834a5 16704 7ff601988760 16391->16704 16393 7ff60198b870 _log10_special 8 API calls 16395 7ff6019834dd 16393->16395 16395->16233 16404 7ff6019818f0 16395->16404 16397 7ff6019834b3 16400 7ff60198342e 16397->16400 16402 7ff6019826c0 49 API calls 16397->16402 16398 7ff60198345c 16698 7ff6019826c0 16398->16698 16399 7ff601983474 __vcrt_FlsAlloc 16399->16391 16400->16393 16402->16400 16405 7ff601983f70 108 API calls 16404->16405 16406 7ff601981925 16405->16406 16408 7ff6019876a0 83 API calls 16406->16408 16413 7ff601981bb6 16406->16413 16407 7ff60198b870 _log10_special 8 API calls 16409 7ff601981bd1 16407->16409 16410 7ff60198196b 16408->16410 16409->16238 16409->16239 16443 7ff60198199c 16410->16443 17068 7ff60198f9f4 16410->17068 16412 7ff60198f36c 74 API calls 16412->16413 16413->16407 16414 7ff601981985 16415 7ff601981989 16414->16415 16416 7ff6019819a1 16414->16416 17075 7ff601982760 16415->17075 17072 7ff60198f6bc 16416->17072 16420 7ff6019819d7 16423 7ff601981a06 16420->16423 16424 7ff6019819ee 16420->16424 16421 7ff6019819bf 16422 7ff601982760 53 API calls 16421->16422 16422->16443 16426 7ff601981bf0 49 API calls 16423->16426 16425 7ff601982760 53 API calls 16424->16425 16425->16443 16427 7ff601981a1d 16426->16427 16428 7ff601981bf0 49 API calls 16427->16428 16429 7ff601981a68 16428->16429 16430 7ff60198f9f4 73 API calls 16429->16430 16431 7ff601981a8c 16430->16431 16432 7ff601981ab9 16431->16432 16433 7ff601981aa1 16431->16433 16435 7ff60198f6bc _fread_nolock 53 API calls 16432->16435 16434 7ff601982760 53 API calls 16433->16434 16434->16443 16436 7ff601981ace 16435->16436 16437 7ff601981aec 16436->16437 16438 7ff601981ad4 16436->16438 17092 7ff60198f430 16437->17092 16439 7ff601982760 53 API calls 16438->16439 16439->16443 16442 7ff6019825f0 53 API calls 16442->16443 16443->16412 16445 7ff601987e1a 16444->16445 16446 7ff6019886b0 2 API calls 16445->16446 16447 7ff601987e39 GetEnvironmentVariableW 16446->16447 16448 7ff601987e56 ExpandEnvironmentStringsW 16447->16448 16449 7ff601987ea2 16447->16449 16448->16449 16450 7ff601987e78 16448->16450 16451 7ff60198b870 _log10_special 8 API calls 16449->16451 16453 7ff601988760 2 API calls 16450->16453 16452 7ff601987eb4 16451->16452 16452->16247 16454 7ff601987e8a 16453->16454 16455 7ff60198b870 _log10_special 8 API calls 16454->16455 16456 7ff601987e9a 16455->16456 16456->16247 16458 7ff6019886b0 2 API calls 16457->16458 16459 7ff601987f94 16458->16459 17301 7ff601997548 16459->17301 16461 7ff601987fa6 __std_exception_copy 16461->16263 16463 7ff601981c15 16462->16463 16464 7ff601993ca4 49 API calls 16463->16464 16465 7ff601981c38 16464->16465 16465->16266 16465->16281 16467 7ff601988415 16466->16467 17319 7ff601987b50 GetCurrentProcess OpenProcessToken 16467->17319 16470 7ff601987b50 7 API calls 16471 7ff601988441 16470->16471 16472 7ff601988474 16471->16472 16473 7ff60198845a 16471->16473 16475 7ff601982590 48 API calls 16472->16475 16474 7ff601982590 48 API calls 16473->16474 16476 7ff601988472 16474->16476 16518 7ff6019886d2 MultiByteToWideChar 16517->16518 16520 7ff6019886f6 16517->16520 16518->16520 16521 7ff60198870c __std_exception_copy 16518->16521 16519 7ff601988713 MultiByteToWideChar 16519->16521 16520->16519 16520->16521 16521->16274 16523 7ff601986575 16522->16523 16524 7ff6019838d5 16523->16524 16525 7ff601982760 53 API calls 16523->16525 16526 7ff601986b00 16524->16526 16525->16524 16527 7ff601986b30 16526->16527 16540 7ff601986b4a __std_exception_copy 16526->16540 16527->16540 17513 7ff601981440 16527->17513 16529 7ff601986b54 16530 7ff601983fe0 49 API calls 16529->16530 16529->16540 16531 7ff601986b76 16530->16531 16532 7ff601986b7b 16531->16532 16533 7ff601983fe0 49 API calls 16531->16533 16534 7ff601982870 53 API calls 16532->16534 16535 7ff601986b9a 16533->16535 16534->16540 16535->16532 16536 7ff601983fe0 49 API calls 16535->16536 16540->16290 16554 7ff6019830ee __scrt_get_show_window_mode 16542->16554 16543 7ff60198b870 _log10_special 8 API calls 16545 7ff60198338e 16543->16545 16544 7ff6019832e7 16544->16543 16545->16233 16561 7ff6019883e0 LocalFree 16545->16561 16547 7ff601981bf0 49 API calls 16547->16554 16548 7ff601983309 16550 7ff6019825f0 53 API calls 16548->16550 16550->16544 16553 7ff6019832e9 16556 7ff6019825f0 53 API calls 16553->16556 16554->16544 16554->16547 16554->16548 16554->16553 16555 7ff601982870 53 API calls 16554->16555 16559 7ff6019832f7 16554->16559 17574 7ff601983f10 16554->17574 17580 7ff601987530 16554->17580 17592 7ff6019815c0 16554->17592 17630 7ff6019868e0 16554->17630 17634 7ff601983b40 16554->17634 17678 7ff601983e00 16554->17678 16555->16554 16556->16544 16560 7ff6019825f0 53 API calls 16559->16560 16560->16544 16563 7ff60198262a 16562->16563 16564 7ff601993ca4 49 API calls 16563->16564 16565 7ff601982652 16564->16565 16574 7ff601983f7c 16573->16574 16575 7ff6019886b0 2 API calls 16574->16575 16576 7ff601983fa4 16575->16576 16577 7ff6019886b0 2 API calls 16576->16577 16578 7ff601983fb7 16577->16578 17798 7ff6019952a4 16578->17798 16581 7ff60198b870 _log10_special 8 API calls 16582 7ff601983746 16581->16582 16582->16243 16583 7ff6019876a0 16582->16583 16584 7ff6019876c4 16583->16584 16585 7ff60198f9f4 73 API calls 16584->16585 16586 7ff60198779b __std_exception_copy 16584->16586 16587 7ff6019876e0 16585->16587 16586->16248 16587->16586 18190 7ff601996bd8 16587->18190 16589 7ff60198f9f4 73 API calls 16591 7ff6019876f5 16589->16591 16590 7ff60198f6bc _fread_nolock 53 API calls 16590->16591 16591->16586 16591->16589 16591->16590 16593 7ff60198f39c 16592->16593 18205 7ff60198f148 16593->18205 16595 7ff60198f3b5 16595->16243 16597 7ff601981bf0 49 API calls 16596->16597 16598 7ff601983ead 16597->16598 16598->16258 16600 7ff601981bf0 49 API calls 16599->16600 16601 7ff601984010 16600->16601 16601->16266 16620 7ff6019865bc 16602->16620 16603 7ff6019866df 16604 7ff60198b870 _log10_special 8 API calls 16603->16604 16606 7ff6019866f1 16604->16606 16605 7ff6019817e0 45 API calls 16605->16620 16606->16294 16607 7ff60198675d 16609 7ff6019825f0 53 API calls 16607->16609 16608 7ff601981bf0 49 API calls 16608->16620 16609->16603 16610 7ff60198674a 16611 7ff6019825f0 53 API calls 16610->16611 16611->16603 16612 7ff601983f10 10 API calls 16612->16620 16613 7ff60198670d 16615 7ff6019825f0 53 API calls 16613->16615 16614 7ff601987530 52 API calls 16614->16620 16615->16603 16616 7ff601982870 53 API calls 16616->16620 16617 7ff601986737 16619 7ff6019825f0 53 API calls 16617->16619 16618 7ff6019815c0 118 API calls 16618->16620 16619->16603 16620->16603 16620->16605 16620->16607 16620->16608 16620->16610 16620->16612 16620->16613 16620->16614 16620->16616 16620->16617 16620->16618 16621 7ff601986720 16620->16621 16622 7ff6019825f0 53 API calls 16621->16622 16622->16603 18216 7ff6019881a0 16623->18216 16625 7ff601986989 16626 7ff6019881a0 3 API calls 16625->16626 16627 7ff60198699c 16626->16627 16628 7ff6019869cf 16627->16628 16629 7ff6019869b4 16627->16629 16640 7ff6019828aa 16639->16640 16641 7ff601993ca4 49 API calls 16640->16641 16642 7ff6019828d2 16641->16642 16643 7ff6019886b0 2 API calls 16642->16643 16644 7ff6019828ea 16643->16644 16645 7ff6019828f7 MessageBoxW 16644->16645 16646 7ff60198290e MessageBoxA 16644->16646 16647 7ff601982920 16645->16647 16646->16647 16648 7ff60198b870 _log10_special 8 API calls 16647->16648 18285 7ff601985af0 16657->18285 16660 7ff6019830b9 16666 7ff6019833a0 16660->16666 16667 7ff6019833ae 16666->16667 16668 7ff6019833bf 16667->16668 18573 7ff601988180 FreeLibrary 16667->18573 16677 7ff60199477c EnterCriticalSection 16670->16677 16679 7ff6019833ec GetModuleFileNameW 16678->16679 16679->16385 16679->16386 16681 7ff6019885df FindClose 16680->16681 16682 7ff6019885f2 16680->16682 16681->16682 16683 7ff60198b870 _log10_special 8 API calls 16682->16683 16684 7ff601983442 16683->16684 16684->16390 16684->16391 16686 7ff60198bb70 16685->16686 16687 7ff6019829fc GetLastError 16686->16687 16688 7ff601982a29 16687->16688 16709 7ff601993ef8 16688->16709 16693 7ff60198b870 _log10_special 8 API calls 16694 7ff601982ae5 16693->16694 16694->16400 16696 7ff601988660 GetFinalPathNameByHandleW CloseHandle 16695->16696 16697 7ff601983458 16695->16697 16696->16697 16697->16398 16697->16399 16699 7ff6019826fa 16698->16699 16700 7ff601993ef8 48 API calls 16699->16700 16701 7ff601982722 MessageBoxW 16700->16701 16702 7ff60198b870 _log10_special 8 API calls 16701->16702 16703 7ff60198274c 16702->16703 16703->16400 16705 7ff60198878a WideCharToMultiByte 16704->16705 16706 7ff6019887b5 16704->16706 16705->16706 16708 7ff6019887cb __std_exception_copy 16705->16708 16707 7ff6019887d2 WideCharToMultiByte 16706->16707 16706->16708 16707->16708 16708->16397 16711 7ff601993f52 16709->16711 16710 7ff601993f77 16712 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16710->16712 16711->16710 16713 7ff601993fb3 16711->16713 16715 7ff601993fa1 16712->16715 16731 7ff6019922b0 16713->16731 16717 7ff60198b870 _log10_special 8 API calls 16715->16717 16716 7ff601994094 16718 7ff601999c58 __free_lconv_num 11 API calls 16716->16718 16719 7ff601982a54 FormatMessageW 16717->16719 16718->16715 16727 7ff601982590 16719->16727 16721 7ff601994069 16724 7ff601999c58 __free_lconv_num 11 API calls 16721->16724 16722 7ff6019940ba 16722->16716 16723 7ff6019940c4 16722->16723 16726 7ff601999c58 __free_lconv_num 11 API calls 16723->16726 16724->16715 16725 7ff601994060 16725->16716 16725->16721 16726->16715 16728 7ff6019825b5 16727->16728 16729 7ff601993ef8 48 API calls 16728->16729 16730 7ff6019825d8 MessageBoxW 16729->16730 16730->16693 16732 7ff6019922ee 16731->16732 16733 7ff6019922de 16731->16733 16734 7ff6019922f7 16732->16734 16738 7ff601992325 16732->16738 16735 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16733->16735 16736 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16734->16736 16737 7ff60199231d 16735->16737 16736->16737 16737->16716 16737->16721 16737->16722 16737->16725 16738->16733 16738->16737 16742 7ff601992cc4 16738->16742 16775 7ff601992710 16738->16775 16812 7ff601991ea0 16738->16812 16743 7ff601992d06 16742->16743 16744 7ff601992d77 16742->16744 16745 7ff601992da1 16743->16745 16746 7ff601992d0c 16743->16746 16747 7ff601992dd0 16744->16747 16748 7ff601992d7c 16744->16748 16835 7ff601991074 16745->16835 16749 7ff601992d40 16746->16749 16750 7ff601992d11 16746->16750 16754 7ff601992de7 16747->16754 16756 7ff601992dda 16747->16756 16760 7ff601992ddf 16747->16760 16751 7ff601992d7e 16748->16751 16752 7ff601992db1 16748->16752 16757 7ff601992d17 16749->16757 16749->16760 16750->16754 16750->16757 16755 7ff601992d20 16751->16755 16764 7ff601992d8d 16751->16764 16842 7ff601990c64 16752->16842 16849 7ff6019939cc 16754->16849 16773 7ff601992e10 16755->16773 16815 7ff601993478 16755->16815 16756->16745 16756->16760 16757->16755 16763 7ff601992d52 16757->16763 16769 7ff601992d3b 16757->16769 16760->16773 16853 7ff601991484 16760->16853 16763->16773 16825 7ff6019937b4 16763->16825 16764->16745 16766 7ff601992d92 16764->16766 16766->16773 16831 7ff601993878 16766->16831 16767 7ff60198b870 _log10_special 8 API calls 16768 7ff60199310a 16767->16768 16768->16738 16769->16773 16774 7ff601992ffc 16769->16774 16860 7ff601993ae0 16769->16860 16773->16767 16774->16773 16866 7ff60199dd18 16774->16866 16776 7ff60199271e 16775->16776 16777 7ff601992734 16775->16777 16778 7ff601992d06 16776->16778 16779 7ff601992d77 16776->16779 16781 7ff601992774 16776->16781 16780 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16777->16780 16777->16781 16782 7ff601992da1 16778->16782 16783 7ff601992d0c 16778->16783 16784 7ff601992dd0 16779->16784 16785 7ff601992d7c 16779->16785 16780->16781 16781->16738 16790 7ff601991074 38 API calls 16782->16790 16786 7ff601992d40 16783->16786 16787 7ff601992d11 16783->16787 16791 7ff601992de7 16784->16791 16793 7ff601992dda 16784->16793 16797 7ff601992ddf 16784->16797 16788 7ff601992d7e 16785->16788 16789 7ff601992db1 16785->16789 16794 7ff601992d17 16786->16794 16786->16797 16787->16791 16787->16794 16792 7ff601992d20 16788->16792 16801 7ff601992d8d 16788->16801 16795 7ff601990c64 38 API calls 16789->16795 16808 7ff601992d3b 16790->16808 16798 7ff6019939cc 45 API calls 16791->16798 16796 7ff601993478 47 API calls 16792->16796 16811 7ff601992e10 16792->16811 16793->16782 16793->16797 16794->16792 16799 7ff601992d52 16794->16799 16794->16808 16795->16808 16796->16808 16800 7ff601991484 38 API calls 16797->16800 16797->16811 16798->16808 16802 7ff6019937b4 46 API calls 16799->16802 16799->16811 16800->16808 16801->16782 16803 7ff601992d92 16801->16803 16802->16808 16806 7ff601993878 37 API calls 16803->16806 16803->16811 16804 7ff60198b870 _log10_special 8 API calls 16805 7ff60199310a 16804->16805 16805->16738 16806->16808 16807 7ff601993ae0 45 API calls 16810 7ff601992ffc 16807->16810 16808->16807 16808->16810 16808->16811 16809 7ff60199dd18 46 API calls 16809->16810 16810->16809 16810->16811 16811->16804 17051 7ff6019902e8 16812->17051 16816 7ff60199349e 16815->16816 16878 7ff60198fea0 16816->16878 16821 7ff6019935e3 16822 7ff601993671 16821->16822 16824 7ff601993ae0 45 API calls 16821->16824 16822->16769 16823 7ff601993ae0 45 API calls 16823->16821 16824->16822 16826 7ff6019937e9 16825->16826 16827 7ff601993807 16826->16827 16828 7ff601993ae0 45 API calls 16826->16828 16830 7ff60199382e 16826->16830 16829 7ff60199dd18 46 API calls 16827->16829 16828->16827 16829->16830 16830->16769 16833 7ff601993899 16831->16833 16832 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16834 7ff6019938ca 16832->16834 16833->16832 16833->16834 16834->16769 16836 7ff6019910a7 16835->16836 16837 7ff6019910d6 16836->16837 16839 7ff601991193 16836->16839 16841 7ff601991113 16837->16841 17021 7ff60198ff48 16837->17021 16840 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16839->16840 16840->16841 16841->16769 16843 7ff601990c97 16842->16843 16844 7ff601990cc6 16843->16844 16846 7ff601990d83 16843->16846 16845 7ff60198ff48 12 API calls 16844->16845 16848 7ff601990d03 16844->16848 16845->16848 16847 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16846->16847 16847->16848 16848->16769 16850 7ff601993a0f 16849->16850 16852 7ff601993a13 __crtLCMapStringW 16850->16852 17029 7ff601993a68 16850->17029 16852->16769 16855 7ff6019914b7 16853->16855 16854 7ff6019914e6 16856 7ff60198ff48 12 API calls 16854->16856 16859 7ff601991523 16854->16859 16855->16854 16857 7ff6019915a3 16855->16857 16856->16859 16858 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16857->16858 16858->16859 16859->16769 16861 7ff601993af7 16860->16861 17033 7ff60199ccc8 16861->17033 16867 7ff60199dd49 16866->16867 16876 7ff60199dd57 16866->16876 16868 7ff60199dd77 16867->16868 16869 7ff601993ae0 45 API calls 16867->16869 16867->16876 16870 7ff60199ddaf 16868->16870 16871 7ff60199dd88 16868->16871 16869->16868 16873 7ff60199ddd9 16870->16873 16874 7ff60199de3a 16870->16874 16870->16876 17041 7ff60199f3b0 16871->17041 16873->16876 17044 7ff60199ebb0 16873->17044 16875 7ff60199ebb0 _fread_nolock MultiByteToWideChar 16874->16875 16875->16876 16876->16774 16879 7ff60198fed7 16878->16879 16880 7ff60198fec6 16878->16880 16879->16880 16908 7ff60199c90c 16879->16908 16886 7ff60199d880 16880->16886 16883 7ff60198ff18 16885 7ff601999c58 __free_lconv_num 11 API calls 16883->16885 16884 7ff601999c58 __free_lconv_num 11 API calls 16884->16883 16885->16880 16887 7ff60199d8d0 16886->16887 16888 7ff60199d89d 16886->16888 16887->16888 16891 7ff60199d902 16887->16891 16889 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16888->16889 16890 7ff6019935c1 16889->16890 16890->16821 16890->16823 16895 7ff60199da15 16891->16895 16903 7ff60199d94a 16891->16903 16892 7ff60199db07 16948 7ff60199cd6c 16892->16948 16894 7ff60199dacd 16941 7ff60199d104 16894->16941 16895->16892 16895->16894 16896 7ff60199da9c 16895->16896 16898 7ff60199da5f 16895->16898 16900 7ff60199da55 16895->16900 16934 7ff60199d3e4 16896->16934 16924 7ff60199d614 16898->16924 16900->16894 16902 7ff60199da5a 16900->16902 16902->16896 16902->16898 16903->16890 16915 7ff6019997b4 16903->16915 16906 7ff601999c10 _isindst 17 API calls 16907 7ff60199db64 16906->16907 16909 7ff60199c957 16908->16909 16914 7ff60199c91b _get_daylight 16908->16914 16910 7ff6019943f4 _get_daylight 11 API calls 16909->16910 16912 7ff60198ff04 16910->16912 16911 7ff60199c93e HeapAlloc 16911->16912 16911->16914 16912->16883 16912->16884 16913 7ff6019a28a0 _get_daylight 2 API calls 16913->16914 16914->16909 16914->16911 16914->16913 16916 7ff6019997c1 16915->16916 16917 7ff6019997cb 16915->16917 16916->16917 16922 7ff6019997e6 16916->16922 16918 7ff6019943f4 _get_daylight 11 API calls 16917->16918 16919 7ff6019997d2 16918->16919 16920 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 16919->16920 16921 7ff6019997de 16920->16921 16921->16890 16921->16906 16922->16921 16923 7ff6019943f4 _get_daylight 11 API calls 16922->16923 16923->16919 16957 7ff6019a33bc 16924->16957 16928 7ff60199d6bc 16929 7ff60199d6c0 16928->16929 16930 7ff60199d711 16928->16930 16931 7ff60199d6dc 16928->16931 16929->16890 17010 7ff60199d200 16930->17010 17006 7ff60199d4bc 16931->17006 16935 7ff6019a33bc 38 API calls 16934->16935 16936 7ff60199d42e 16935->16936 16937 7ff6019a2e04 37 API calls 16936->16937 16938 7ff60199d47e 16937->16938 16939 7ff60199d482 16938->16939 16940 7ff60199d4bc 45 API calls 16938->16940 16939->16890 16940->16939 16942 7ff6019a33bc 38 API calls 16941->16942 16943 7ff60199d14f 16942->16943 16944 7ff6019a2e04 37 API calls 16943->16944 16945 7ff60199d1a7 16944->16945 16946 7ff60199d1ab 16945->16946 16947 7ff60199d200 45 API calls 16945->16947 16946->16890 16947->16946 16949 7ff60199cdb1 16948->16949 16950 7ff60199cde4 16948->16950 16951 7ff601999b24 _invalid_parameter_noinfo 37 API calls 16949->16951 16952 7ff60199cdfc 16950->16952 16954 7ff60199ce7d 16950->16954 16956 7ff60199cddd __scrt_get_show_window_mode 16951->16956 16953 7ff60199d104 46 API calls 16952->16953 16953->16956 16955 7ff601993ae0 45 API calls 16954->16955 16954->16956 16955->16956 16956->16890 16958 7ff6019a340f fegetenv 16957->16958 16959 7ff6019a713c 37 API calls 16958->16959 16965 7ff6019a3462 16959->16965 16960 7ff6019a348f 16964 7ff6019997b4 __std_exception_copy 37 API calls 16960->16964 16961 7ff6019a3552 16962 7ff6019a713c 37 API calls 16961->16962 16963 7ff6019a357c 16962->16963 16968 7ff6019a713c 37 API calls 16963->16968 16969 7ff6019a350d 16964->16969 16965->16961 16966 7ff6019a347d 16965->16966 16967 7ff6019a352c 16965->16967 16966->16960 16966->16961 16972 7ff6019997b4 __std_exception_copy 37 API calls 16967->16972 16970 7ff6019a358d 16968->16970 16971 7ff6019a4634 16969->16971 16976 7ff6019a3515 16969->16976 16973 7ff6019a7330 20 API calls 16970->16973 16974 7ff601999c10 _isindst 17 API calls 16971->16974 16972->16969 16984 7ff6019a35f6 __scrt_get_show_window_mode 16973->16984 16975 7ff6019a4649 16974->16975 16977 7ff60198b870 _log10_special 8 API calls 16976->16977 16978 7ff60199d661 16977->16978 17002 7ff6019a2e04 16978->17002 16979 7ff6019a399f __scrt_get_show_window_mode 16980 7ff6019a3cdf 16981 7ff6019a2f20 37 API calls 16980->16981 16988 7ff6019a43f7 16981->16988 16982 7ff6019a3c8b 16982->16980 16985 7ff6019a464c memcpy_s 37 API calls 16982->16985 16983 7ff6019a3637 memcpy_s 16997 7ff6019a3f7b memcpy_s __scrt_get_show_window_mode 16983->16997 17000 7ff6019a3a93 memcpy_s __scrt_get_show_window_mode 16983->17000 16984->16979 16984->16983 16986 7ff6019943f4 _get_daylight 11 API calls 16984->16986 16985->16980 16987 7ff6019a3a70 16986->16987 16989 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 16987->16989 16990 7ff6019a464c memcpy_s 37 API calls 16988->16990 16995 7ff6019a4452 16988->16995 16989->16983 16990->16995 16991 7ff6019a45d8 16992 7ff6019a713c 37 API calls 16991->16992 16992->16976 16993 7ff6019943f4 11 API calls _get_daylight 16993->16997 16994 7ff6019943f4 11 API calls _get_daylight 16994->17000 16995->16991 16998 7ff6019a2f20 37 API calls 16995->16998 17001 7ff6019a464c memcpy_s 37 API calls 16995->17001 16996 7ff601999bf0 37 API calls _invalid_parameter_noinfo 16996->17000 16997->16980 16997->16982 16997->16993 16999 7ff601999bf0 37 API calls _invalid_parameter_noinfo 16997->16999 16998->16995 16999->16997 17000->16982 17000->16994 17000->16996 17001->16995 17003 7ff6019a2e23 17002->17003 17004 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17003->17004 17005 7ff6019a2e4e memcpy_s 17003->17005 17004->17005 17005->16928 17007 7ff60199d4e8 memcpy_s 17006->17007 17008 7ff601993ae0 45 API calls 17007->17008 17009 7ff60199d5a2 memcpy_s __scrt_get_show_window_mode 17007->17009 17008->17009 17009->16929 17011 7ff60199d23b 17010->17011 17016 7ff60199d288 memcpy_s 17010->17016 17012 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17011->17012 17013 7ff60199d267 17012->17013 17013->16929 17014 7ff60199d2f3 17015 7ff6019997b4 __std_exception_copy 37 API calls 17014->17015 17017 7ff60199d335 memcpy_s 17015->17017 17016->17014 17018 7ff601993ae0 45 API calls 17016->17018 17019 7ff601999c10 _isindst 17 API calls 17017->17019 17018->17014 17020 7ff60199d3e0 17019->17020 17022 7ff60198ff7f 17021->17022 17028 7ff60198ff6e 17021->17028 17023 7ff60199c90c _fread_nolock 12 API calls 17022->17023 17022->17028 17024 7ff60198ffb0 17023->17024 17025 7ff60198ffc4 17024->17025 17026 7ff601999c58 __free_lconv_num 11 API calls 17024->17026 17027 7ff601999c58 __free_lconv_num 11 API calls 17025->17027 17026->17025 17027->17028 17028->16841 17030 7ff601993a86 17029->17030 17032 7ff601993a8e 17029->17032 17031 7ff601993ae0 45 API calls 17030->17031 17031->17032 17032->16852 17034 7ff60199cce1 17033->17034 17035 7ff601993b1f 17033->17035 17034->17035 17036 7ff6019a2614 45 API calls 17034->17036 17037 7ff60199cd34 17035->17037 17036->17035 17038 7ff601993b2f 17037->17038 17039 7ff60199cd4d 17037->17039 17038->16774 17039->17038 17040 7ff6019a1960 45 API calls 17039->17040 17040->17038 17047 7ff6019a6098 17041->17047 17045 7ff60199ebb9 MultiByteToWideChar 17044->17045 17050 7ff6019a60fc 17047->17050 17048 7ff60198b870 _log10_special 8 API calls 17049 7ff60199f3cd 17048->17049 17049->16876 17050->17048 17052 7ff60199032f 17051->17052 17053 7ff60199031d 17051->17053 17056 7ff60199033d 17052->17056 17060 7ff601990379 17052->17060 17054 7ff6019943f4 _get_daylight 11 API calls 17053->17054 17055 7ff601990322 17054->17055 17058 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17055->17058 17057 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17056->17057 17065 7ff60199032d 17057->17065 17058->17065 17059 7ff6019906f5 17061 7ff6019943f4 _get_daylight 11 API calls 17059->17061 17059->17065 17060->17059 17062 7ff6019943f4 _get_daylight 11 API calls 17060->17062 17063 7ff601990989 17061->17063 17064 7ff6019906ea 17062->17064 17066 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17063->17066 17067 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17064->17067 17065->16738 17066->17065 17067->17059 17069 7ff60198fa24 17068->17069 17098 7ff60198f784 17069->17098 17071 7ff60198fa3d 17071->16414 17110 7ff60198f6dc 17072->17110 17076 7ff60198277c 17075->17076 17077 7ff6019943f4 _get_daylight 11 API calls 17076->17077 17078 7ff601982799 17077->17078 17124 7ff601993ca4 17078->17124 17083 7ff601981bf0 49 API calls 17084 7ff601982807 17083->17084 17085 7ff6019886b0 2 API calls 17084->17085 17086 7ff60198281f 17085->17086 17087 7ff60198282c MessageBoxW 17086->17087 17088 7ff601982843 MessageBoxA 17086->17088 17089 7ff601982855 17087->17089 17088->17089 17090 7ff60198b870 _log10_special 8 API calls 17089->17090 17091 7ff601982865 17090->17091 17091->16443 17093 7ff60198f439 17092->17093 17097 7ff601981b06 17092->17097 17094 7ff6019943f4 _get_daylight 11 API calls 17093->17094 17095 7ff60198f43e 17094->17095 17096 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17095->17096 17096->17097 17097->16442 17097->16443 17099 7ff60198f7ee 17098->17099 17100 7ff60198f7ae 17098->17100 17099->17100 17101 7ff60198f7fa 17099->17101 17102 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17100->17102 17109 7ff60199477c EnterCriticalSection 17101->17109 17108 7ff60198f7d5 17102->17108 17108->17071 17111 7ff6019819b9 17110->17111 17112 7ff60198f706 17110->17112 17111->16420 17111->16421 17112->17111 17113 7ff60198f752 17112->17113 17114 7ff60198f715 __scrt_get_show_window_mode 17112->17114 17123 7ff60199477c EnterCriticalSection 17113->17123 17116 7ff6019943f4 _get_daylight 11 API calls 17114->17116 17119 7ff60198f72a 17116->17119 17121 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17119->17121 17121->17111 17126 7ff601993cfe 17124->17126 17125 7ff601993d23 17127 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17125->17127 17126->17125 17128 7ff601993d5f 17126->17128 17130 7ff601993d4d 17127->17130 17154 7ff601991f30 17128->17154 17131 7ff60198b870 _log10_special 8 API calls 17130->17131 17133 7ff6019827d8 17131->17133 17132 7ff601999c58 __free_lconv_num 11 API calls 17132->17130 17142 7ff601994480 17133->17142 17135 7ff601993e60 17137 7ff601993e3c 17135->17137 17138 7ff601993e6a 17135->17138 17136 7ff601993e08 17136->17137 17141 7ff601993e11 17136->17141 17137->17132 17140 7ff601999c58 __free_lconv_num 11 API calls 17138->17140 17139 7ff601999c58 __free_lconv_num 11 API calls 17139->17130 17140->17130 17141->17139 17143 7ff60199a5d8 _get_daylight 11 API calls 17142->17143 17144 7ff601994497 17143->17144 17145 7ff6019827df 17144->17145 17146 7ff60199dea8 _get_daylight 11 API calls 17144->17146 17149 7ff6019944d7 17144->17149 17145->17083 17147 7ff6019944cc 17146->17147 17148 7ff601999c58 __free_lconv_num 11 API calls 17147->17148 17148->17149 17149->17145 17292 7ff60199df30 17149->17292 17152 7ff601999c10 _isindst 17 API calls 17153 7ff60199451c 17152->17153 17155 7ff601991f6e 17154->17155 17156 7ff601991f5e 17154->17156 17157 7ff601991f77 17155->17157 17161 7ff601991fa5 17155->17161 17158 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17156->17158 17159 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17157->17159 17160 7ff601991f9d 17158->17160 17159->17160 17160->17135 17160->17136 17160->17137 17160->17141 17161->17156 17161->17160 17162 7ff601993ae0 45 API calls 17161->17162 17164 7ff601992254 17161->17164 17168 7ff6019928c0 17161->17168 17194 7ff601992588 17161->17194 17224 7ff601991e10 17161->17224 17162->17161 17166 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17164->17166 17166->17156 17169 7ff601992902 17168->17169 17170 7ff601992975 17168->17170 17171 7ff60199299f 17169->17171 17172 7ff601992908 17169->17172 17173 7ff6019929cf 17170->17173 17174 7ff60199297a 17170->17174 17241 7ff601990e70 17171->17241 17181 7ff60199290d 17172->17181 17185 7ff6019929de 17172->17185 17173->17171 17173->17185 17193 7ff601992938 17173->17193 17175 7ff6019929af 17174->17175 17176 7ff60199297c 17174->17176 17248 7ff601990a60 17175->17248 17178 7ff60199291d 17176->17178 17184 7ff60199298b 17176->17184 17191 7ff601992a0d 17178->17191 17227 7ff601993224 17178->17227 17181->17178 17183 7ff601992950 17181->17183 17181->17193 17183->17191 17237 7ff6019936e0 17183->17237 17184->17171 17186 7ff601992990 17184->17186 17185->17191 17255 7ff601991280 17185->17255 17189 7ff601993878 37 API calls 17186->17189 17186->17191 17188 7ff60198b870 _log10_special 8 API calls 17190 7ff601992ca3 17188->17190 17189->17193 17190->17161 17191->17188 17193->17191 17262 7ff60199db68 17193->17262 17195 7ff601992593 17194->17195 17196 7ff6019925a9 17194->17196 17198 7ff601992902 17195->17198 17199 7ff601992975 17195->17199 17208 7ff6019925e7 17195->17208 17197 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17196->17197 17196->17208 17197->17208 17200 7ff60199299f 17198->17200 17201 7ff601992908 17198->17201 17202 7ff6019929cf 17199->17202 17203 7ff60199297a 17199->17203 17206 7ff601990e70 38 API calls 17200->17206 17211 7ff60199290d 17201->17211 17215 7ff6019929de 17201->17215 17202->17200 17202->17215 17222 7ff601992938 17202->17222 17204 7ff6019929af 17203->17204 17205 7ff60199297c 17203->17205 17209 7ff601990a60 38 API calls 17204->17209 17207 7ff60199291d 17205->17207 17213 7ff60199298b 17205->17213 17206->17222 17210 7ff601993224 47 API calls 17207->17210 17223 7ff601992a0d 17207->17223 17208->17161 17209->17222 17210->17222 17211->17207 17214 7ff601992950 17211->17214 17211->17222 17212 7ff601991280 38 API calls 17212->17222 17213->17200 17216 7ff601992990 17213->17216 17217 7ff6019936e0 47 API calls 17214->17217 17214->17223 17215->17212 17215->17223 17219 7ff601993878 37 API calls 17216->17219 17216->17223 17217->17222 17218 7ff60198b870 _log10_special 8 API calls 17220 7ff601992ca3 17218->17220 17219->17222 17220->17161 17221 7ff60199db68 47 API calls 17221->17222 17222->17221 17222->17223 17223->17218 17275 7ff601990034 17224->17275 17228 7ff601993246 17227->17228 17229 7ff60198fea0 12 API calls 17228->17229 17230 7ff60199328e 17229->17230 17231 7ff60199d880 46 API calls 17230->17231 17232 7ff601993361 17231->17232 17234 7ff601993ae0 45 API calls 17232->17234 17236 7ff601993383 17232->17236 17233 7ff60199340c 17233->17193 17234->17236 17235 7ff601993ae0 45 API calls 17235->17233 17236->17233 17236->17235 17236->17236 17238 7ff6019936f8 17237->17238 17240 7ff601993760 17237->17240 17239 7ff60199db68 47 API calls 17238->17239 17238->17240 17239->17240 17240->17193 17242 7ff601990ea3 17241->17242 17243 7ff601990ed2 17242->17243 17245 7ff601990f8f 17242->17245 17244 7ff60198fea0 12 API calls 17243->17244 17247 7ff601990f0f 17243->17247 17244->17247 17246 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17245->17246 17246->17247 17247->17193 17249 7ff601990a93 17248->17249 17250 7ff601990ac2 17249->17250 17252 7ff601990b7f 17249->17252 17251 7ff60198fea0 12 API calls 17250->17251 17254 7ff601990aff 17250->17254 17251->17254 17253 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17252->17253 17253->17254 17254->17193 17256 7ff6019912b3 17255->17256 17257 7ff6019912e2 17256->17257 17259 7ff60199139f 17256->17259 17258 7ff60198fea0 12 API calls 17257->17258 17261 7ff60199131f 17257->17261 17258->17261 17260 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17259->17260 17260->17261 17261->17193 17263 7ff60199db90 17262->17263 17264 7ff60199dbd5 17263->17264 17265 7ff601993ae0 45 API calls 17263->17265 17267 7ff60199db95 __scrt_get_show_window_mode 17263->17267 17271 7ff60199dbbe __scrt_get_show_window_mode 17263->17271 17264->17267 17264->17271 17272 7ff60199faf8 17264->17272 17265->17264 17266 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17266->17267 17267->17193 17271->17266 17271->17267 17274 7ff60199fb1c WideCharToMultiByte 17272->17274 17276 7ff601990061 17275->17276 17277 7ff601990073 17275->17277 17278 7ff6019943f4 _get_daylight 11 API calls 17276->17278 17279 7ff601990080 17277->17279 17283 7ff6019900bd 17277->17283 17280 7ff601990066 17278->17280 17281 7ff601999b24 _invalid_parameter_noinfo 37 API calls 17279->17281 17282 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17280->17282 17289 7ff601990071 17281->17289 17282->17289 17284 7ff601990166 17283->17284 17285 7ff6019943f4 _get_daylight 11 API calls 17283->17285 17286 7ff6019943f4 _get_daylight 11 API calls 17284->17286 17284->17289 17287 7ff60199015b 17285->17287 17288 7ff601990210 17286->17288 17290 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17287->17290 17291 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17288->17291 17289->17161 17290->17284 17291->17289 17296 7ff60199df4d 17292->17296 17293 7ff60199df52 17294 7ff6019944fd 17293->17294 17295 7ff6019943f4 _get_daylight 11 API calls 17293->17295 17294->17145 17294->17152 17297 7ff60199df5c 17295->17297 17296->17293 17296->17294 17299 7ff60199df9c 17296->17299 17298 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17297->17298 17298->17294 17299->17294 17300 7ff6019943f4 _get_daylight 11 API calls 17299->17300 17300->17297 17302 7ff601997555 17301->17302 17303 7ff601997568 17301->17303 17304 7ff6019943f4 _get_daylight 11 API calls 17302->17304 17311 7ff6019971cc 17303->17311 17307 7ff60199755a 17304->17307 17309 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17307->17309 17308 7ff601997566 17308->16461 17309->17308 17318 7ff60199f5e8 EnterCriticalSection 17311->17318 17320 7ff601987c13 __std_exception_copy 17319->17320 17321 7ff601987b91 GetTokenInformation 17319->17321 17323 7ff601987c2c 17320->17323 17324 7ff601987c26 CloseHandle 17320->17324 17322 7ff601987bb2 GetLastError 17321->17322 17325 7ff601987bbd 17321->17325 17322->17320 17322->17325 17323->16470 17324->17323 17325->17320 17326 7ff601987bd9 GetTokenInformation 17325->17326 17326->17320 17327 7ff601987bfc 17326->17327 17327->17320 17328 7ff601987c06 ConvertSidToStringSidW 17327->17328 17328->17320 17514 7ff601983f70 108 API calls 17513->17514 17515 7ff601981463 17514->17515 17516 7ff60198148c 17515->17516 17517 7ff60198146b 17515->17517 17518 7ff60198f9f4 73 API calls 17516->17518 17519 7ff6019825f0 53 API calls 17517->17519 17520 7ff6019814a1 17518->17520 17521 7ff60198147b 17519->17521 17522 7ff6019814a5 17520->17522 17523 7ff6019814c1 17520->17523 17521->16529 17524 7ff601982760 53 API calls 17522->17524 17525 7ff6019814f1 17523->17525 17526 7ff6019814d1 17523->17526 17532 7ff6019814bc __std_exception_copy 17524->17532 17529 7ff6019814f7 17525->17529 17534 7ff60198150a 17525->17534 17527 7ff601982760 53 API calls 17526->17527 17527->17532 17528 7ff60198f36c 74 API calls 17530 7ff601981584 17528->17530 17537 7ff6019811f0 17529->17537 17530->16529 17532->17528 17533 7ff60198f6bc _fread_nolock 53 API calls 17533->17534 17534->17532 17534->17533 17535 7ff601981596 17534->17535 17536 7ff601982760 53 API calls 17535->17536 17536->17532 17538 7ff601981248 17537->17538 17539 7ff601981277 17538->17539 17540 7ff60198124f 17538->17540 17575 7ff601983f1a 17574->17575 17576 7ff6019886b0 2 API calls 17575->17576 17577 7ff601983f3f 17576->17577 17578 7ff60198b870 _log10_special 8 API calls 17577->17578 17579 7ff601983f67 17578->17579 17579->16554 17581 7ff60198753e 17580->17581 17582 7ff601981bf0 49 API calls 17581->17582 17583 7ff601987662 17581->17583 17588 7ff6019875c5 17582->17588 17584 7ff60198b870 _log10_special 8 API calls 17583->17584 17585 7ff601987693 17584->17585 17585->16554 17586 7ff601981bf0 49 API calls 17586->17588 17587 7ff601983f10 10 API calls 17587->17588 17588->17583 17588->17586 17588->17587 17589 7ff60198761b 17588->17589 17590 7ff6019886b0 2 API calls 17589->17590 17593 7ff6019815f7 17592->17593 17594 7ff6019815d3 17592->17594 17595 7ff601983f70 108 API calls 17593->17595 17681 7ff601981050 17594->17681 17597 7ff60198160b 17595->17597 17600 7ff60198163b 17597->17600 17601 7ff601981613 17597->17601 17604 7ff601983f70 108 API calls 17600->17604 17603 7ff601982760 53 API calls 17601->17603 17605 7ff60198162a 17603->17605 17606 7ff60198164f 17604->17606 17605->16554 17631 7ff60198694b 17630->17631 17633 7ff601986904 17630->17633 17631->16554 17633->17631 17720 7ff601994250 17633->17720 17635 7ff601983b51 17634->17635 17636 7ff601983e90 49 API calls 17635->17636 17637 7ff601983b8b 17636->17637 17638 7ff601983e90 49 API calls 17637->17638 17639 7ff601983b9b 17638->17639 17679 7ff601981bf0 49 API calls 17678->17679 17680 7ff601983e24 17679->17680 17680->16554 17682 7ff601983f70 108 API calls 17681->17682 17683 7ff60198108b 17682->17683 17684 7ff6019810a8 17683->17684 17685 7ff601981093 17683->17685 17687 7ff60198f9f4 73 API calls 17684->17687 17686 7ff6019825f0 53 API calls 17685->17686 17721 7ff60199428a 17720->17721 17722 7ff60199425d 17720->17722 17725 7ff6019942ad 17721->17725 17726 7ff6019942c9 17721->17726 17723 7ff6019943f4 _get_daylight 11 API calls 17722->17723 17724 7ff601994214 17722->17724 17727 7ff601994267 17723->17727 17724->17633 17728 7ff6019943f4 _get_daylight 11 API calls 17725->17728 17729 7ff601994178 45 API calls 17726->17729 17731 7ff6019942b2 17728->17731 17734 7ff6019942bd 17729->17734 17734->17633 17799 7ff6019951d8 17798->17799 17800 7ff6019951fe 17799->17800 17802 7ff601995231 17799->17802 17801 7ff6019943f4 _get_daylight 11 API calls 17800->17801 17803 7ff601995203 17801->17803 17804 7ff601995244 17802->17804 17805 7ff601995237 17802->17805 17806 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 17803->17806 17817 7ff601999f38 17804->17817 17807 7ff6019943f4 _get_daylight 11 API calls 17805->17807 17809 7ff601983fc6 17806->17809 17807->17809 17809->16581 17830 7ff60199f5e8 EnterCriticalSection 17817->17830 18191 7ff601996c08 18190->18191 18194 7ff6019966e4 18191->18194 18193 7ff601996c21 18193->16591 18195 7ff60199672e 18194->18195 18196 7ff6019966ff 18194->18196 18204 7ff60199477c EnterCriticalSection 18195->18204 18197 7ff601999b24 _invalid_parameter_noinfo 37 API calls 18196->18197 18199 7ff60199671f 18197->18199 18199->18193 18206 7ff60198f191 18205->18206 18207 7ff60198f163 18205->18207 18214 7ff60198f183 18206->18214 18215 7ff60199477c EnterCriticalSection 18206->18215 18208 7ff601999b24 _invalid_parameter_noinfo 37 API calls 18207->18208 18208->18214 18214->16595 18217 7ff6019886b0 2 API calls 18216->18217 18218 7ff6019881b4 LoadLibraryExW 18217->18218 18219 7ff6019881d3 __std_exception_copy 18218->18219 18219->16625 18286 7ff601985b05 18285->18286 18287 7ff601981bf0 49 API calls 18286->18287 18288 7ff601985b41 18287->18288 18289 7ff601985b6d 18288->18289 18290 7ff601985b4a 18288->18290 18291 7ff601983fe0 49 API calls 18289->18291 18292 7ff6019825f0 53 API calls 18290->18292 18293 7ff601985b85 18291->18293 18294 7ff601985b63 18292->18294 18295 7ff601985ba3 18293->18295 18296 7ff6019825f0 53 API calls 18293->18296 18298 7ff60198b870 _log10_special 8 API calls 18294->18298 18297 7ff601983f10 10 API calls 18295->18297 18296->18295 18299 7ff601985bad 18297->18299 18300 7ff60198308e 18298->18300 18301 7ff601985bbb 18299->18301 18302 7ff6019881a0 3 API calls 18299->18302 18300->16660 18316 7ff601985c80 18300->18316 18303 7ff601983fe0 49 API calls 18301->18303 18302->18301 18304 7ff601985bd4 18303->18304 18305 7ff601985bf9 18304->18305 18306 7ff601985bd9 18304->18306 18455 7ff601984c80 18316->18455 18318 7ff601985cba 18457 7ff601984cac 18455->18457 18456 7ff601984cb4 18456->18318 18457->18456 18460 7ff601984e54 18457->18460 18493 7ff601995db4 18457->18493 18573->16668 18575 7ff60199a460 __CxxCallCatchBlock 45 API calls 18574->18575 18576 7ff6019996f1 18575->18576 18577 7ff601999814 __CxxCallCatchBlock 45 API calls 18576->18577 18578 7ff601999711 18577->18578 19625 7ff60198be70 19626 7ff60198be80 19625->19626 19642 7ff601998ec0 19626->19642 19628 7ff60198be8c 19648 7ff60198c168 19628->19648 19630 7ff60198c44c 7 API calls 19631 7ff60198bf25 19630->19631 19632 7ff60198bea4 _RTC_Initialize 19640 7ff60198bef9 19632->19640 19653 7ff60198c318 19632->19653 19634 7ff60198beb9 19656 7ff60199832c 19634->19656 19640->19630 19641 7ff60198bf15 19640->19641 19643 7ff601998ed1 19642->19643 19644 7ff601998ed9 19643->19644 19645 7ff6019943f4 _get_daylight 11 API calls 19643->19645 19644->19628 19646 7ff601998ee8 19645->19646 19647 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 19646->19647 19647->19644 19649 7ff60198c179 19648->19649 19652 7ff60198c17e __scrt_acquire_startup_lock 19648->19652 19650 7ff60198c44c 7 API calls 19649->19650 19649->19652 19651 7ff60198c1f2 19650->19651 19652->19632 19681 7ff60198c2dc 19653->19681 19655 7ff60198c321 19655->19634 19657 7ff60198bec5 19656->19657 19658 7ff60199834c 19656->19658 19657->19640 19680 7ff60198c3ec InitializeSListHead 19657->19680 19659 7ff601998354 19658->19659 19660 7ff60199836a GetModuleFileNameW 19658->19660 19661 7ff6019943f4 _get_daylight 11 API calls 19659->19661 19664 7ff601998395 19660->19664 19662 7ff601998359 19661->19662 19663 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 19662->19663 19663->19657 19696 7ff6019982cc 19664->19696 19667 7ff6019983dd 19668 7ff6019943f4 _get_daylight 11 API calls 19667->19668 19669 7ff6019983e2 19668->19669 19672 7ff601999c58 __free_lconv_num 11 API calls 19669->19672 19670 7ff601998417 19673 7ff601999c58 __free_lconv_num 11 API calls 19670->19673 19671 7ff6019983f5 19671->19670 19674 7ff601998443 19671->19674 19675 7ff60199845c 19671->19675 19672->19657 19673->19657 19676 7ff601999c58 __free_lconv_num 11 API calls 19674->19676 19678 7ff601999c58 __free_lconv_num 11 API calls 19675->19678 19677 7ff60199844c 19676->19677 19679 7ff601999c58 __free_lconv_num 11 API calls 19677->19679 19678->19670 19679->19657 19682 7ff60198c2f6 19681->19682 19684 7ff60198c2ef 19681->19684 19685 7ff6019994fc 19682->19685 19684->19655 19688 7ff601999138 19685->19688 19695 7ff60199f5e8 EnterCriticalSection 19688->19695 19697 7ff6019982e4 19696->19697 19701 7ff60199831c 19696->19701 19698 7ff60199dea8 _get_daylight 11 API calls 19697->19698 19697->19701 19699 7ff601998312 19698->19699 19700 7ff601999c58 __free_lconv_num 11 API calls 19699->19700 19700->19701 19701->19667 19701->19671 19360 7ff6019a9ef3 19361 7ff6019a9f03 19360->19361 19364 7ff601994788 LeaveCriticalSection 19361->19364 19381 7ff6019a09c0 19392 7ff6019a66f4 19381->19392 19393 7ff6019a6701 19392->19393 19394 7ff601999c58 __free_lconv_num 11 API calls 19393->19394 19395 7ff6019a671d 19393->19395 19394->19393 19396 7ff601999c58 __free_lconv_num 11 API calls 19395->19396 19397 7ff6019a09c9 19395->19397 19396->19395 19398 7ff60199f5e8 EnterCriticalSection 19397->19398 15754 7ff601994938 15755 7ff60199496f 15754->15755 15756 7ff601994952 15754->15756 15755->15756 15758 7ff601994982 CreateFileW 15755->15758 15779 7ff6019943d4 15756->15779 15760 7ff6019949b6 15758->15760 15761 7ff6019949ec 15758->15761 15788 7ff601994a8c GetFileType 15760->15788 15814 7ff601994f14 15761->15814 15768 7ff601994a20 15840 7ff601994cd4 15768->15840 15769 7ff6019949f5 15835 7ff601994368 15769->15835 15771 7ff6019949e1 CloseHandle 15775 7ff60199496a 15771->15775 15772 7ff6019949cb CloseHandle 15772->15775 15778 7ff6019949ff 15778->15775 15857 7ff60199a5d8 GetLastError 15779->15857 15781 7ff6019943dd 15782 7ff6019943f4 15781->15782 15783 7ff60199a5d8 _get_daylight 11 API calls 15782->15783 15784 7ff6019943fd 15783->15784 15785 7ff601999bf0 15784->15785 15915 7ff601999a88 15785->15915 15787 7ff601999c09 15787->15775 15789 7ff601994b97 15788->15789 15790 7ff601994ada 15788->15790 15792 7ff601994b9f 15789->15792 15793 7ff601994bc1 15789->15793 15791 7ff601994b06 GetFileInformationByHandle 15790->15791 15794 7ff601994e10 21 API calls 15790->15794 15795 7ff601994b2f 15791->15795 15796 7ff601994bb2 GetLastError 15791->15796 15792->15796 15797 7ff601994ba3 15792->15797 15798 7ff601994be4 PeekNamedPipe 15793->15798 15812 7ff601994b82 15793->15812 15799 7ff601994af4 15794->15799 15800 7ff601994cd4 51 API calls 15795->15800 15802 7ff601994368 _fread_nolock 11 API calls 15796->15802 15801 7ff6019943f4 _get_daylight 11 API calls 15797->15801 15798->15812 15799->15791 15799->15812 15804 7ff601994b3a 15800->15804 15801->15812 15802->15812 15803 7ff60198b870 _log10_special 8 API calls 15805 7ff6019949c4 15803->15805 15981 7ff601994c34 15804->15981 15805->15771 15805->15772 15808 7ff601994c34 10 API calls 15809 7ff601994b59 15808->15809 15810 7ff601994c34 10 API calls 15809->15810 15811 7ff601994b6a 15810->15811 15811->15812 15813 7ff6019943f4 _get_daylight 11 API calls 15811->15813 15812->15803 15813->15812 15815 7ff601994f4a 15814->15815 15816 7ff6019943f4 _get_daylight 11 API calls 15815->15816 15834 7ff601994fe2 __std_exception_copy 15815->15834 15818 7ff601994f5c 15816->15818 15817 7ff60198b870 _log10_special 8 API calls 15819 7ff6019949f1 15817->15819 15820 7ff6019943f4 _get_daylight 11 API calls 15818->15820 15819->15768 15819->15769 15821 7ff601994f64 15820->15821 15988 7ff601997118 15821->15988 15823 7ff601994f79 15824 7ff601994f81 15823->15824 15825 7ff601994f8b 15823->15825 15827 7ff6019943f4 _get_daylight 11 API calls 15824->15827 15826 7ff6019943f4 _get_daylight 11 API calls 15825->15826 15828 7ff601994f90 15826->15828 15833 7ff601994f86 15827->15833 15829 7ff6019943f4 _get_daylight 11 API calls 15828->15829 15828->15834 15830 7ff601994f9a 15829->15830 15831 7ff601997118 45 API calls 15830->15831 15831->15833 15832 7ff601994fd4 GetDriveTypeW 15832->15834 15833->15832 15833->15834 15834->15817 15836 7ff60199a5d8 _get_daylight 11 API calls 15835->15836 15837 7ff601994375 __free_lconv_num 15836->15837 15838 7ff60199a5d8 _get_daylight 11 API calls 15837->15838 15839 7ff601994397 15838->15839 15839->15778 15841 7ff601994cfc 15840->15841 15849 7ff601994a2d 15841->15849 16082 7ff60199ea34 15841->16082 15843 7ff601994d90 15844 7ff60199ea34 51 API calls 15843->15844 15843->15849 15845 7ff601994da3 15844->15845 15846 7ff60199ea34 51 API calls 15845->15846 15845->15849 15847 7ff601994db6 15846->15847 15848 7ff60199ea34 51 API calls 15847->15848 15847->15849 15848->15849 15850 7ff601994e10 15849->15850 15851 7ff601994e2a 15850->15851 15852 7ff601994e61 15851->15852 15853 7ff601994e3a 15851->15853 15854 7ff60199e8c8 21 API calls 15852->15854 15855 7ff601994e4a 15853->15855 15856 7ff601994368 _fread_nolock 11 API calls 15853->15856 15854->15855 15855->15778 15856->15855 15858 7ff60199a619 FlsSetValue 15857->15858 15863 7ff60199a5fc 15857->15863 15859 7ff60199a609 SetLastError 15858->15859 15860 7ff60199a62b 15858->15860 15859->15781 15874 7ff60199dea8 15860->15874 15863->15858 15863->15859 15864 7ff60199a63a 15865 7ff60199a658 FlsSetValue 15864->15865 15866 7ff60199a648 FlsSetValue 15864->15866 15868 7ff60199a664 FlsSetValue 15865->15868 15869 7ff60199a676 15865->15869 15867 7ff60199a651 15866->15867 15881 7ff601999c58 15867->15881 15868->15867 15887 7ff60199a204 15869->15887 15875 7ff60199deb9 _get_daylight 15874->15875 15876 7ff60199df0a 15875->15876 15877 7ff60199deee HeapAlloc 15875->15877 15892 7ff6019a28a0 15875->15892 15879 7ff6019943f4 _get_daylight 10 API calls 15876->15879 15877->15875 15878 7ff60199df08 15877->15878 15878->15864 15879->15878 15882 7ff601999c5d RtlFreeHeap 15881->15882 15886 7ff601999c8c 15881->15886 15883 7ff601999c78 GetLastError 15882->15883 15882->15886 15884 7ff601999c85 __free_lconv_num 15883->15884 15885 7ff6019943f4 _get_daylight 9 API calls 15884->15885 15885->15886 15886->15859 15901 7ff60199a0dc 15887->15901 15895 7ff6019a28e0 15892->15895 15900 7ff60199f5e8 EnterCriticalSection 15895->15900 15913 7ff60199f5e8 EnterCriticalSection 15901->15913 15916 7ff601999ab3 15915->15916 15919 7ff601999b24 15916->15919 15918 7ff601999ada 15918->15787 15929 7ff60199986c 15919->15929 15925 7ff601999b5f 15925->15918 15930 7ff6019998c3 15929->15930 15931 7ff601999888 GetLastError 15929->15931 15930->15925 15935 7ff6019998d8 15930->15935 15932 7ff601999898 15931->15932 15942 7ff60199a6a0 15932->15942 15936 7ff6019998f4 GetLastError SetLastError 15935->15936 15937 7ff60199990c 15935->15937 15936->15937 15937->15925 15938 7ff601999c10 IsProcessorFeaturePresent 15937->15938 15939 7ff601999c23 15938->15939 15959 7ff601999924 15939->15959 15943 7ff60199a6bf FlsGetValue 15942->15943 15944 7ff60199a6da FlsSetValue 15942->15944 15945 7ff60199a6d4 15943->15945 15947 7ff6019998b3 SetLastError 15943->15947 15946 7ff60199a6e7 15944->15946 15944->15947 15945->15944 15948 7ff60199dea8 _get_daylight 11 API calls 15946->15948 15947->15930 15949 7ff60199a6f6 15948->15949 15950 7ff60199a714 FlsSetValue 15949->15950 15951 7ff60199a704 FlsSetValue 15949->15951 15953 7ff60199a720 FlsSetValue 15950->15953 15954 7ff60199a732 15950->15954 15952 7ff60199a70d 15951->15952 15955 7ff601999c58 __free_lconv_num 11 API calls 15952->15955 15953->15952 15956 7ff60199a204 _get_daylight 11 API calls 15954->15956 15955->15947 15957 7ff60199a73a 15956->15957 15958 7ff601999c58 __free_lconv_num 11 API calls 15957->15958 15958->15947 15960 7ff60199995e _isindst __scrt_get_show_window_mode 15959->15960 15961 7ff601999986 RtlCaptureContext RtlLookupFunctionEntry 15960->15961 15962 7ff6019999c0 RtlVirtualUnwind 15961->15962 15963 7ff6019999f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15961->15963 15962->15963 15964 7ff601999a48 _isindst 15963->15964 15967 7ff60198b870 15964->15967 15968 7ff60198b879 15967->15968 15969 7ff60198b884 GetCurrentProcess TerminateProcess 15968->15969 15970 7ff60198bc00 IsProcessorFeaturePresent 15968->15970 15971 7ff60198bc18 15970->15971 15976 7ff60198bdf8 RtlCaptureContext 15971->15976 15977 7ff60198be12 RtlLookupFunctionEntry 15976->15977 15978 7ff60198bc2b 15977->15978 15979 7ff60198be28 RtlVirtualUnwind 15977->15979 15980 7ff60198bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15978->15980 15979->15977 15979->15978 15982 7ff601994c50 15981->15982 15983 7ff601994c5d FileTimeToSystemTime 15981->15983 15982->15983 15985 7ff601994c58 15982->15985 15984 7ff601994c71 SystemTimeToTzSpecificLocalTime 15983->15984 15983->15985 15984->15985 15986 7ff60198b870 _log10_special 8 API calls 15985->15986 15987 7ff601994b49 15986->15987 15987->15808 15989 7ff6019971a2 15988->15989 15990 7ff601997134 15988->15990 16025 7ff60199fad0 15989->16025 15990->15989 15992 7ff601997139 15990->15992 15993 7ff60199716e 15992->15993 15994 7ff601997151 15992->15994 16008 7ff601996f5c GetFullPathNameW 15993->16008 16000 7ff601996ee8 GetFullPathNameW 15994->16000 15999 7ff601997166 __std_exception_copy 15999->15823 16001 7ff601996f0e GetLastError 16000->16001 16002 7ff601996f24 16000->16002 16003 7ff601994368 _fread_nolock 11 API calls 16001->16003 16006 7ff6019943f4 _get_daylight 11 API calls 16002->16006 16007 7ff601996f20 16002->16007 16004 7ff601996f1b 16003->16004 16005 7ff6019943f4 _get_daylight 11 API calls 16004->16005 16005->16007 16006->16007 16007->15999 16009 7ff601996f8f GetLastError 16008->16009 16012 7ff601996fa5 __std_exception_copy 16008->16012 16010 7ff601994368 _fread_nolock 11 API calls 16009->16010 16011 7ff601996f9c 16010->16011 16014 7ff6019943f4 _get_daylight 11 API calls 16011->16014 16013 7ff601996fa1 16012->16013 16015 7ff601996fff GetFullPathNameW 16012->16015 16016 7ff601997034 16013->16016 16014->16013 16015->16009 16015->16013 16019 7ff6019970a8 memcpy_s 16016->16019 16020 7ff60199705d __scrt_get_show_window_mode 16016->16020 16017 7ff601997091 16018 7ff6019943f4 _get_daylight 11 API calls 16017->16018 16024 7ff601997096 16018->16024 16019->15999 16020->16017 16020->16019 16022 7ff6019970ca 16020->16022 16021 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 16021->16019 16022->16019 16023 7ff6019943f4 _get_daylight 11 API calls 16022->16023 16023->16024 16024->16021 16028 7ff60199f8e0 16025->16028 16029 7ff60199f922 16028->16029 16030 7ff60199f90b 16028->16030 16031 7ff60199f947 16029->16031 16032 7ff60199f926 16029->16032 16033 7ff6019943f4 _get_daylight 11 API calls 16030->16033 16066 7ff60199e8c8 16031->16066 16054 7ff60199fa4c 16032->16054 16036 7ff60199f910 16033->16036 16040 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 16036->16040 16038 7ff60199f94c 16043 7ff60199f9f1 16038->16043 16049 7ff60199f973 16038->16049 16039 7ff60199f92f 16041 7ff6019943d4 _fread_nolock 11 API calls 16039->16041 16053 7ff60199f91b __std_exception_copy 16040->16053 16042 7ff60199f934 16041->16042 16046 7ff6019943f4 _get_daylight 11 API calls 16042->16046 16043->16030 16044 7ff60199f9f9 16043->16044 16047 7ff601996ee8 13 API calls 16044->16047 16045 7ff60198b870 _log10_special 8 API calls 16048 7ff60199fa41 16045->16048 16046->16036 16047->16053 16048->15999 16050 7ff601996f5c 14 API calls 16049->16050 16051 7ff60199f9b7 16050->16051 16052 7ff601997034 37 API calls 16051->16052 16051->16053 16052->16053 16053->16045 16055 7ff60199fa96 16054->16055 16056 7ff60199fa66 16054->16056 16058 7ff60199faa1 GetDriveTypeW 16055->16058 16059 7ff60199fa81 16055->16059 16057 7ff6019943d4 _fread_nolock 11 API calls 16056->16057 16060 7ff60199fa6b 16057->16060 16058->16059 16062 7ff60198b870 _log10_special 8 API calls 16059->16062 16061 7ff6019943f4 _get_daylight 11 API calls 16060->16061 16063 7ff60199fa76 16061->16063 16064 7ff60199f92b 16062->16064 16065 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 16063->16065 16064->16038 16064->16039 16065->16059 16080 7ff6019a97e0 16066->16080 16068 7ff60199e8fe GetCurrentDirectoryW 16069 7ff60199e915 16068->16069 16070 7ff60199e93c 16068->16070 16073 7ff60198b870 _log10_special 8 API calls 16069->16073 16071 7ff60199dea8 _get_daylight 11 API calls 16070->16071 16072 7ff60199e94b 16071->16072 16074 7ff60199e955 GetCurrentDirectoryW 16072->16074 16075 7ff60199e964 16072->16075 16076 7ff60199e9a9 16073->16076 16074->16075 16077 7ff60199e969 16074->16077 16078 7ff6019943f4 _get_daylight 11 API calls 16075->16078 16076->16038 16079 7ff601999c58 __free_lconv_num 11 API calls 16077->16079 16078->16077 16079->16069 16081 7ff6019a97d0 16080->16081 16081->16068 16081->16081 16083 7ff60199ea65 16082->16083 16084 7ff60199ea41 16082->16084 16087 7ff60199ea9f 16083->16087 16089 7ff60199eabe 16083->16089 16084->16083 16085 7ff60199ea46 16084->16085 16086 7ff6019943f4 _get_daylight 11 API calls 16085->16086 16090 7ff60199ea4b 16086->16090 16088 7ff6019943f4 _get_daylight 11 API calls 16087->16088 16091 7ff60199eaa4 16088->16091 16099 7ff601994178 16089->16099 16093 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 16090->16093 16094 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 16091->16094 16095 7ff60199ea56 16093->16095 16097 7ff60199eaaf 16094->16097 16095->15843 16096 7ff60199f7ec 51 API calls 16098 7ff60199eacb 16096->16098 16097->15843 16098->16096 16098->16097 16100 7ff60199419c 16099->16100 16106 7ff601994197 16099->16106 16100->16106 16107 7ff60199a460 GetLastError 16100->16107 16106->16098 16108 7ff60199a4a1 FlsSetValue 16107->16108 16109 7ff60199a484 FlsGetValue 16107->16109 16111 7ff60199a4b3 16108->16111 16126 7ff60199a491 16108->16126 16110 7ff60199a49b 16109->16110 16109->16126 16110->16108 16112 7ff60199dea8 _get_daylight 11 API calls 16111->16112 16114 7ff60199a4c2 16112->16114 16113 7ff60199a50d SetLastError 16115 7ff6019941b7 16113->16115 16116 7ff60199a52d 16113->16116 16117 7ff60199a4e0 FlsSetValue 16114->16117 16118 7ff60199a4d0 FlsSetValue 16114->16118 16129 7ff60199cc94 16115->16129 16137 7ff601999814 16116->16137 16122 7ff60199a4fe 16117->16122 16123 7ff60199a4ec FlsSetValue 16117->16123 16121 7ff60199a4d9 16118->16121 16124 7ff601999c58 __free_lconv_num 11 API calls 16121->16124 16125 7ff60199a204 _get_daylight 11 API calls 16122->16125 16123->16121 16124->16126 16127 7ff60199a506 16125->16127 16126->16113 16128 7ff601999c58 __free_lconv_num 11 API calls 16127->16128 16128->16113 16130 7ff6019941da 16129->16130 16131 7ff60199cca9 16129->16131 16133 7ff60199cd00 16130->16133 16131->16130 16181 7ff6019a2614 16131->16181 16134 7ff60199cd28 16133->16134 16135 7ff60199cd15 16133->16135 16134->16106 16135->16134 16194 7ff6019a1960 16135->16194 16146 7ff6019a2960 16137->16146 16172 7ff6019a2918 16146->16172 16177 7ff60199f5e8 EnterCriticalSection 16172->16177 16182 7ff60199a460 __CxxCallCatchBlock 45 API calls 16181->16182 16183 7ff6019a2623 16182->16183 16184 7ff6019a266e 16183->16184 16193 7ff60199f5e8 EnterCriticalSection 16183->16193 16184->16130 16195 7ff60199a460 __CxxCallCatchBlock 45 API calls 16194->16195 16196 7ff6019a1969 16195->16196 19455 7ff601994720 19456 7ff60199472b 19455->19456 19464 7ff60199e5b4 19456->19464 19477 7ff60199f5e8 EnterCriticalSection 19464->19477 19866 7ff60199ec9c 19867 7ff60199ee8e 19866->19867 19869 7ff60199ecde _isindst 19866->19869 19868 7ff6019943f4 _get_daylight 11 API calls 19867->19868 19885 7ff60199ee7e 19868->19885 19869->19867 19872 7ff60199ed5e _isindst 19869->19872 19870 7ff60198b870 _log10_special 8 API calls 19871 7ff60199eea9 19870->19871 19887 7ff6019a54a4 19872->19887 19877 7ff60199eeba 19879 7ff601999c10 _isindst 17 API calls 19877->19879 19881 7ff60199eece 19879->19881 19884 7ff60199edbb 19884->19885 19911 7ff6019a54e8 19884->19911 19885->19870 19888 7ff6019a54b3 19887->19888 19891 7ff60199ed7c 19887->19891 19918 7ff60199f5e8 EnterCriticalSection 19888->19918 19893 7ff6019a48a8 19891->19893 19894 7ff6019a48b1 19893->19894 19895 7ff60199ed91 19893->19895 19896 7ff6019943f4 _get_daylight 11 API calls 19894->19896 19895->19877 19899 7ff6019a48d8 19895->19899 19897 7ff6019a48b6 19896->19897 19898 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 19897->19898 19898->19895 19900 7ff6019a48e1 19899->19900 19904 7ff60199eda2 19899->19904 19901 7ff6019943f4 _get_daylight 11 API calls 19900->19901 19902 7ff6019a48e6 19901->19902 19903 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 19902->19903 19903->19904 19904->19877 19905 7ff6019a4908 19904->19905 19906 7ff6019a4911 19905->19906 19907 7ff60199edb3 19905->19907 19908 7ff6019943f4 _get_daylight 11 API calls 19906->19908 19907->19877 19907->19884 19909 7ff6019a4916 19908->19909 19910 7ff601999bf0 _invalid_parameter_noinfo 37 API calls 19909->19910 19910->19907 19919 7ff60199f5e8 EnterCriticalSection 19911->19919 19494 7ff60199b830 19505 7ff60199f5e8 EnterCriticalSection 19494->19505 20250 7ff6019aa079 20253 7ff601994788 LeaveCriticalSection 20250->20253 19602 7ff6019aa10e 19603 7ff6019aa11d 19602->19603 19605 7ff6019aa127 19602->19605 19606 7ff60199f648 LeaveCriticalSection 19603->19606

                                                                Executed Functions

                                                                Function 00007FF601981000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ff601981000-7ff601983536 call 7ff60198f138 call 7ff60198f140 call 7ff60198bb70 call 7ff601994700 call 7ff601994794 call 7ff6019833e0 14 7ff601983538-7ff60198353f 0->14 15 7ff601983544-7ff601983566 call 7ff6019818f0 0->15 16 7ff60198371a-7ff601983735 call 7ff60198b870 14->16 21 7ff60198356c-7ff601983583 call 7ff601981bf0 15->21 22 7ff601983736-7ff60198374c call 7ff601983f70 15->22 26 7ff601983588-7ff6019835c1 21->26 27 7ff601983785-7ff60198379a call 7ff6019825f0 22->27 28 7ff60198374e-7ff60198377b call 7ff6019876a0 22->28 29 7ff6019835c7-7ff6019835cb 26->29 30 7ff601983653-7ff60198366d call 7ff601987e10 26->30 41 7ff601983712 27->41 45 7ff60198377d-7ff601983780 call 7ff60198f36c 28->45 46 7ff60198379f-7ff6019837be call 7ff601981bf0 28->46 33 7ff6019835cd-7ff6019835e5 call 7ff601994560 29->33 34 7ff601983638-7ff60198364d call 7ff6019818e0 29->34 43 7ff601983695-7ff60198369c 30->43 44 7ff60198366f-7ff601983675 30->44 48 7ff6019835e7-7ff6019835eb 33->48 49 7ff6019835f2-7ff60198360a call 7ff601994560 33->49 34->29 34->30 41->16 53 7ff601983844-7ff601983863 call 7ff601983e90 43->53 54 7ff6019836a2-7ff6019836c0 call 7ff601987e10 call 7ff601987f80 43->54 50 7ff601983677-7ff601983680 44->50 51 7ff601983682-7ff601983690 call 7ff60199415c 44->51 45->27 61 7ff6019837c1-7ff6019837ca 46->61 48->49 66 7ff60198360c-7ff601983610 49->66 67 7ff601983617-7ff60198362f call 7ff601994560 49->67 50->51 51->43 69 7ff601983865-7ff60198386f call 7ff601983fe0 53->69 70 7ff601983871-7ff601983882 call 7ff601981bf0 53->70 79 7ff6019836c6-7ff6019836c9 54->79 80 7ff60198380f-7ff60198381e call 7ff601988400 54->80 61->61 65 7ff6019837cc-7ff6019837e9 call 7ff6019818f0 61->65 65->26 83 7ff6019837ef-7ff601983800 call 7ff6019825f0 65->83 66->67 67->34 84 7ff601983631 67->84 76 7ff601983887-7ff6019838a1 call 7ff6019886b0 69->76 70->76 93 7ff6019838a3 76->93 94 7ff6019838af-7ff6019838c1 SetDllDirectoryW 76->94 79->80 85 7ff6019836cf-7ff6019836f6 call 7ff601981bf0 79->85 91 7ff60198382c-7ff60198382f call 7ff601987c40 80->91 92 7ff601983820 80->92 83->41 84->34 100 7ff6019836fc-7ff601983703 call 7ff6019825f0 85->100 101 7ff601983805-7ff60198380d call 7ff60199415c 85->101 103 7ff601983834-7ff601983836 91->103 92->91 93->94 98 7ff6019838c3-7ff6019838ca 94->98 99 7ff6019838d0-7ff6019838ec call 7ff601986560 call 7ff601986b00 94->99 98->99 104 7ff601983a50-7ff601983a58 98->104 118 7ff601983947-7ff60198394a call 7ff601986510 99->118 119 7ff6019838ee-7ff6019838f4 99->119 107 7ff601983708-7ff60198370a 100->107 101->76 103->76 110 7ff601983838 103->110 108 7ff601983a7d-7ff601983aaf call 7ff6019833d0 call 7ff601983080 call 7ff6019833a0 call 7ff601986780 call 7ff601986510 104->108 109 7ff601983a5a-7ff601983a77 PostMessageW GetMessageW 104->109 107->41 109->108 110->53 127 7ff60198394f-7ff601983956 118->127 121 7ff6019838f6-7ff601983903 call 7ff6019865a0 119->121 122 7ff60198390e-7ff601983918 call 7ff601986970 119->122 121->122 132 7ff601983905-7ff60198390c 121->132 134 7ff60198391a-7ff601983921 122->134 135 7ff601983923-7ff601983931 call 7ff601986cd0 122->135 127->104 128 7ff60198395c-7ff601983966 call 7ff6019830e0 127->128 128->107 141 7ff60198396c-7ff601983980 call 7ff6019883e0 128->141 137 7ff60198393a-7ff601983942 call 7ff601982870 call 7ff601986780 132->137 134->137 135->127 146 7ff601983933 135->146 137->118 151 7ff6019839a5-7ff6019839bb call 7ff601987f20 call 7ff601987fc0 141->151 152 7ff601983982-7ff60198399f PostMessageW GetMessageW 141->152 146->137 156 7ff6019839c0-7ff6019839e8 call 7ff601986780 call 7ff601986510 call 7ff601987ec0 151->156 152->151 163 7ff601983a3d-7ff601983a4b call 7ff6019818a0 156->163 164 7ff6019839ea-7ff601983a00 call 7ff6019881f0 call 7ff601987ec0 156->164 163->107 164->163 171 7ff601983a02-7ff601983a10 164->171 172 7ff601983a12-7ff601983a2c call 7ff6019825f0 call 7ff6019818a0 171->172 173 7ff601983a31-7ff601983a38 call 7ff601982870 171->173 172->107 173->163
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName
                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                • API String ID: 514040917-585287483
                                                                • Opcode ID: a4d2e2bd269dc65f05cba5f8a1d023e47a8b511d1558fc25917fe28a704291c4
                                                                • Instruction ID: 31d67e0877885e1a208ec70ad9ccd2fe2fd40374663ea2ef36dd29fa620c37df
                                                                • Opcode Fuzzy Hash: a4d2e2bd269dc65f05cba5f8a1d023e47a8b511d1558fc25917fe28a704291c4
                                                                • Instruction Fuzzy Hash: C9F17021F08682A2FB19EB21D5552F96351BF54B8CFA44032DA1EC76D7EFACE658C340
                                                                Function 00007FF6019A5C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 335 7ff6019a5c74-7ff6019a5ce7 call 7ff6019a59a8 338 7ff6019a5d01-7ff6019a5d0b call 7ff601997830 335->338 339 7ff6019a5ce9-7ff6019a5cf2 call 7ff6019943d4 335->339 345 7ff6019a5d26-7ff6019a5d8f CreateFileW 338->345 346 7ff6019a5d0d-7ff6019a5d24 call 7ff6019943d4 call 7ff6019943f4 338->346 344 7ff6019a5cf5-7ff6019a5cfc call 7ff6019943f4 339->344 362 7ff6019a6042-7ff6019a6062 344->362 347 7ff6019a5d91-7ff6019a5d97 345->347 348 7ff6019a5e0c-7ff6019a5e17 GetFileType 345->348 346->344 352 7ff6019a5dd9-7ff6019a5e07 GetLastError call 7ff601994368 347->352 353 7ff6019a5d99-7ff6019a5d9d 347->353 355 7ff6019a5e19-7ff6019a5e54 GetLastError call 7ff601994368 CloseHandle 348->355 356 7ff6019a5e6a-7ff6019a5e71 348->356 352->344 353->352 360 7ff6019a5d9f-7ff6019a5dd7 CreateFileW 353->360 355->344 370 7ff6019a5e5a-7ff6019a5e65 call 7ff6019943f4 355->370 358 7ff6019a5e73-7ff6019a5e77 356->358 359 7ff6019a5e79-7ff6019a5e7c 356->359 365 7ff6019a5e82-7ff6019a5ed7 call 7ff601997748 358->365 359->365 366 7ff6019a5e7e 359->366 360->348 360->352 374 7ff6019a5ef6-7ff6019a5f27 call 7ff6019a5728 365->374 375 7ff6019a5ed9-7ff6019a5ee5 call 7ff6019a5bb0 365->375 366->365 370->344 380 7ff6019a5f29-7ff6019a5f2b 374->380 381 7ff6019a5f2d-7ff6019a5f6f 374->381 375->374 382 7ff6019a5ee7 375->382 383 7ff6019a5ee9-7ff6019a5ef1 call 7ff601999dd0 380->383 384 7ff6019a5f91-7ff6019a5f9c 381->384 385 7ff6019a5f71-7ff6019a5f75 381->385 382->383 383->362 387 7ff6019a6040 384->387 388 7ff6019a5fa2-7ff6019a5fa6 384->388 385->384 386 7ff6019a5f77-7ff6019a5f8c 385->386 386->384 387->362 388->387 390 7ff6019a5fac-7ff6019a5ff1 CloseHandle CreateFileW 388->390 392 7ff6019a5ff3-7ff6019a6021 GetLastError call 7ff601994368 call 7ff601997970 390->392 393 7ff6019a6026-7ff6019a603b 390->393 392->393 393->387
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                • String ID:
                                                                • API String ID: 1617910340-0
                                                                • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                • Instruction ID: fa80f79266c53877c03f04f03bd749ad33a8e4351d2a8f24ff2834dec2693a03
                                                                • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                • Instruction Fuzzy Hash: 8AC1BF36F28A418AEB10CF69C4916AC3761FB49B98B614225DF2E97796CF38E459C340
                                                                Function 00007FF6019885A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                • Instruction ID: c65aefb6f8dd6804c7a43148d0c6b8ddbe92fd8e1ee09a28082e863cc96e086a
                                                                • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                • Instruction Fuzzy Hash: 9FF06822A2D64287F7608B60B4897667350FB4476CF540339D96E826D5DF7CE0598A04
                                                                Function 00007FF6019818F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 179 7ff6019818f0-7ff60198192b call 7ff601983f70 182 7ff601981bc1-7ff601981be5 call 7ff60198b870 179->182 183 7ff601981931-7ff601981971 call 7ff6019876a0 179->183 188 7ff601981977-7ff601981987 call 7ff60198f9f4 183->188 189 7ff601981bae-7ff601981bb1 call 7ff60198f36c 183->189 194 7ff601981989-7ff60198199c call 7ff601982760 188->194 195 7ff6019819a1-7ff6019819bd call 7ff60198f6bc 188->195 192 7ff601981bb6-7ff601981bbe 189->192 192->182 194->189 200 7ff6019819d7-7ff6019819ec call 7ff601994154 195->200 201 7ff6019819bf-7ff6019819d2 call 7ff601982760 195->201 206 7ff601981a06-7ff601981a87 call 7ff601981bf0 * 2 call 7ff60198f9f4 200->206 207 7ff6019819ee-7ff601981a01 call 7ff601982760 200->207 201->189 215 7ff601981a8c-7ff601981a9f call 7ff601994170 206->215 207->189 218 7ff601981ab9-7ff601981ad2 call 7ff60198f6bc 215->218 219 7ff601981aa1-7ff601981ab4 call 7ff601982760 215->219 224 7ff601981aec-7ff601981b08 call 7ff60198f430 218->224 225 7ff601981ad4-7ff601981ae7 call 7ff601982760 218->225 219->189 230 7ff601981b1b-7ff601981b29 224->230 231 7ff601981b0a-7ff601981b16 call 7ff6019825f0 224->231 225->189 230->189 233 7ff601981b2f-7ff601981b3e 230->233 231->189 235 7ff601981b40-7ff601981b46 233->235 236 7ff601981b48-7ff601981b55 235->236 237 7ff601981b60-7ff601981b6f 235->237 238 7ff601981b71-7ff601981b7a 236->238 237->237 237->238 239 7ff601981b7c-7ff601981b7f 238->239 240 7ff601981b8f 238->240 239->240 241 7ff601981b81-7ff601981b84 239->241 242 7ff601981b91-7ff601981bac 240->242 241->240 243 7ff601981b86-7ff601981b89 241->243 242->189 242->235 243->240 244 7ff601981b8b-7ff601981b8d 243->244 244->242
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock$Message
                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                • API String ID: 677216364-3497178890
                                                                • Opcode ID: 7995a21b28b680851394af75eb53cd73354e47d861740444e0d3535187b21681
                                                                • Instruction ID: c3a9e1b68bc027f7f38d962650654a4062ffb247846985f6bbbc2263d23a7ba3
                                                                • Opcode Fuzzy Hash: 7995a21b28b680851394af75eb53cd73354e47d861740444e0d3535187b21681
                                                                • Instruction Fuzzy Hash: 6F71A371F1D6868AEB60DB28E4506B923A0FF4478CF644035D98DC779BEEBCE5498B40
                                                                Function 00007FF6019815C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 245 7ff6019815c0-7ff6019815d1 246 7ff6019815f7-7ff601981611 call 7ff601983f70 245->246 247 7ff6019815d3-7ff6019815dc call 7ff601981050 245->247 254 7ff60198163b-7ff601981655 call 7ff601983f70 246->254 255 7ff601981613-7ff60198163a call 7ff601982760 246->255 252 7ff6019815ee-7ff6019815f6 247->252 253 7ff6019815de-7ff6019815e9 call 7ff6019825f0 247->253 253->252 261 7ff601981657-7ff60198166c call 7ff6019825f0 254->261 262 7ff601981671-7ff601981688 call 7ff60198f9f4 254->262 269 7ff6019817c5-7ff6019817c8 call 7ff60198f36c 261->269 267 7ff6019816ab-7ff6019816af 262->267 268 7ff60198168a-7ff6019816a6 call 7ff601982760 262->268 271 7ff6019816c9-7ff6019816e9 call 7ff601994170 267->271 272 7ff6019816b1-7ff6019816bd call 7ff6019811f0 267->272 278 7ff6019817bd-7ff6019817c0 call 7ff60198f36c 268->278 276 7ff6019817cd-7ff6019817df 269->276 282 7ff60198170c-7ff601981717 271->282 283 7ff6019816eb-7ff601981707 call 7ff601982760 271->283 279 7ff6019816c2-7ff6019816c4 272->279 278->269 279->278 284 7ff60198171d-7ff601981726 282->284 285 7ff6019817a6-7ff6019817ae call 7ff60199415c 282->285 292 7ff6019817b3-7ff6019817b8 283->292 288 7ff601981730-7ff601981752 call 7ff60198f6bc 284->288 285->292 294 7ff601981785-7ff60198178c 288->294 295 7ff601981754-7ff60198176c call 7ff60198fdfc 288->295 292->278 297 7ff601981793-7ff60198179c call 7ff601982760 294->297 300 7ff601981775-7ff601981783 295->300 301 7ff60198176e-7ff601981771 295->301 304 7ff6019817a1 297->304 300->297 301->288 303 7ff601981773 301->303 303->304 304->285
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                • API String ID: 2030045667-1550345328
                                                                • Opcode ID: 83b3f49e488718fcbde5f422175789b2ebcd3d7843a3cf98154fcb537a0ed418
                                                                • Instruction ID: 47697f187a0985f2d5cd703ccc29ae4a44b23ba95cbe00381693f4531e099d1d
                                                                • Opcode Fuzzy Hash: 83b3f49e488718fcbde5f422175789b2ebcd3d7843a3cf98154fcb537a0ed418
                                                                • Instruction Fuzzy Hash: 03519D61B0864397EB10AB15A9101B923A0BF44B9CFA44135EE1EC7A97EFBCE55A8340
                                                                Function 00007FF601987FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                • String ID: CreateProcessW$Failed to create child process!
                                                                • API String ID: 2895956056-699529898
                                                                • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                • Instruction ID: 302e8c6f806e337d4cdeefcf499dc71e80c95ba1319493d188bb966a644487f6
                                                                • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                • Instruction Fuzzy Hash: 05413631A1878186EB209B64F4552AE73A1FFC5368FA00335E6AD877D6DF7CD0458B40
                                                                Function 00007FF6019811F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 398 7ff6019811f0-7ff60198124d call 7ff60198b0a0 401 7ff601981277-7ff60198128f call 7ff601994170 398->401 402 7ff60198124f-7ff601981276 call 7ff6019825f0 398->402 407 7ff6019812ad-7ff6019812bd call 7ff601994170 401->407 408 7ff601981291-7ff6019812a8 call 7ff601982760 401->408 414 7ff6019812db-7ff6019812ed 407->414 415 7ff6019812bf-7ff6019812d6 call 7ff601982760 407->415 413 7ff601981409-7ff60198141e call 7ff60198ad80 call 7ff60199415c * 2 408->413 430 7ff601981423-7ff60198143d 413->430 417 7ff6019812f0-7ff601981315 call 7ff60198f6bc 414->417 415->413 424 7ff60198131b-7ff601981325 call 7ff60198f430 417->424 425 7ff601981401 417->425 424->425 431 7ff60198132b-7ff601981337 424->431 425->413 432 7ff601981340-7ff601981368 call 7ff6019894e0 431->432 435 7ff60198136a-7ff60198136d 432->435 436 7ff6019813e6-7ff6019813fc call 7ff6019825f0 432->436 437 7ff6019813e1 435->437 438 7ff60198136f-7ff601981379 435->438 436->425 437->436 440 7ff60198137b-7ff601981389 call 7ff60198fdfc 438->440 441 7ff6019813a4-7ff6019813a7 438->441 446 7ff60198138e-7ff601981391 440->446 443 7ff6019813ba-7ff6019813bf 441->443 444 7ff6019813a9-7ff6019813b7 call 7ff6019a9140 441->444 443->432 445 7ff6019813c5-7ff6019813c8 443->445 444->443 448 7ff6019813dc-7ff6019813df 445->448 449 7ff6019813ca-7ff6019813cd 445->449 450 7ff601981393-7ff60198139d call 7ff60198f430 446->450 451 7ff60198139f-7ff6019813a2 446->451 448->425 449->436 453 7ff6019813cf-7ff6019813d7 449->453 450->443 450->451 451->436 453->417
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                • API String ID: 2030045667-2813020118
                                                                • Opcode ID: 9f7725012da1cc34fce5d0bfb3ee6aec36ae4ef04eadb8e7a4371b04415525bd
                                                                • Instruction ID: 53219271ab31fbcd02294e6e8de787daca4b390f6fa0d5ea727549af7d2fdfd4
                                                                • Opcode Fuzzy Hash: 9f7725012da1cc34fce5d0bfb3ee6aec36ae4ef04eadb8e7a4371b04415525bd
                                                                • Instruction Fuzzy Hash: 6A512862B086428AEB609B16E4503BA6291FF8479CF684135ED4EC7BD7EF7CE546C700
                                                                Function 00007FF601987C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF601983834), ref: 00007FF601987CE4
                                                                • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF601983834), ref: 00007FF601987D2C
                                                                  • Part of subcall function 00007FF601987E10: GetEnvironmentVariableW.KERNEL32(00007FF60198365F), ref: 00007FF601987E47
                                                                  • Part of subcall function 00007FF601987E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF601987E69
                                                                  • Part of subcall function 00007FF601997548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF601997561
                                                                  • Part of subcall function 00007FF6019826C0: MessageBoxW.USER32 ref: 00007FF601982736
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                • API String ID: 740614611-1339014028
                                                                • Opcode ID: e203fb9b2ed022230aea9b70073d79c64569b0fcacf7335b186391ffe1e7d089
                                                                • Instruction ID: 770aa677eae2b03ac7db2d86f6faade231267a87c27e3dd3638b0d497637944e
                                                                • Opcode Fuzzy Hash: e203fb9b2ed022230aea9b70073d79c64569b0fcacf7335b186391ffe1e7d089
                                                                • Instruction Fuzzy Hash: 3541CF12B0964246EB28EBA599652F92291BF997CCFB00031ED0EC7797EE7CE5058340
                                                                Function 00007FF60199AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 517 7ff60199ad6c-7ff60199ad92 518 7ff60199ad94-7ff60199ada8 call 7ff6019943d4 call 7ff6019943f4 517->518 519 7ff60199adad-7ff60199adb1 517->519 533 7ff60199b19e 518->533 521 7ff60199b187-7ff60199b193 call 7ff6019943d4 call 7ff6019943f4 519->521 522 7ff60199adb7-7ff60199adbe 519->522 540 7ff60199b199 call 7ff601999bf0 521->540 522->521 524 7ff60199adc4-7ff60199adf2 522->524 524->521 527 7ff60199adf8-7ff60199adff 524->527 530 7ff60199ae01-7ff60199ae13 call 7ff6019943d4 call 7ff6019943f4 527->530 531 7ff60199ae18-7ff60199ae1b 527->531 530->540 536 7ff60199ae21-7ff60199ae27 531->536 537 7ff60199b183-7ff60199b185 531->537 538 7ff60199b1a1-7ff60199b1b8 533->538 536->537 541 7ff60199ae2d-7ff60199ae30 536->541 537->538 540->533 541->530 542 7ff60199ae32-7ff60199ae57 541->542 545 7ff60199ae59-7ff60199ae5b 542->545 546 7ff60199ae8a-7ff60199ae91 542->546 548 7ff60199ae82-7ff60199ae88 545->548 549 7ff60199ae5d-7ff60199ae64 545->549 550 7ff60199ae93-7ff60199aebb call 7ff60199c90c call 7ff601999c58 * 2 546->550 551 7ff60199ae66-7ff60199ae7d call 7ff6019943d4 call 7ff6019943f4 call 7ff601999bf0 546->551 553 7ff60199af08-7ff60199af1f 548->553 549->548 549->551 578 7ff60199aed8-7ff60199af03 call 7ff60199b594 550->578 579 7ff60199aebd-7ff60199aed3 call 7ff6019943f4 call 7ff6019943d4 550->579 582 7ff60199b010 551->582 556 7ff60199af21-7ff60199af29 553->556 557 7ff60199af9a-7ff60199afa4 call 7ff6019a2c2c 553->557 556->557 561 7ff60199af2b-7ff60199af2d 556->561 569 7ff60199b02e 557->569 570 7ff60199afaa-7ff60199afbf 557->570 561->557 566 7ff60199af2f-7ff60199af45 561->566 566->557 571 7ff60199af47-7ff60199af53 566->571 574 7ff60199b033-7ff60199b053 ReadFile 569->574 570->569 576 7ff60199afc1-7ff60199afd3 GetConsoleMode 570->576 571->557 572 7ff60199af55-7ff60199af57 571->572 572->557 577 7ff60199af59-7ff60199af71 572->577 580 7ff60199b059-7ff60199b061 574->580 581 7ff60199b14d-7ff60199b156 GetLastError 574->581 576->569 583 7ff60199afd5-7ff60199afdd 576->583 577->557 585 7ff60199af73-7ff60199af7f 577->585 578->553 579->582 580->581 587 7ff60199b067 580->587 590 7ff60199b173-7ff60199b176 581->590 591 7ff60199b158-7ff60199b16e call 7ff6019943f4 call 7ff6019943d4 581->591 584 7ff60199b013-7ff60199b01d call 7ff601999c58 582->584 583->574 589 7ff60199afdf-7ff60199b001 ReadConsoleW 583->589 584->538 585->557 593 7ff60199af81-7ff60199af83 585->593 597 7ff60199b06e-7ff60199b083 587->597 599 7ff60199b003 GetLastError 589->599 600 7ff60199b022-7ff60199b02c 589->600 594 7ff60199b009-7ff60199b00b call 7ff601994368 590->594 595 7ff60199b17c-7ff60199b17e 590->595 591->582 593->557 604 7ff60199af85-7ff60199af95 593->604 594->582 595->584 597->584 606 7ff60199b085-7ff60199b090 597->606 599->594 600->597 604->557 610 7ff60199b092-7ff60199b0ab call 7ff60199a984 606->610 611 7ff60199b0b7-7ff60199b0bf 606->611 617 7ff60199b0b0-7ff60199b0b2 610->617 614 7ff60199b0c1-7ff60199b0d3 611->614 615 7ff60199b13b-7ff60199b148 call 7ff60199a7c4 611->615 618 7ff60199b12e-7ff60199b136 614->618 619 7ff60199b0d5 614->619 615->617 617->584 618->584 620 7ff60199b0da-7ff60199b0e1 619->620 622 7ff60199b0e3-7ff60199b0e7 620->622 623 7ff60199b11d-7ff60199b128 620->623 624 7ff60199b103 622->624 625 7ff60199b0e9-7ff60199b0f0 622->625 623->618 627 7ff60199b109-7ff60199b119 624->627 625->624 626 7ff60199b0f2-7ff60199b0f6 625->626 626->624 628 7ff60199b0f8-7ff60199b101 626->628 627->620 629 7ff60199b11b 627->629 628->627 629->618
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                • Instruction ID: 1800ea3d61b59c95ebfa28e2cf0f9669eb850a31d0d34cac452d486db1a5c8e4
                                                                • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                • Instruction Fuzzy Hash: EAC1F562A0C78799EB619B1DA4606BD3BA0FB91B88F750131DA5E83793DF7CE855C300
                                                                Function 00007FF601987B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID:
                                                                • API String ID: 995526605-0
                                                                • Opcode ID: fa100e685baa98e829519164d8c7bae0263b828ebdd9095db38f9558f9492d32
                                                                • Instruction ID: b42ec899733cedb71c00de3f1e27f27b04f2cb3480b593c1dec78ce3d96d1fc7
                                                                • Opcode Fuzzy Hash: fa100e685baa98e829519164d8c7bae0263b828ebdd9095db38f9558f9492d32
                                                                • Instruction Fuzzy Hash: D1216531E0CA4242EB649B95E44422AB7A1FF857A8F740235DA6D83BDADFBCD4458740
                                                                Function 00007FF6019833E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,00007FF601983534), ref: 00007FF601983411
                                                                  • Part of subcall function 00007FF6019829E0: GetLastError.KERNEL32(?,?,?,00007FF60198342E,?,00007FF601983534), ref: 00007FF601982A14
                                                                  • Part of subcall function 00007FF6019829E0: FormatMessageW.KERNEL32(?,?,?,00007FF60198342E), ref: 00007FF601982A7D
                                                                  • Part of subcall function 00007FF6019829E0: MessageBoxW.USER32 ref: 00007FF601982ACF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message$ErrorFileFormatLastModuleName
                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                • API String ID: 517058245-2863816727
                                                                • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                • Instruction ID: 238738a7f64b543bd1854d27a4d7db43bdf6576d023029b010963663ee2e269f
                                                                • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                • Instruction Fuzzy Hash: E3217161F1C54292FB219B34E8513B95250BF48B9CFE00136D65EC65E7EFACE609C740
                                                                Function 00007FF601988400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00007FF601987B50: GetCurrentProcess.KERNEL32 ref: 00007FF601987B70
                                                                  • Part of subcall function 00007FF601987B50: OpenProcessToken.ADVAPI32 ref: 00007FF601987B83
                                                                  • Part of subcall function 00007FF601987B50: GetTokenInformation.KERNELBASE ref: 00007FF601987BA8
                                                                  • Part of subcall function 00007FF601987B50: GetLastError.KERNEL32 ref: 00007FF601987BB2
                                                                  • Part of subcall function 00007FF601987B50: GetTokenInformation.KERNELBASE ref: 00007FF601987BF2
                                                                  • Part of subcall function 00007FF601987B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF601987C0E
                                                                  • Part of subcall function 00007FF601987B50: CloseHandle.KERNEL32 ref: 00007FF601987C26
                                                                • LocalFree.KERNEL32(?,00007FF601983814), ref: 00007FF60198848C
                                                                • LocalFree.KERNEL32(?,00007FF601983814), ref: 00007FF601988495
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                • API String ID: 6828938-1529539262
                                                                • Opcode ID: 00508f9f8b173662f129ea82402565ecad2bd7bdcd40e7a91b5badc9791cb352
                                                                • Instruction ID: 406689799e29da16512c119931ddcdf266d59bad07ea8a947407fd4e8327e2f9
                                                                • Opcode Fuzzy Hash: 00508f9f8b173662f129ea82402565ecad2bd7bdcd40e7a91b5badc9791cb352
                                                                • Instruction Fuzzy Hash: 98215E32A0864283F710AB60E5153EA62A5FF88788FA44035EA4E83B97DF7CE445C790
                                                                Function 00007FF60199C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 764 7ff60199c270-7ff60199c295 765 7ff60199c563 764->765 766 7ff60199c29b-7ff60199c29e 764->766 767 7ff60199c565-7ff60199c575 765->767 768 7ff60199c2a0-7ff60199c2d2 call 7ff601999b24 766->768 769 7ff60199c2d7-7ff60199c303 766->769 768->767 771 7ff60199c30e-7ff60199c314 769->771 772 7ff60199c305-7ff60199c30c 769->772 774 7ff60199c324-7ff60199c339 call 7ff6019a2c2c 771->774 775 7ff60199c316-7ff60199c31f call 7ff60199b630 771->775 772->768 772->771 779 7ff60199c33f-7ff60199c348 774->779 780 7ff60199c453-7ff60199c45c 774->780 775->774 779->780 783 7ff60199c34e-7ff60199c352 779->783 781 7ff60199c45e-7ff60199c464 780->781 782 7ff60199c4b0-7ff60199c4d5 WriteFile 780->782 784 7ff60199c466-7ff60199c469 781->784 785 7ff60199c49c-7ff60199c4ae call 7ff60199bd28 781->785 788 7ff60199c4e0 782->788 789 7ff60199c4d7-7ff60199c4dd GetLastError 782->789 786 7ff60199c363-7ff60199c36e 783->786 787 7ff60199c354-7ff60199c35c call 7ff601993ae0 783->787 791 7ff60199c488-7ff60199c49a call 7ff60199bf48 784->791 792 7ff60199c46b-7ff60199c46e 784->792 812 7ff60199c440-7ff60199c447 785->812 794 7ff60199c37f-7ff60199c394 GetConsoleMode 786->794 795 7ff60199c370-7ff60199c379 786->795 787->786 790 7ff60199c4e3 788->790 789->788 797 7ff60199c4e8 790->797 791->812 798 7ff60199c4f4-7ff60199c4fe 792->798 799 7ff60199c474-7ff60199c486 call 7ff60199be2c 792->799 802 7ff60199c39a-7ff60199c3a0 794->802 803 7ff60199c44c 794->803 795->780 795->794 805 7ff60199c4ed 797->805 806 7ff60199c500-7ff60199c505 798->806 807 7ff60199c55c-7ff60199c561 798->807 799->812 810 7ff60199c3a6-7ff60199c3a9 802->810 811 7ff60199c429-7ff60199c43b call 7ff60199b8b0 802->811 803->780 805->798 813 7ff60199c533-7ff60199c53d 806->813 814 7ff60199c507-7ff60199c50a 806->814 807->767 816 7ff60199c3b4-7ff60199c3c2 810->816 817 7ff60199c3ab-7ff60199c3ae 810->817 811->812 812->797 821 7ff60199c53f-7ff60199c542 813->821 822 7ff60199c544-7ff60199c553 813->822 819 7ff60199c523-7ff60199c52e call 7ff6019943b0 814->819 820 7ff60199c50c-7ff60199c51b 814->820 823 7ff60199c420-7ff60199c424 816->823 824 7ff60199c3c4 816->824 817->805 817->816 819->813 820->819 821->765 821->822 822->807 823->790 825 7ff60199c3c8-7ff60199c3df call 7ff6019a2cf8 824->825 830 7ff60199c3e1-7ff60199c3ed 825->830 831 7ff60199c417-7ff60199c41d GetLastError 825->831 832 7ff60199c3ef-7ff60199c401 call 7ff6019a2cf8 830->832 833 7ff60199c40c-7ff60199c413 830->833 831->823 832->831 837 7ff60199c403-7ff60199c40a 832->837 833->823 835 7ff60199c415 833->835 835->825 837->833
                                                                APIs
                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60199C25B), ref: 00007FF60199C38C
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60199C25B), ref: 00007FF60199C417
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ConsoleErrorLastMode
                                                                • String ID:
                                                                • API String ID: 953036326-0
                                                                • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                • Instruction ID: dcf723217276f8708f467a911cad3f1a92ae613e89dd1bb58a676614ed188e70
                                                                • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                • Instruction Fuzzy Hash: CB918062F0865289F760DF6D98602BD2BA0FB54B8CF644139DE4EA7A86DF3CE445C701
                                                                Function 00007FF601994938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 1279662727-0
                                                                • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                • Instruction ID: fa02268210cfd61974545ced4fb4805f4bb47b76f372a724c5078c99da872f44
                                                                • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                • Instruction Fuzzy Hash: 8B41B332D1878287F7558B6496203797360FBA57A8F209334EA9C83AD6DF7CA5E18700
                                                                Function 00007FF60198BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 3251591375-0
                                                                • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                • Instruction ID: ba515f98196df9f4a0bc2d543ab1270b5116a564fddc4946c96a25abcf42ee7d
                                                                • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                • Instruction Fuzzy Hash: 9C315D11E0D24747FF54AB68D4613F92391AF4278CFB40439EA4ECB6D3DEADB8498261
                                                                Function 00007FF60198F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                • Instruction ID: 1cfd8b9022c75d0f6cf2cf534b98af6f1d87ecbf0db28d160876dacbd76eca48
                                                                • Opcode Fuzzy Hash: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                • Instruction Fuzzy Hash: 8851DF62B0928247FB289E3A940467A6681FF84BBCF246735DE6DC37D7CE7CE4018610
                                                                Function 00007FF60199B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastPointer
                                                                • String ID:
                                                                • API String ID: 2976181284-0
                                                                • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                • Instruction ID: 7d73874259a001ccb10885c85f4a5271d343e3893463a01ec352ceee2f80c508
                                                                • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                • Instruction Fuzzy Hash: A811C162B18A8185DB108B29B8541797361EB44FF8F684331EEBE877EACE7CD0508740
                                                                Function 00007FF601999C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C6E
                                                                • GetLastError.KERNEL32(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C78
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 485612231-0
                                                                • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                • Instruction ID: ead462954c4c73030430ae8a5163420fb59fb94d7e059af78dd8505d8cd57eac
                                                                • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                • Instruction Fuzzy Hash: 2BE0C250F0968246FF196BFAAD650791291DF9874DFA04034DD0EC3253EE2C684A8350
                                                                Function 00007FF601999E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNELBASE(?,?,?,00007FF601999CE5,?,?,00000000,00007FF601999D9A), ref: 00007FF601999ED6
                                                                • GetLastError.KERNEL32(?,?,?,00007FF601999CE5,?,?,00000000,00007FF601999D9A), ref: 00007FF601999EE0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CloseErrorHandleLast
                                                                • String ID:
                                                                • API String ID: 918212764-0
                                                                • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                • Instruction ID: d34df2e48efc3452f0e5df32e7b6bf7a658cccf86feb7161fb0fc21d1bd0359f
                                                                • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                • Instruction Fuzzy Hash: 4B21C321F1C64245FF9497E9A5A037D2291DF847ACF284239EA2EC73D3DE6CB4448300
                                                                Function 00007FF60199B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                • Instruction ID: a90415d2532884c7145b523cf42cfc14f63ba8942a897a5be1b6beee3e4a20f4
                                                                • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                • Instruction Fuzzy Hash: D741A0329082418BEB34DB1EB56167D73A0EBA6B88F240135DA9EC7692CF3DE502C751
                                                                Function 00007FF6019876A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID:
                                                                • API String ID: 840049012-0
                                                                • Opcode ID: 860edb0a98c4a3dcae194fe5c8069401722b6002e6c93bb3a4d90fbb5ce1f995
                                                                • Instruction ID: f80ca9ffc8ee126aded130388bde5074df4d85c7f05e6b10afbb6aa58b9bb519
                                                                • Opcode Fuzzy Hash: 860edb0a98c4a3dcae194fe5c8069401722b6002e6c93bb3a4d90fbb5ce1f995
                                                                • Instruction Fuzzy Hash: 5D218321B0865247FB14AA56A9147BAA651BF45BDCFB85430EE0D87787DEBDE041C700
                                                                Function 00007FF60199AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                • Instruction ID: 636483d5a1d679937a3f049ba5c7dd5094a054e089d837697ae213926eaa0186
                                                                • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                • Instruction Fuzzy Hash: 5F31B021E186828AF712AB6D88613BD3650EF50BA9F610135EA1D873D3DFBCE442C710
                                                                Function 00007FF6019952A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                • Instruction ID: a943b801aeeec6931d3b5436645e357af64ece70e9cf1be0c2c616aac641825c
                                                                • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                • Instruction Fuzzy Hash: E411C621A0C2414AFB629F59942117FA260FF55B88F650032FE4CC7A87CF3CD4418740
                                                                Function 00007FF6019A5664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                • Instruction ID: d75ed149ef49bb9f974355263861c38543c63c611e155acc85ad3acbac3cfc51
                                                                • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                • Instruction Fuzzy Hash: EC21A772B18A8186EB618F19E44037977A0FB94B98F754234E65DC76EADF3CD405CB00
                                                                Function 00007FF60198F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                • Instruction ID: 15807b7beaf554d2474db0137832f37dd63ba843fc08efb4eb7af1437b55cebb
                                                                • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                • Instruction Fuzzy Hash: B501D621A0878241FB04EF669901079A695FF95FE8F685635DE6CD3BD7DE7CE5028300
                                                                Function 00007FF60199C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF60198FFB0,?,?,?,00007FF60199161A,?,?,?,?,?,00007FF601992E09), ref: 00007FF60199C94A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AllocHeap
                                                                • String ID:
                                                                • API String ID: 4292702814-0
                                                                • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                • Instruction ID: 6e86393eb4b9e506eba96923b44f5867c931d4ed34100e6c398da64fa20a8990
                                                                • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                • Instruction Fuzzy Hash: 1AF01C21F192878DFF6467BA5D713791280DF88BA8F694630ED6EC62C3DE2CB5818160

                                                                Non-executed Functions

                                                                Function 00007FF601986EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                • API String ID: 190572456-3427451314
                                                                • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                • Instruction ID: 2e32f421f49072c085b8fce648449bbf311131a53c922bf46f8893723b1fb276
                                                                • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                • Instruction Fuzzy Hash: 65E19E64E4DB1392FB59DB84E8501B423A5BF0875CFF45436C88E866A6EFBCB55CC280
                                                                Function 00007FF6019A33BC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 808467561-2761157908
                                                                • Opcode ID: 006b587dceb6a8e5448b800068f928c3aefb42c20130fc8eaa47f3b19415637c
                                                                • Instruction ID: ba7bf1aef913f5b5fc7669acbce8ab1d5cb95dd3120302a6bed9da9571605891
                                                                • Opcode Fuzzy Hash: 006b587dceb6a8e5448b800068f928c3aefb42c20130fc8eaa47f3b19415637c
                                                                • Instruction Fuzzy Hash: 2BB20672F182828BE7648F69D4407FD37A1FB5474CFA45135DA0D97A86DF78AA08CB80
                                                                Function 00007FF6019879B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,00007FF601987EF9,00007FF6019839E6), ref: 00007FF601987A1B
                                                                • RemoveDirectoryW.KERNEL32(?,00007FF601987EF9,00007FF6019839E6), ref: 00007FF601987A9E
                                                                • DeleteFileW.KERNEL32(?,00007FF601987EF9,00007FF6019839E6), ref: 00007FF601987ABD
                                                                • FindNextFileW.KERNEL32(?,00007FF601987EF9,00007FF6019839E6), ref: 00007FF601987ACB
                                                                • FindClose.KERNEL32(?,00007FF601987EF9,00007FF6019839E6), ref: 00007FF601987ADC
                                                                • RemoveDirectoryW.KERNEL32(?,00007FF601987EF9,00007FF6019839E6), ref: 00007FF601987AE5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                • String ID: %s\*
                                                                • API String ID: 1057558799-766152087
                                                                • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                • Instruction ID: 32433313b16baeb3e96caa2eadd980da9eb30861e2ed203a2a688d2141c9217f
                                                                • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                • Instruction Fuzzy Hash: 8441C521A0C54292EB349BA4E4445B9B3A0FB94758FB40632D59EC3AD6DF7CE64AC740
                                                                Function 00007FF601989FCD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                • API String ID: 0-2665694366
                                                                • Opcode ID: 7289e34dee421d23927a0f8f8a094fde9ef8b8d5e9feb20e52711e481e6fcba8
                                                                • Instruction ID: 3811d0360df11a704269967debc9267784993c123b3082e3e8a40e4ffa39cfa1
                                                                • Opcode Fuzzy Hash: 7289e34dee421d23927a0f8f8a094fde9ef8b8d5e9feb20e52711e481e6fcba8
                                                                • Instruction Fuzzy Hash: AA52E572A186A54BD7A48F14C458B7E3BE9FB84348F25413AE64AC7781DFBDE844CB40
                                                                Function 00007FF60198C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 3140674995-0
                                                                • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                • Instruction ID: 5edd0aed1b4ff6ca8e71fad6fb70b648e2791f8f61f08dd63da0187537d9174b
                                                                • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                • Instruction Fuzzy Hash: 28314F72A09B8186EB609F64E8807FE7364FB94748F54403ADB4E87B96DF78D548C710
                                                                Function 00007FF6019829E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message$ErrorFormatLast
                                                                • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                • API String ID: 3971115935-1149178304
                                                                • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                • Instruction ID: c8bb9e5dc0fb21794e7573175d5c5c24938bb13a6a711241d3c6a76c4ea6aba2
                                                                • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                • Instruction Fuzzy Hash: 8A215872A18B8592E7309B10F4507EA7364FB88788F500136EBCE93A59DF7CD54AC740
                                                                Function 00007FF6019A4F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A4F55
                                                                  • Part of subcall function 00007FF6019A48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6019A48BC
                                                                  • Part of subcall function 00007FF601999C58: RtlFreeHeap.NTDLL(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C6E
                                                                  • Part of subcall function 00007FF601999C58: GetLastError.KERNEL32(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C78
                                                                  • Part of subcall function 00007FF601999C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF601999BEF,?,?,?,?,?,00007FF601999ADA), ref: 00007FF601999C19
                                                                  • Part of subcall function 00007FF601999C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF601999BEF,?,?,?,?,?,00007FF601999ADA), ref: 00007FF601999C3E
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A4F44
                                                                  • Part of subcall function 00007FF6019A4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6019A491C
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A51BA
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A51CB
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A51DC
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6019A541C), ref: 00007FF6019A5203
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                • String ID:
                                                                • API String ID: 4070488512-0
                                                                • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                • Instruction ID: 0197d4474edc1b8290a7de1f8e48b3e50eaca28e6868b070e952fa1f58a9f227
                                                                • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                • Instruction Fuzzy Hash: 0CD1BF26F0825286FB20AF25D8501B967A1FF84B8CFA64035EA4DC7A97DF7CE445C780
                                                                Function 00007FF601999924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 1239891234-0
                                                                • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                • Instruction ID: 6075b5eddcdfc0c57060bbd7c979c415c9073ab48d7bc90f4264486e89538d81
                                                                • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                • Instruction Fuzzy Hash: FC315532A18B8186DB60CF29E8502EE77A4FB8475CF640136EA9D87B56DF3CD545C740
                                                                Function 00007FF6019A0B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 2227656907-0
                                                                • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                • Instruction ID: 10da81e7b0daac7cfe162da71251ff328c04cf524da1b5b3dd856ea7334565bf
                                                                • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                • Instruction Fuzzy Hash: 49B1B422F1869281EB609B2594102BD63A0EB44BECFA85135FE5D97BC6DF3CF449C380
                                                                Function 00007FF6019A518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A51BA
                                                                  • Part of subcall function 00007FF6019A4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6019A491C
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A51CB
                                                                  • Part of subcall function 00007FF6019A48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6019A48BC
                                                                • _get_daylight.LIBCMT ref: 00007FF6019A51DC
                                                                  • Part of subcall function 00007FF6019A48D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6019A48EC
                                                                  • Part of subcall function 00007FF601999C58: RtlFreeHeap.NTDLL(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C6E
                                                                  • Part of subcall function 00007FF601999C58: GetLastError.KERNEL32(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C78
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6019A541C), ref: 00007FF6019A5203
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                • String ID:
                                                                • API String ID: 3458911817-0
                                                                • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                • Instruction ID: 65b3164e97aba352c286a0588bc67f6328dda0cf26b2e562545496025d4f8ba9
                                                                • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                • Instruction Fuzzy Hash: 51516D32F1864286F720DF25E8811A967A1FB8878CFA64535EA4DC7697DF3CE445C780
                                                                Function 00007FF60198C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                • Instruction ID: fbfb0b69b2aad30f31eb35585059b6f906e5f3aaa97460ce1a35d65c49680c0a
                                                                • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                • Instruction Fuzzy Hash: 27113C22B18F058AEB00CF60E8542B933B4FB59758F541E35DE6E86BA5DF7CD1988380
                                                                Function 00007FF6019A2F20 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: memcpy_s
                                                                • String ID:
                                                                • API String ID: 1502251526-0
                                                                • Opcode ID: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                • Instruction ID: 556619fee0ce22a4203ab50c23cb9ed2a73964c29e0a0b084ef0064debf1c3bb
                                                                • Opcode Fuzzy Hash: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                • Instruction Fuzzy Hash: DBC1E572F1C28687EB24CF59A04466AB7A1F794B88F948135DB4A83745DF3DF905CB80
                                                                Function 00007FF60198979B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $header crc mismatch$unknown header flags set
                                                                • API String ID: 0-1127688429
                                                                • Opcode ID: 6a55f11302ef793728786adf415505d571280719f8ef56880a9f0a37636d8ec0
                                                                • Instruction ID: 5c2ce90824fa88fb810dfcc459d019f50707d9d5fcfd7a94bbce998f823ce9d6
                                                                • Opcode Fuzzy Hash: 6a55f11302ef793728786adf415505d571280719f8ef56880a9f0a37636d8ec0
                                                                • Instruction Fuzzy Hash: 89F18172A183D68BE7A58B15C088B3E7AE9FF8474CF254538DA4987792CFB8E540C740
                                                                Function 00007FF6019A8A38 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise_clrfp
                                                                • String ID:
                                                                • API String ID: 15204871-0
                                                                • Opcode ID: 4367feba8b0fb5a89db2d79700bffb7903d016d74ce2a4ac284103265cf95646
                                                                • Instruction ID: 4db772aefa3e220b869eaa3e4c79ba91dfc935863d57034bdc17edb856fc1cc6
                                                                • Opcode Fuzzy Hash: 4367feba8b0fb5a89db2d79700bffb7903d016d74ce2a4ac284103265cf95646
                                                                • Instruction Fuzzy Hash: 71B15A73A04B898BEB55CF29C8463683BA0F744B4DF688921DB5D83BA5CF39D855C740
                                                                Function 00007FF601992CC4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $
                                                                • API String ID: 0-227171996
                                                                • Opcode ID: 25965de2e6678be5c8c686b25b3b835ec4bf2bfab2b797158b347abdb642f747
                                                                • Instruction ID: 8b5f37b0385aaf93c911db543a490f6c2b346b9e718745612b14d0b88ca8b341
                                                                • Opcode Fuzzy Hash: 25965de2e6678be5c8c686b25b3b835ec4bf2bfab2b797158b347abdb642f747
                                                                • Instruction Fuzzy Hash: F2E18032A086469AEB688F2DC1A017D33A0FF45B4CF345235DA4E87796DF3AE952C740
                                                                Function 00007FF6019895FB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: incorrect header check$invalid window size
                                                                • API String ID: 0-900081337
                                                                • Opcode ID: 226024973a440a2a6261c5f164d8bafa30541a105b972a390c392a8354fe07a0
                                                                • Instruction ID: 01d04282da9bb04fd6e74249b799a6d550d6eb30953070ae92ae9c593ce34306
                                                                • Opcode Fuzzy Hash: 226024973a440a2a6261c5f164d8bafa30541a105b972a390c392a8354fe07a0
                                                                • Instruction Fuzzy Hash: 1F916272A182C68BE7A58F14D498A7E3AA9FB8435CF254139DA4A877C1CF78E540CB40
                                                                Function 00007FF60199D200 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: e+000$gfff
                                                                • API String ID: 0-3030954782
                                                                • Opcode ID: 1324d18368fb7be0dec1b44ace24e6b174879433860390047f5d35653063db2a
                                                                • Instruction ID: 150962f4c53c4e6fb79349473e698001ceb6c1b34c783caa64b17e73adfc5a13
                                                                • Opcode Fuzzy Hash: 1324d18368fb7be0dec1b44ace24e6b174879433860390047f5d35653063db2a
                                                                • Instruction Fuzzy Hash: 4D515762B1C2C54AE7248E79986176D6BD1F744B9CF689235CB9887AC2CE3DE444C700
                                                                Function 00007FF60199FBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                • String ID:
                                                                • API String ID: 1010374628-0
                                                                • Opcode ID: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                • Instruction ID: 65eb6420a11872db8d97d9b4de0a049f18abc825add70edc17001ad9b65efac7
                                                                • Opcode Fuzzy Hash: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                • Instruction Fuzzy Hash: 8E02C221F1D69748FF61AB1998212B96A90EF51B9CF784639ED6DC73D3EE3CA4018340
                                                                Function 00007FF60199CD6C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: gfffffff
                                                                • API String ID: 0-1523873471
                                                                • Opcode ID: ee332c23296b8dd3ed29fdb42bef122adb490463d0c8b601810d73b835641fc7
                                                                • Instruction ID: ff0789821ffe4cd8d68436bdae9e26473a24f9272c291995c08d59accb544f36
                                                                • Opcode Fuzzy Hash: ee332c23296b8dd3ed29fdb42bef122adb490463d0c8b601810d73b835641fc7
                                                                • Instruction Fuzzy Hash: 84A15863B087C58AEB21CF29A4607AD7B90EB64BC8F248132DE4D87786DE3DE505C701
                                                                Function 00007FF601997AAC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: TMP
                                                                • API String ID: 3215553584-3125297090
                                                                • Opcode ID: 839a1a806d2b08c8b9ade1ed9786cb9cb8429efd2ac68b7f8e7a62dba0c63b20
                                                                • Instruction ID: 672200d1bc4d40b5b4df9ec341607d074b161e84fe1c572aafffbb6160f03c84
                                                                • Opcode Fuzzy Hash: 839a1a806d2b08c8b9ade1ed9786cb9cb8429efd2ac68b7f8e7a62dba0c63b20
                                                                • Instruction Fuzzy Hash: F851CE11F1C68249FB68ABAA59611BA6291EF94BCCF784434DF0DC77C3EE3CE4468604
                                                                Function 00007FF6019A2790 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: HeapProcess
                                                                • String ID:
                                                                • API String ID: 54951025-0
                                                                • Opcode ID: fe1a72d78314f5032ff6e3f3402ce84269ae1386cefa971ca0fc6f511f9bbc55
                                                                • Instruction ID: 2c0766a57b33d403722e4e0a131c4b239b69a203eb7816de91f43b6e13748a95
                                                                • Opcode Fuzzy Hash: fe1a72d78314f5032ff6e3f3402ce84269ae1386cefa971ca0fc6f511f9bbc55
                                                                • Instruction Fuzzy Hash: 87B09220F07A86C2EB082B116C8621423A5BF88704FF58038C44D81321DE2C30A94700
                                                                Function 00007FF6019928C0 Relevance: .3, Instructions: 327COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b05403af9c31de739a9311cbf741df56ce5de8bb6a66a9cc9bcf40cf40427d0b
                                                                • Instruction ID: 8071b26ef6bab7bf48a11c0b6a1b5e41010a7cdb6d76417f38c55909892b71bd
                                                                • Opcode Fuzzy Hash: b05403af9c31de739a9311cbf741df56ce5de8bb6a66a9cc9bcf40cf40427d0b
                                                                • Instruction Fuzzy Hash: 76D1AF36A09642AAEB788F2D956027D27A0FB56B8CF344235CE0D876D6DF3DE845C740
                                                                Function 00007FF601988B20 Relevance: .3, Instructions: 287COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6de572fc7ea0867e481f021e98a3cee959a95ba6dd1d6718a656c0f39a4e480
                                                                • Instruction ID: 79a4aaec7419620dda9415dc33baf0cf1de35389f30a11c9b54ca44da6a3fd8a
                                                                • Opcode Fuzzy Hash: b6de572fc7ea0867e481f021e98a3cee959a95ba6dd1d6718a656c0f39a4e480
                                                                • Instruction Fuzzy Hash: 5FC190722142F14FD289EB29E45957A73D1F79830DBE4402AEB8787B86CA3CE415D7A0
                                                                Function 00007FF601991F30 Relevance: .2, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 54646038064d7a6353eabae39e6447674b1691c16f4822fec46df2a19c6da082
                                                                • Instruction ID: 6dce3c3983418c8330219e184632b47589ce5ec1cbfcb61dc9c53bf7ad0841af
                                                                • Opcode Fuzzy Hash: 54646038064d7a6353eabae39e6447674b1691c16f4822fec46df2a19c6da082
                                                                • Instruction Fuzzy Hash: 50B14976A08A8699EB698F2DC06423C3BA1F749B4CF384135DB4E87396CF3AE451C754
                                                                Function 00007FF60199D880 Relevance: .2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5cf27518f3756e107451e616d5c43acfc5497bdc9406be32d6656a2e3ee85f8
                                                                • Instruction ID: 1910c4036e263bc231363b489b698058b526a5d744110c848e237c31a7fe6d02
                                                                • Opcode Fuzzy Hash: c5cf27518f3756e107451e616d5c43acfc5497bdc9406be32d6656a2e3ee85f8
                                                                • Instruction Fuzzy Hash: 7B81C472A0C7814AEB74CF5D94A137AA6D1FB4A798F244235DA8D87B9ACF3DD5408B00
                                                                Function 00007FF6019A5728 Relevance: .2, Instructions: 183COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: d2b2a23e656420a48cffdcfc29ff0550bdd13d7615b538a3eaf25f4462ec28d4
                                                                • Instruction ID: a78414cd0b0d602510b19b9f43643f17bbf1c52d23f2fc2e1511d6b5ae376113
                                                                • Opcode Fuzzy Hash: d2b2a23e656420a48cffdcfc29ff0550bdd13d7615b538a3eaf25f4462ec28d4
                                                                • Instruction Fuzzy Hash: 09610632F0C28286FB648A2C941067C6681EF81778FF64239DA5DC76D7DE7DE8088781
                                                                Function 00007FF601990C64 Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                • Instruction ID: f1b2ce7802b281d7c7f457979a41d5c729bdedd9b83fd4dac6ba9573bfe958e6
                                                                • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                • Instruction Fuzzy Hash: 5B518E76A187518AEB248B2DC06023C37A4EB55B6CF384131EE5D87796DF3AEC42C780
                                                                Function 00007FF601991484 Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                • Instruction ID: 6a28389f774ae1d5a7b5f36b9fb52af736afec98b129af9ffdd389575a7e318d
                                                                • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                • Instruction Fuzzy Hash: E9516476A186528AE7248B2DC05423837A0FB59F7CF394135DA4D977A6CF3AE852C780
                                                                Function 00007FF601991074 Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                • Instruction ID: d8b2b94164af5aa4a63ee1164dc4888c0695ee86b39b8df86a8ba29899165e6e
                                                                • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                • Instruction Fuzzy Hash: 34515076B186528AE7248B2DD06423837A1FB55B7CF344131CE8D97796CF7AE842C740
                                                                Function 00007FF601990A60 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                • Instruction ID: 631a73354a35c07f88a06b28e451880f5ba9e303a99cfde5a53a02c6203eb809
                                                                • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                • Instruction Fuzzy Hash: C4518136A196518AEB248F2DC06423837A5EB44F5CF384131EE5D97796DF3AE843C780
                                                                Function 00007FF601991280 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                • Instruction ID: d98e7c5285b46bde5873fd8df64a5ff0ff752ce8ffaecb37d5c2129db6d1922a
                                                                • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                • Instruction Fuzzy Hash: 80516276A186528AE7258B2DC06023C27A1FB59F6CF744131CE4D9B79ACF3AE843C740
                                                                Function 00007FF601990E70 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                • Instruction ID: b0b5038b40435791d2f065efe62f27b02a491141e32a6885fd24c0a8c2d1d5a4
                                                                • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                • Instruction Fuzzy Hash: 1F518136A186568AE7248B2DC06023C37A5EB58F6CF384131EE5D97796CF3AE952C740
                                                                Function 00007FF601995040 Relevance: .1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                • Instruction ID: 0293c6141659fea2b9eba838379f938f044c3ff49bc4f92e0702efc6ac36b78a
                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                • Instruction Fuzzy Hash: 0141B792D4974A0EFB67891C45346B62680FF12BA8D7A52B2DDDDD33C7CD0DA9868140
                                                                Function 00007FF6019991B0 Relevance: .1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 485612231-0
                                                                • Opcode ID: 8d7eb27f456b44a91f9c68f162ea9965681a4a0d7ad24d9c24e3bfc258020ebf
                                                                • Instruction ID: 811911fddff670ab5c7d9850043e03533c275283278eea924c3caa2231d0f887
                                                                • Opcode Fuzzy Hash: 8d7eb27f456b44a91f9c68f162ea9965681a4a0d7ad24d9c24e3bfc258020ebf
                                                                • Instruction Fuzzy Hash: E541F672718A5586EF04CF2ADA641B973A5FB48FD8B59903ADE0ED7B59DE3CD0418300
                                                                Function 00007FF6019973F4 Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d47bd74fb6a019277da3c6b3819bfc69269ba7720235d09fb044e88388ffaf66
                                                                • Instruction ID: d0ba285286e8a907d6d1f63bc68243109cd12ad70e090d0c80c0d75c1ccadb61
                                                                • Opcode Fuzzy Hash: d47bd74fb6a019277da3c6b3819bfc69269ba7720235d09fb044e88388ffaf66
                                                                • Instruction Fuzzy Hash: 0731E532B18B8245E7289F69699017E7AD5EB84BE4F244238EA4DD3BD7DF3CD0124B04
                                                                Function 00007FF6019A8880 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b45f31a2a70b9ba878c3a12fffa6905b3575b51dadbfc3a0cbe7f45b87496cea
                                                                • Instruction ID: 90d4d9b16a6da79b53e5d3061bc0ea949bb22f37135e364cabcb09bb2f97a7cb
                                                                • Opcode Fuzzy Hash: b45f31a2a70b9ba878c3a12fffa6905b3575b51dadbfc3a0cbe7f45b87496cea
                                                                • Instruction Fuzzy Hash: 1CF06271B182958EEBA49F6DA80262977D0F758388F908439E6CDC3F04DA7D90608F04
                                                                Function 00007FF60198C62C Relevance: .0, Instructions: 2COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
                                                                • Instruction ID: a49402eee52921ab406ba8d0d7c798f73237c3de9de9f972b427074a14d2a6f0
                                                                • Opcode Fuzzy Hash: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
                                                                • Instruction Fuzzy Hash: 1FA00221D1CC27E1E7488F04F8501B53330FB6031CBA11032D40EC10A29F7CB404C360
                                                                Function 00007FF6019850B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF6019850C0
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF601985101
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF601985126
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF60198514B
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF601985173
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF60198519B
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF6019851C3
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF6019851EB
                                                                • GetProcAddress.KERNEL32(?,00007FF601985C57,?,00007FF60198308E), ref: 00007FF601985213
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                • API String ID: 190572456-2007157414
                                                                • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                • Instruction ID: ec4eb242ac9abaa0dc2b5972c917c09cff95225049d1edde387e974c37c0bd87
                                                                • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                • Instruction Fuzzy Hash: 1D12A164E4EB0392FB59DB44A8101B427A1BF0875CBF56536C84ED63A6EFBCB54C8381
                                                                Function 00007FF6019877D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF6019886B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF601983FA4,00000000,00007FF601981925), ref: 00007FF6019886E9
                                                                • ExpandEnvironmentStringsW.KERNEL32(?,00007FF601987C97,?,?,FFFFFFFF,00007FF601983834), ref: 00007FF60198782C
                                                                  • Part of subcall function 00007FF6019826C0: MessageBoxW.USER32 ref: 00007FF601982736
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                • API String ID: 1662231829-930877121
                                                                • Opcode ID: 9eab8ee9825a9fbd44869a095635737d99e10a8ea38952c2113d32bd4c9397e1
                                                                • Instruction ID: b6fd99a6f930dc2fcb10327bce7d0b070ea8baff37fef64b155a9b9b2b15e1e1
                                                                • Opcode Fuzzy Hash: 9eab8ee9825a9fbd44869a095635737d99e10a8ea38952c2113d32bd4c9397e1
                                                                • Instruction Fuzzy Hash: D7419121F2C64282FB64AB64E8516BA72A1EF9478CFB45031D64EC2697EEBDE104C740
                                                                Function 00007FF6019820F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                • String ID: P%
                                                                • API String ID: 2147705588-2959514604
                                                                • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                • Instruction ID: dd595529030df01d5962ab3c711654333251f2b2931d7ff68747fd81ddd360a0
                                                                • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                • Instruction Fuzzy Hash: C151E426618BA187D7249F22A4181BAB7A1FB98B65F104135EBDF83695DF3CD085CB10
                                                                Function 00007FF6019955A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: -$:$f$p$p
                                                                • API String ID: 3215553584-2013873522
                                                                • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                • Instruction ID: 3eb178ad5dbae18677c168d7e35b77942c2351d32c68d4a1f43d7310dd0a0ec0
                                                                • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                • Instruction Fuzzy Hash: C1129072E082438EFB269B1DE16427B7691FB40758FE54137E689866C6DF3CE980CB04
                                                                Function 00007FF6019902E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: f$f$p$p$f
                                                                • API String ID: 3215553584-1325933183
                                                                • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                • Instruction ID: 098fbd19f382b4396cbf98957524c58767e87eda1823548b710af2f22e4c4317
                                                                • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                • Instruction Fuzzy Hash: 2C12A322E0C1438AFB209A19E4347BD7659FB9075CFAC4131F6AA866C6DF3DE4809B51
                                                                Function 00007FF601981050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2030045667-3659356012
                                                                • Opcode ID: 21670e8be07f4d3c41a0d27b627399655949914c076fce2691a27ab6a124ec9b
                                                                • Instruction ID: b54e115f6211c670a4de462fb97b61a31bf4ab84f4ea22c6c9f010401a980634
                                                                • Opcode Fuzzy Hash: 21670e8be07f4d3c41a0d27b627399655949914c076fce2691a27ab6a124ec9b
                                                                • Instruction Fuzzy Hash: DF418121B086464BEB249B16A8506BAA791FF44BCCF644431DD4EC7B97EEBCF5468340
                                                                Function 00007FF601981440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2030045667-3659356012
                                                                • Opcode ID: eb6e7e1dd3e24fdb318a3ad910b5f024407936da2ff08f8a020494da6f53a5d2
                                                                • Instruction ID: 2d8743a836de98e0938188987db3ded58b84fffdd3414772b94c64e5e02808b1
                                                                • Opcode Fuzzy Hash: eb6e7e1dd3e24fdb318a3ad910b5f024407936da2ff08f8a020494da6f53a5d2
                                                                • Instruction Fuzzy Hash: 9B417822B0864347EB249B19E4515B56390FF44BDCF684431DE4EC7A97EEBCE5468740
                                                                Function 00007FF60198DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 849930591-393685449
                                                                • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                • Instruction ID: b87bcbe57589e67d9e493f338ac7eb083ea8fdccfc4484019991af15be802405
                                                                • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                • Instruction Fuzzy Hash: F3D14932A087418BEB209F65E4503AD77A0FB55B9CF204235EA8D97B9BDF78E491C740
                                                                Function 00007FF60199E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF60199E3BA,?,?,00000206433969F8,00007FF60199A063,?,?,?,00007FF601999F5A,?,?,?,00007FF60199524E), ref: 00007FF60199E19C
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF60199E3BA,?,?,00000206433969F8,00007FF60199A063,?,?,?,00007FF601999F5A,?,?,?,00007FF60199524E), ref: 00007FF60199E1A8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3013587201-537541572
                                                                • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                • Instruction ID: 5f18059aa2c27b5ecaa338ade4384ab384802792809e39fd7a83fdf381afb397
                                                                • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                • Instruction Fuzzy Hash: FD413A71B19A0286FB26CB1AAD146B52392FF49B98F684135DD0DC7786EF3CE449C340
                                                                Function 00007FF60198CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF60198D29A,?,?,?,00007FF60198CF8C,?,?,?,00007FF60198CB89), ref: 00007FF60198D06D
                                                                • GetLastError.KERNEL32(?,?,?,00007FF60198D29A,?,?,?,00007FF60198CF8C,?,?,?,00007FF60198CB89), ref: 00007FF60198D07B
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF60198D29A,?,?,?,00007FF60198CF8C,?,?,?,00007FF60198CB89), ref: 00007FF60198D0A5
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF60198D29A,?,?,?,00007FF60198CF8C,?,?,?,00007FF60198CB89), ref: 00007FF60198D113
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF60198D29A,?,?,?,00007FF60198CF8C,?,?,?,00007FF60198CB89), ref: 00007FF60198D11F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                • String ID: api-ms-
                                                                • API String ID: 2559590344-2084034818
                                                                • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                • Instruction ID: 2950a266d540ba2964424ff6e38caeaf950997498296a0e355db73a225f122e5
                                                                • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                • Instruction Fuzzy Hash: 2D31A421A1AA4286EF159F96A40067563D4FF04BA8F790635DD1DC73C6EF7CE4478700
                                                                Function 00007FF60199A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                • Instruction ID: 85ba3a9c978782c9fde33e25a8c2f89b27cc56e626adb3960af9cea226ff765b
                                                                • Opcode Fuzzy Hash: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                • Instruction Fuzzy Hash: E8214C20F0C2424AFB64A33996A617D6286DF48BBCF744734D93E87AD7EE2CB4414701
                                                                Function 00007FF6019A707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                • String ID: CONOUT$
                                                                • API String ID: 3230265001-3130406586
                                                                • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                • Instruction ID: 95437e69f0451336b6b056d25991bf25e63fb5ca79262943d7eb8e18b24e5811
                                                                • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                • Instruction Fuzzy Hash: 9D11B621F18B4186E7508B52E89532977A4FB98FE8F604234EA1EC7795DF3CE808C780
                                                                Function 00007FF6019881F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF6019839F2), ref: 00007FF60198821D
                                                                • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF6019839F2), ref: 00007FF60198827A
                                                                  • Part of subcall function 00007FF6019886B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF601983FA4,00000000,00007FF601981925), ref: 00007FF6019886E9
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6019839F2), ref: 00007FF601988305
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF6019839F2), ref: 00007FF601988364
                                                                • FreeLibrary.KERNEL32(?,00000000,?,00007FF6019839F2), ref: 00007FF601988375
                                                                • FreeLibrary.KERNEL32(?,00000000,?,00007FF6019839F2), ref: 00007FF60198838A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                • String ID:
                                                                • API String ID: 3462794448-0
                                                                • Opcode ID: 9b5c0b85d41d77bb9b541fba6b9840375d9a6616c292d566ae331ce4538faf90
                                                                • Instruction ID: 8e2108d428e001d203feb53fc0cbf4b87b0fc775c1545ef2638a40a8e132a74d
                                                                • Opcode Fuzzy Hash: 9b5c0b85d41d77bb9b541fba6b9840375d9a6616c292d566ae331ce4538faf90
                                                                • Instruction Fuzzy Hash: C341A262A1968282EB309B12E5102BA73A4FF85BC8F944135DF5D9779BDE7CE501C710
                                                                Function 00007FF60199A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00007FF6019943FD,?,?,?,?,00007FF60199979A,?,?,?,?,00007FF60199649F), ref: 00007FF60199A5E7
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019943FD,?,?,?,?,00007FF60199979A,?,?,?,?,00007FF60199649F), ref: 00007FF60199A61D
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019943FD,?,?,?,?,00007FF60199979A,?,?,?,?,00007FF60199649F), ref: 00007FF60199A64A
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019943FD,?,?,?,?,00007FF60199979A,?,?,?,?,00007FF60199649F), ref: 00007FF60199A65B
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019943FD,?,?,?,?,00007FF60199979A,?,?,?,?,00007FF60199649F), ref: 00007FF60199A66C
                                                                • SetLastError.KERNEL32(?,?,?,00007FF6019943FD,?,?,?,?,00007FF60199979A,?,?,?,?,00007FF60199649F), ref: 00007FF60199A687
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                • Instruction ID: b952bb6d8d2ba2f1c0346df48f6863fa81e833ee63d01661b57691661c0a4225
                                                                • Opcode Fuzzy Hash: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                • Instruction Fuzzy Hash: 84116D20E0C2424AFB54A7399AA517D2296DF887BCF348734D83ED76D7EE2CB4418741
                                                                Function 00007FF601982300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                • String ID: Unhandled exception in script
                                                                • API String ID: 3081866767-2699770090
                                                                • Opcode ID: 2f02a126994589ece2bf0b221661227d336c2ada993d2ff489732679099e34b6
                                                                • Instruction ID: 3d49d85b9dddff1bbedc4e562ee97ba959eeefcde73b608e61fa106b5198ed60
                                                                • Opcode Fuzzy Hash: 2f02a126994589ece2bf0b221661227d336c2ada993d2ff489732679099e34b6
                                                                • Instruction Fuzzy Hash: 95314776A1968289EB20DF65E8652F97360FF8978CFA40135EA4E87B5ADF3CD105C700
                                                                Function 00007FF601982760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message$ByteCharMultiWide
                                                                • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                • API String ID: 1878133881-640379615
                                                                • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                • Instruction ID: c25ea0eba43986d6ec15711f9a595d8ca26a5411ec38f7de9cfb7c81fe8f8152
                                                                • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                • Instruction Fuzzy Hash: 81218372A28AC592E720DB14F4517EA6364FF8478CF900036EA8D8369ADF7CD649C740
                                                                Function 00007FF601998DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                • Instruction ID: 103379985a1f138d5d7ef06a7f997b4d2970367811b0d5422b154a78a040cc07
                                                                • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                • Instruction Fuzzy Hash: 0EF09621B1970681EF108B24E4943796360EF45B69FB40639C96EC61F5CF3CE149C740
                                                                Function 00007FF6019A8678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction ID: 6c0df083620e9a70606141be74e5af3b2a5b093033d351fd7ca76744a22d5172
                                                                • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction Fuzzy Hash: 3F11C632E6CA0341F7542128D45537515606F5437EFF50634EABEC67E7CE2CA85D81D0
                                                                Function 00007FF60199A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF6019998B3,?,?,00000000,00007FF601999B4E,?,?,?,?,?,00007FF601999ADA), ref: 00007FF60199A6BF
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019998B3,?,?,00000000,00007FF601999B4E,?,?,?,?,?,00007FF601999ADA), ref: 00007FF60199A6DE
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019998B3,?,?,00000000,00007FF601999B4E,?,?,?,?,?,00007FF601999ADA), ref: 00007FF60199A706
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019998B3,?,?,00000000,00007FF601999B4E,?,?,?,?,?,00007FF601999ADA), ref: 00007FF60199A717
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6019998B3,?,?,00000000,00007FF601999B4E,?,?,?,?,?,00007FF601999ADA), ref: 00007FF60199A728
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                • Instruction ID: 5041d9f12d544ba24b5a02c7fa461a4ce97ce9f161993ba85e43c74b3c69aabd
                                                                • Opcode Fuzzy Hash: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                • Instruction Fuzzy Hash: B6114220E0C2424AFB54932996A21BD2196DF993A8F344334D83E976D7EE2CB4414701
                                                                Function 00007FF60199A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                • Instruction ID: adcc06274111d30f77488ebb120a19d9598847399740638343d9aeefc6000d3c
                                                                • Opcode Fuzzy Hash: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                • Instruction Fuzzy Hash: 6511E820F082074AFB68A23959721BD2285DF4937CE784738D93E9A2D3EE2DB4418202
                                                                Function 00007FF6019952B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: verbose
                                                                • API String ID: 3215553584-579935070
                                                                • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                • Instruction ID: 25f73bbb7d7cde58761a8578611adb96c5092c3eb0b136e2780448339db71e07
                                                                • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                • Instruction Fuzzy Hash: 1091BE22A09A4689F7629E29D46137E3391EB00B9CFAA4137DA5DC73D7DE3CE4458301
                                                                Function 00007FF60199EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                • API String ID: 3215553584-1196891531
                                                                • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                • Instruction ID: faf1363d21a1dc6348e6383bb618bde9a20d6d25a0cf8aacf6dbe635b933b8d0
                                                                • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                • Instruction Fuzzy Hash: 8D818D72E082438DFB748F2DC564278AEA4EB12B4CF758035DA09D729BDF2DE9819741
                                                                Function 00007FF60198C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 2395640692-1018135373
                                                                • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                • Instruction ID: 8546d3e6c3b30ab2bcab7a6a96e9068c3a7172e6ff5cd6dfe4f9b42ddef6d611
                                                                • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                • Instruction Fuzzy Hash: 2C519132B19A428BDB14CF15E444AB9B791FB44B9CF608131EA4E8778ADFBDE841C710
                                                                Function 00007FF60198E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3544855599-2084237596
                                                                • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                • Instruction ID: 4b87cd830410ff25e29bc7e0383be9c1f2800082160d7e58c83927887b3ac580
                                                                • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                • Instruction Fuzzy Hash: 9F618632908BC586D771DB25E4407AAB7A0FB85B98F144235EB9C47B96DFBCE194CB00
                                                                Function 00007FF60198E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3896166516-3733052814
                                                                • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                • Instruction ID: 1d1309f9f03367df42f5b80cccbf7844525298b11bd625b1b5d362b2cfaf7293
                                                                • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                • Instruction Fuzzy Hash: 02517D36A086868BEB749F21906437877A0EB55B9CF244136DA5D87BD6CFBCE450CB01
                                                                Function 00007FF601987530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNEL32(00000000,?,00007FF60198324C,?,?,00007FF601983964), ref: 00007FF601987642
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory
                                                                • String ID: %.*s$%s%c$\
                                                                • API String ID: 4241100979-1685191245
                                                                • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                • Instruction ID: 32944fc739dbeee09df9bf7165f987d4a540bf3df79ac030fd001fef38afd102
                                                                • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                • Instruction Fuzzy Hash: D331C821A19AC556EB219B25E4107EA7254FF44BE8F644231EE6E83BCADF6CD2058700
                                                                Function 00007FF6019825F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message$ByteCharMultiWide
                                                                • String ID: Error$Error/warning (ANSI fallback)
                                                                • API String ID: 1878133881-653037927
                                                                • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                • Instruction ID: e2922dd0cc00a38b8ce76b232574d6f81208ed2cb33104149179f79a75e3a2a7
                                                                • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                • Instruction Fuzzy Hash: B8119172A28B8592FB209B10F451BE93364FF44B8CFA05136DA4E97656DF7CD609C740
                                                                Function 00007FF601982870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message$ByteCharMultiWide
                                                                • String ID: Error/warning (ANSI fallback)$Warning
                                                                • API String ID: 1878133881-2698358428
                                                                • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                • Instruction ID: 7de5f1758394f51a9c162ad000d7fa3e2a6b8ef88dc4bf4a0625580df8689017
                                                                • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                • Instruction Fuzzy Hash: EE11BF72A28B8592FB208B10F451BA93364FF44B8CFA01135DA8E87646DF7CD609C740
                                                                Function 00007FF60199B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                • String ID:
                                                                • API String ID: 2718003287-0
                                                                • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                • Instruction ID: 88f89d0a3e7edde64e89a5e9dfca28ac2c116fef208963f5a27900c330276a8f
                                                                • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                • Instruction Fuzzy Hash: B6D1CE72B18A818EE711CF69E4506AC3BB1FB4479CB244236CE5E97B9ADE3CD516C300
                                                                Function 00007FF60199EC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_isindst
                                                                • String ID:
                                                                • API String ID: 4170891091-0
                                                                • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                • Instruction ID: 8605f8c8c667c5a79d64d5f3868f4dd8f119f4e9db9c525be3d1b27c7c552527
                                                                • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                • Instruction Fuzzy Hash: F651E672F042158EFB24DFA899656BC27A5EB1435DF640139EE1E93AE6DF38B402C700
                                                                Function 00007FF601994A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                • String ID:
                                                                • API String ID: 2780335769-0
                                                                • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                • Instruction ID: 443b014cc74db05ebfed79b6f7045c88c9b3756918f236b434ad86b7cf7142ca
                                                                • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                • Instruction Fuzzy Hash: 95517F22E086418EFB15CFB9D6613BD27E1EB58B5CF248535DE098768ADF38D482C750
                                                                Function 00007FF601982030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                • String ID:
                                                                • API String ID: 1956198572-0
                                                                • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                • Instruction ID: 7f633e2fbe3b6876c8b62fd5adfb7dc1cb3d26a57b2cb2b4c52cc25d56fed9d2
                                                                • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                • Instruction Fuzzy Hash: 5511CC31E0C14243FB549F69F5442B91692EF88B88FA48031DE4A87B9FCD7DD4C6C600
                                                                Function 00007FF6019A4E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                • String ID: ?
                                                                • API String ID: 1286766494-1684325040
                                                                • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                • Instruction ID: cc2775ecf036e5fd0227716d78c0618975272969cd298a910f59ec91396abdf3
                                                                • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                • Instruction Fuzzy Hash: 26410722F0C68246FB249B25A41537A6654EB80BACF784235EF5C87AD7DF7CE445C740
                                                                Function 00007FF60199832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF60199835E
                                                                  • Part of subcall function 00007FF601999C58: RtlFreeHeap.NTDLL(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C6E
                                                                  • Part of subcall function 00007FF601999C58: GetLastError.KERNEL32(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C78
                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF60198BEC5), ref: 00007FF60199837C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                • String ID: C:\Users\user\Desktop\uOsIQqfgiT.exe
                                                                • API String ID: 3580290477-3360715647
                                                                • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                • Instruction ID: c006cfa74b5f39accedaa87624e293f4220607751156ef7cc94960ee1d040eee
                                                                • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                • Instruction Fuzzy Hash: B9418436A08B5689E714DF2998610BC2394EF46B9CB655439EA4E87B97DE3DD4418300
                                                                Function 00007FF60199F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                • String ID: .$:
                                                                • API String ID: 2020911589-4202072812
                                                                • Opcode ID: 75108fa0d8fcfebdf0f3dc79d92ab90926721088542d1c76d0744241c3be7838
                                                                • Instruction ID: 654670a7746c0806a6228dfa02914c78b996fcc49123e89250ca22d397f3a165
                                                                • Opcode Fuzzy Hash: 75108fa0d8fcfebdf0f3dc79d92ab90926721088542d1c76d0744241c3be7838
                                                                • Instruction Fuzzy Hash: B2412B32F08A529CFB119BB999611BC2AB4EF1475CF640039DE4DE7A8AEF3894468310
                                                                Function 00007FF60199BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: U
                                                                • API String ID: 442123175-4171548499
                                                                • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                • Instruction ID: 50f097565022363bc8706613551d60d9ee56dec598a10a1e8eff3618cd7a26e8
                                                                • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                • Instruction Fuzzy Hash: 5F41E522B19A8186EB20DF29E8547A97760FB88798FA44031EE4EC7799DF7CD441C740
                                                                Function 00007FF60199E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID: :
                                                                • API String ID: 1611563598-336475711
                                                                • Opcode ID: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                • Instruction ID: 401107563c87e3a8f1deee53ad8404737c974252ab3d66178afcbe10fe81ef32
                                                                • Opcode Fuzzy Hash: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                • Instruction Fuzzy Hash: 9B210232B086858AFB60DB19D46427E73B1FB84B8CFA58035DA8D83286DF7CE945C741
                                                                Function 00007FF60198F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                • Instruction ID: 8818ff87bd84b5f3b82643c7af857fe32f1a221c18c722c58f0e8df34b9999f1
                                                                • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                • Instruction Fuzzy Hash: 86113D36A18B8582EB618F15F440269B7E4FB88B88F684231DF8D47B69DF7CD551CB00
                                                                Function 00007FF60199FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2980634298.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000000.00000002.2980596547.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980671708.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980695459.00007FF6019C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2980750170.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                • String ID: :
                                                                • API String ID: 2595371189-336475711
                                                                • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                • Instruction ID: a902577b9971ecc331569d922f0b4b6b210d0761198cd1adb7dfbc3511544206
                                                                • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                • Instruction Fuzzy Hash: AB01A22291C2438AFB30AF68947227E67A0EF5870CFA40035D54DC2693EF7CE505CA14

                                                                Execution Graph

                                                                Execution Coverage:3%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:785
                                                                Total number of Limit Nodes:39
                                                                execution_graph 36888 7ffe13204eac 36889 7ffe13204ee6 36888->36889 36890 7ffe13204f07 _PyArg_UnpackKeywords 36889->36890 36891 7ffe13204f4e 36889->36891 36890->36891 36892 7ffe13204fe4 36890->36892 36893 7ffe13204fc2 36891->36893 36895 7ffe13204f5b _PyLong_AsInt 36891->36895 36896 7ffe13204f73 36891->36896 36940 7ffe13202280 8 API calls 2 library calls 36892->36940 36905 7ffe1320500c 36893->36905 36895->36896 36898 7ffe13204f68 PyErr_Occurred 36895->36898 36896->36893 36900 7ffe13204f82 _PyLong_AsInt 36896->36900 36901 7ffe13204f9a 36896->36901 36898->36892 36898->36896 36899 7ffe13204ff8 36900->36901 36902 7ffe13204f8f PyErr_Occurred 36900->36902 36901->36893 36903 7ffe13204fa9 _PyLong_AsInt 36901->36903 36902->36892 36902->36901 36903->36893 36904 7ffe13204fb7 PyErr_Occurred 36903->36904 36904->36892 36904->36893 36906 7ffe13205048 36905->36906 36907 7ffe13205054 PySys_Audit 36905->36907 36906->36907 36908 7ffe13205094 36906->36908 36909 7ffe1320507b 36907->36909 36936 7ffe132050cf 36907->36936 36911 7ffe132050a8 36908->36911 36912 7ffe13205283 PyLong_AsLongLong 36908->36912 36909->36908 36910 7ffe1320535b PyEval_SaveThread 36909->36910 36916 7ffe1320539a WSASocketW 36910->36916 36917 7ffe132053c5 socket 36910->36917 36918 7ffe132050f6 PySys_Audit 36911->36918 36919 7ffe132050b2 PyErr_Format 36911->36919 36914 7ffe13205295 PyErr_Occurred 36912->36914 36915 7ffe132052c0 memset getsockname 36912->36915 36922 7ffe132052a4 PyErr_SetString 36914->36922 36914->36936 36923 7ffe132052fd 36915->36923 36924 7ffe132052f1 36915->36924 36920 7ffe132053ce PyEval_RestoreThread 36916->36920 36925 7ffe132053b8 36916->36925 36917->36920 36932 7ffe132051d3 PyEval_SaveThread WSASocketW PyEval_RestoreThread 36918->36932 36918->36936 36919->36936 36926 7ffe13205214 36920->36926 36927 7ffe132053e1 36920->36927 36921 7ffe132050e4 36921->36892 36922->36936 36923->36926 36929 7ffe13205306 WSAGetLastError 36923->36929 36930 7ffe1320521e 36924->36930 36934 7ffe1320531c getsockopt 36924->36934 36925->36917 36942 7ffe13204008 WSAGetLastError PyErr_SetExcFromWindowsErr PyErr_SetFromErrno 36926->36942 36927->36930 36931 7ffe132053f1 SetHandleInformation 36927->36931 36929->36924 36929->36926 36930->36936 36943 7ffe13203cc4 PyEval_SaveThread ioctlsocket 36930->36943 36931->36930 36935 7ffe13205409 closesocket PyErr_SetFromWindowsErr 36931->36935 36932->36926 36932->36930 36934->36926 36934->36930 36935->36936 36941 7ffe13202280 8 API calls 2 library calls 36936->36941 36939 7ffe13205275 closesocket 36939->36936 36940->36899 36941->36921 36942->36936 36944 7ffe13203d0a PyEval_RestoreThread 36943->36944 36945 7ffe13203d14 PyEval_RestoreThread WSAGetLastError PyErr_SetExcFromWindowsErr 36943->36945 36946 7ffe13203d37 36944->36946 36945->36946 36946->36936 36946->36939 36947 7ffe133045b8 PyArg_ParseTuple 36948 7ffe1330466f 36947->36948 36949 7ffe133045ea PySys_Audit 36947->36949 36949->36948 36950 7ffe13304607 PyUnicode_AsWideCharString 36949->36950 36950->36948 36951 7ffe1330461c PyEval_SaveThread LoadLibraryExW 36950->36951 36952 7ffe13308e9a GetLastError 36951->36952 36953 7ffe13304641 PyEval_RestoreThread PyMem_Free 36951->36953 36954 7ffe13308ea7 PyErr_Format 36952->36954 36953->36954 36955 7ffe1330465e 36953->36955 36954->36948 36956 7ffe13304666 PyLong_FromVoidPtr 36955->36956 36957 7ffe13308ec9 PyErr_SetFromWindowsErr 36955->36957 36956->36948 36957->36948 36958 7ffe13206384 36963 7ffe13207988 36958->36963 36961 7ffe13203cc4 6 API calls 36962 7ffe132063b4 36961->36962 36964 7ffe1320799a _PyTime_FromSeconds 36963->36964 36965 7ffe132079b0 _PyTime_FromSecondsObject 36963->36965 36967 7ffe13206397 36964->36967 36966 7ffe132079c0 36965->36966 36965->36967 36968 7ffe132079c8 PyErr_SetString 36966->36968 36969 7ffe132079e6 _PyTime_AsTimeval _PyTime_AsMilliseconds 36966->36969 36967->36961 36967->36962 36968->36967 36969->36967 36970 7ffe13207a32 PyErr_SetString 36969->36970 36970->36967 36971 7ffe13204984 36982 7ffe13203588 36971->36982 36974 7ffe13204a09 37021 7ffe13202280 8 API calls 2 library calls 36974->37021 36975 7ffe132049c8 PySys_Audit 36975->36974 36976 7ffe132049e6 36975->36976 37009 7ffe13203a8c PyEval_SaveThread connect PyEval_RestoreThread 36976->37009 36980 7ffe13204a1b 36981 7ffe132049ff PyLong_FromLong 36981->36974 36983 7ffe13203769 _PyArg_ParseTuple_SizeT 36982->36983 36984 7ffe132035b6 36982->36984 36990 7ffe132037fd 36983->36990 36991 7ffe132037b6 PyErr_ExceptionMatches 36983->36991 36985 7ffe132035bf 36984->36985 36986 7ffe1320364e 36984->36986 36994 7ffe132035f0 _PyArg_ParseTuple_SizeT 36985->36994 36998 7ffe132035c4 PyErr_Format 36985->36998 36988 7ffe13203699 _PyArg_ParseTuple_SizeT 36986->36988 36989 7ffe13203675 PyErr_Format 36986->36989 36988->36991 36995 7ffe132036d7 36988->36995 37007 7ffe13203635 36989->37007 37024 7ffe132041c0 21 API calls 36990->37024 36991->36998 36991->37007 36997 7ffe13203628 36994->36997 36994->36998 37023 7ffe132041c0 21 API calls 36995->37023 37022 7ffe132040d4 PyErr_SetString __stdio_common_vsscanf 36997->37022 36998->37007 36999 7ffe132036ed 37003 7ffe1320370d 36999->37003 37005 7ffe13203707 _Py_Dealloc 36999->37005 37000 7ffe13203835 37000->36998 37006 7ffe13203843 htons 37000->37006 37000->37007 37001 7ffe13203816 37001->37000 37004 7ffe1320382f _Py_Dealloc 37001->37004 37003->36998 37003->37007 37008 7ffe1320373a htons htonl 37003->37008 37004->37000 37005->37003 37006->37007 37007->36974 37007->36975 37008->37007 37010 7ffe13203ad6 WSAGetLastError WSAGetLastError 37009->37010 37020 7ffe13203b35 37009->37020 37011 7ffe13203aef PyErr_CheckSignals 37010->37011 37012 7ffe13203af9 37010->37012 37011->37012 37011->37020 37013 7ffe13203b3c 37012->37013 37014 7ffe13203b25 37012->37014 37016 7ffe13203b57 37013->37016 37017 7ffe13203b70 37013->37017 37015 7ffe13203b2a WSASetLastError 37014->37015 37014->37020 37015->37020 37018 7ffe132046bc 27 API calls 37016->37018 37025 7ffe132046bc 37017->37025 37018->37020 37020->36974 37020->36981 37021->36980 37022->37007 37023->36999 37024->37001 37033 7ffe132046f3 37025->37033 37026 7ffe132047a7 PyEval_SaveThread 37054 7ffe13204a2c getsockopt 37026->37054 37027 7ffe1320470d _PyDeadline_Get 37029 7ffe1320471b 37027->37029 37027->37033 37028 7ffe1320472f _PyDeadline_Init 37028->37033 37031 7ffe13204838 PyErr_SetString 37029->37031 37034 7ffe13204724 37029->37034 37031->37034 37033->37026 37033->37027 37033->37028 37033->37029 37033->37034 37035 7ffe132047d8 WSAGetLastError 37033->37035 37036 7ffe132047d0 WSAGetLastError 37033->37036 37038 7ffe1320476b WSAGetLastError 37033->37038 37039 7ffe13204763 WSAGetLastError 37033->37039 37040 7ffe132047f8 WSAGetLastError 37033->37040 37044 7ffe13203ba8 37033->37044 37034->37020 37035->37033 37037 7ffe132047e5 PyErr_CheckSignals 37035->37037 37036->37035 37037->37026 37037->37034 37038->37034 37041 7ffe1320477c PyErr_CheckSignals 37038->37041 37039->37038 37040->37033 37042 7ffe1320480d WSAGetLastError 37040->37042 37041->37033 37041->37034 37042->37033 37042->37034 37045 7ffe13203c85 37044->37045 37046 7ffe13203be2 37044->37046 37058 7ffe13202280 8 API calls 2 library calls 37045->37058 37047 7ffe13203bef _PyTime_AsTimeval_clamp 37046->37047 37048 7ffe13203c10 PyEval_SaveThread 37046->37048 37047->37048 37052 7ffe13203c59 select PyEval_RestoreThread 37048->37052 37051 7ffe13203caa 37051->37033 37052->37045 37055 7ffe132047bc PyEval_RestoreThread 37054->37055 37056 7ffe13204a60 37054->37056 37055->37033 37055->37034 37056->37055 37057 7ffe13204a6d WSASetLastError 37056->37057 37057->37055 37058->37051 37059 7ff601994938 37060 7ff60199496f 37059->37060 37061 7ff601994952 37059->37061 37060->37061 37063 7ff601994982 CreateFileW 37060->37063 37084 7ff6019943d4 11 API calls _set_fmode 37061->37084 37065 7ff6019949b6 37063->37065 37066 7ff6019949ec 37063->37066 37064 7ff601994957 37085 7ff6019943f4 11 API calls _set_fmode 37064->37085 37087 7ff601994a8c 59 API calls 3 library calls 37065->37087 37088 7ff601994f14 46 API calls 3 library calls 37066->37088 37070 7ff6019949f1 37073 7ff601994a20 37070->37073 37074 7ff6019949f5 37070->37074 37071 7ff60199495f 37086 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37071->37086 37072 7ff6019949c4 37076 7ff6019949e1 CloseHandle 37072->37076 37077 7ff6019949cb CloseHandle 37072->37077 37090 7ff601994cd4 51 API calls 37073->37090 37089 7ff601994368 11 API calls 2 library calls 37074->37089 37079 7ff60199496a 37076->37079 37077->37079 37081 7ff601994a2d 37091 7ff601994e10 21 API calls _fread_nolock 37081->37091 37083 7ff6019949ff 37083->37079 37084->37064 37085->37071 37086->37079 37087->37072 37088->37070 37089->37083 37090->37081 37091->37083 37092 7ffe13201060 WSAStartup 37093 7ffe13203108 37092->37093 37094 7ffe132010b0 Py_AtExit 37092->37094 37097 7ffe1320313c PyErr_SetString 37093->37097 37103 7ffe1320311c PyErr_Format 37093->37103 37095 7ffe13201159 PyModule_Create2 37094->37095 37096 7ffe132010d1 37094->37096 37098 7ffe13201185 PyModule_AddObject PyErr_NewException 37095->37098 37099 7ffe1320216b 37095->37099 37101 7ffe132010f0 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 37096->37101 37104 7ffe13203162 PyErr_NoMemory 37097->37104 37098->37099 37102 7ffe132011cf PyModule_AddObject PyErr_NewException 37098->37102 37129 7ffe13202280 8 API calls 2 library calls 37099->37129 37101->37095 37102->37099 37106 7ffe1320120f PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 37102->37106 37103->37097 37104->37099 37119 7ffe13203171 37104->37119 37106->37099 37108 7ffe13201268 PyModule_AddObject 37106->37108 37107 7ffe1320217d 37108->37099 37110 7ffe1320128a PyModule_AddObject PyMem_Malloc 37108->37110 37109 7ffe1320322a _Py_Dealloc 37109->37099 37110->37104 37111 7ffe132012bb PyCapsule_New 37110->37111 37112 7ffe1320130a PyModule_AddObject 37111->37112 37113 7ffe13203176 37111->37113 37115 7ffe1320318c 37112->37115 37116 7ffe13201325 150 API calls 37112->37116 37130 7ffe13204b80 _Py_Dealloc _Py_Dealloc _Py_Dealloc PyMem_Free 37113->37130 37117 7ffe13203191 _Py_Dealloc 37115->37117 37115->37119 37118 7ffe13202037 PyLong_FromUnsignedLong 37116->37118 37117->37119 37118->37099 37120 7ffe13202048 PyModule_AddObject 37118->37120 37119->37099 37119->37109 37120->37118 37121 7ffe13202066 PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_GetDict 37120->37121 37121->37119 37122 7ffe132020cd VerSetConditionMask VerSetConditionMask VerSetConditionMask 37121->37122 37123 7ffe1320214a VerifyVersionInfoA 37122->37123 37123->37099 37124 7ffe132031a8 PyUnicode_FromString 37123->37124 37124->37119 37125 7ffe132031c8 _PyDict_Pop 37124->37125 37126 7ffe132031e5 _Py_Dealloc 37125->37126 37127 7ffe132031ee 37125->37127 37126->37127 37127->37119 37127->37123 37128 7ffe132031fa _Py_Dealloc 37127->37128 37128->37127 37129->37107 37131 7ff601982d00 37132 7ff601982d10 37131->37132 37133 7ff601982d4b 37132->37133 37134 7ff601982d61 37132->37134 37187 7ff6019825f0 53 API calls _log10_special 37133->37187 37136 7ff601982d81 37134->37136 37145 7ff601982d97 __std_exception_copy 37134->37145 37188 7ff6019825f0 53 API calls _log10_special 37136->37188 37140 7ff601982d57 __std_exception_copy 37189 7ff60198b870 37140->37189 37142 7ff601983069 37204 7ff6019825f0 53 API calls _log10_special 37142->37204 37145->37140 37145->37142 37146 7ff601983053 37145->37146 37148 7ff60198302d 37145->37148 37150 7ff601982f27 37145->37150 37159 7ff601981440 37145->37159 37183 7ff601981bf0 37145->37183 37203 7ff6019825f0 53 API calls _log10_special 37146->37203 37202 7ff6019825f0 53 API calls _log10_special 37148->37202 37151 7ff601982f93 37150->37151 37198 7ff601999714 37 API calls 2 library calls 37150->37198 37153 7ff601982fb0 37151->37153 37154 7ff601982fbe 37151->37154 37199 7ff601999714 37 API calls 2 library calls 37153->37199 37200 7ff601982af0 37 API calls 37154->37200 37157 7ff601982fbc 37201 7ff601982470 54 API calls __std_exception_copy 37157->37201 37205 7ff601983f70 37159->37205 37162 7ff60198148c 37215 7ff60198f9f4 37162->37215 37163 7ff60198146b 37241 7ff6019825f0 53 API calls _log10_special 37163->37241 37166 7ff6019814a1 37168 7ff6019814a5 37166->37168 37169 7ff6019814c1 37166->37169 37167 7ff60198147b 37167->37145 37242 7ff601982760 53 API calls 2 library calls 37168->37242 37171 7ff6019814f1 37169->37171 37172 7ff6019814d1 37169->37172 37175 7ff6019814f7 37171->37175 37180 7ff60198150a 37171->37180 37243 7ff601982760 53 API calls 2 library calls 37172->37243 37219 7ff6019811f0 37175->37219 37176 7ff601981584 37176->37145 37178 7ff6019814bc __std_exception_copy 37237 7ff60198f36c 37178->37237 37180->37178 37181 7ff601981596 37180->37181 37244 7ff60198f6bc 37180->37244 37247 7ff601982760 53 API calls 2 library calls 37181->37247 37184 7ff601981c15 37183->37184 37486 7ff601993ca4 37184->37486 37187->37140 37188->37140 37190 7ff60198b879 37189->37190 37191 7ff601982f1a 37190->37191 37192 7ff60198bc00 IsProcessorFeaturePresent 37190->37192 37193 7ff60198bc18 37192->37193 37513 7ff60198bdf8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 37193->37513 37195 7ff60198bc2b 37514 7ff60198bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 37195->37514 37198->37151 37199->37157 37200->37157 37201->37140 37202->37140 37203->37140 37204->37140 37206 7ff601983f7c 37205->37206 37248 7ff6019886b0 37206->37248 37208 7ff601983fa4 37209 7ff6019886b0 2 API calls 37208->37209 37210 7ff601983fb7 37209->37210 37253 7ff6019952a4 37210->37253 37213 7ff60198b870 _log10_special 8 API calls 37214 7ff601981463 37213->37214 37214->37162 37214->37163 37216 7ff60198fa24 37215->37216 37421 7ff60198f784 37216->37421 37218 7ff60198fa3d 37218->37166 37220 7ff601981248 37219->37220 37221 7ff601981277 37220->37221 37222 7ff60198124f 37220->37222 37225 7ff6019812ad 37221->37225 37226 7ff601981291 37221->37226 37438 7ff6019825f0 53 API calls _log10_special 37222->37438 37224 7ff601981262 37224->37178 37228 7ff6019812bf 37225->37228 37236 7ff6019812db memcpy_s 37225->37236 37439 7ff601982760 53 API calls 2 library calls 37226->37439 37440 7ff601982760 53 API calls 2 library calls 37228->37440 37230 7ff60198f6bc _fread_nolock 53 API calls 37230->37236 37231 7ff60198f430 37 API calls 37231->37236 37232 7ff6019812a8 __std_exception_copy 37232->37178 37233 7ff60198139f 37441 7ff6019825f0 53 API calls _log10_special 37233->37441 37236->37230 37236->37231 37236->37232 37236->37233 37434 7ff60198fdfc 37236->37434 37238 7ff60198f39c 37237->37238 37458 7ff60198f148 37238->37458 37240 7ff60198f3b5 37240->37176 37241->37167 37242->37178 37243->37178 37470 7ff60198f6dc 37244->37470 37247->37178 37249 7ff6019886f6 37248->37249 37250 7ff6019886d2 MultiByteToWideChar 37248->37250 37251 7ff601988713 MultiByteToWideChar 37249->37251 37252 7ff60198870c __std_exception_copy 37249->37252 37250->37249 37250->37252 37251->37252 37252->37208 37254 7ff6019951d8 37253->37254 37255 7ff6019951fe 37254->37255 37258 7ff601995231 37254->37258 37284 7ff6019943f4 11 API calls _set_fmode 37255->37284 37257 7ff601995203 37285 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37257->37285 37260 7ff601995244 37258->37260 37261 7ff601995237 37258->37261 37272 7ff601999f38 37260->37272 37286 7ff6019943f4 11 API calls _set_fmode 37261->37286 37265 7ff601995265 37279 7ff60199f1dc 37265->37279 37266 7ff601995258 37287 7ff6019943f4 11 API calls _set_fmode 37266->37287 37269 7ff601995278 37288 7ff601994788 LeaveCriticalSection 37269->37288 37271 7ff601983fc6 37271->37213 37289 7ff60199f5e8 EnterCriticalSection 37272->37289 37274 7ff601999f4f 37275 7ff601999fac 19 API calls 37274->37275 37276 7ff601999f5a 37275->37276 37277 7ff60199f648 _isindst LeaveCriticalSection 37276->37277 37278 7ff60199524e 37277->37278 37278->37265 37278->37266 37290 7ff60199eed8 37279->37290 37282 7ff60199f236 37282->37269 37284->37257 37285->37271 37286->37271 37287->37271 37291 7ff60199ef13 __vcrt_InitializeCriticalSectionEx 37290->37291 37300 7ff60199f0da 37291->37300 37305 7ff601996d4c 51 API calls 3 library calls 37291->37305 37293 7ff60199f1b1 37309 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37293->37309 37295 7ff60199f0e3 37295->37282 37302 7ff6019a6064 37295->37302 37297 7ff60199f145 37297->37300 37306 7ff601996d4c 51 API calls 3 library calls 37297->37306 37299 7ff60199f164 37299->37300 37307 7ff601996d4c 51 API calls 3 library calls 37299->37307 37300->37295 37308 7ff6019943f4 11 API calls _set_fmode 37300->37308 37310 7ff6019a5664 37302->37310 37305->37297 37306->37299 37307->37300 37308->37293 37309->37295 37311 7ff6019a5699 37310->37311 37312 7ff6019a567b 37310->37312 37311->37312 37314 7ff6019a56b5 37311->37314 37364 7ff6019943f4 11 API calls _set_fmode 37312->37364 37321 7ff6019a5c74 37314->37321 37315 7ff6019a5680 37365 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37315->37365 37319 7ff6019a568c 37319->37282 37367 7ff6019a59a8 37321->37367 37324 7ff6019a5d01 37387 7ff601997830 37324->37387 37325 7ff6019a5ce9 37399 7ff6019943d4 11 API calls _set_fmode 37325->37399 37328 7ff6019a5cee 37400 7ff6019943f4 11 API calls _set_fmode 37328->37400 37337 7ff6019a56e0 37337->37319 37366 7ff601997808 LeaveCriticalSection 37337->37366 37364->37315 37365->37319 37368 7ff6019a59d4 37367->37368 37375 7ff6019a59ee 37367->37375 37368->37375 37412 7ff6019943f4 11 API calls _set_fmode 37368->37412 37370 7ff6019a59e3 37413 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37370->37413 37372 7ff6019a5abd 37385 7ff6019a5b1a 37372->37385 37418 7ff601998e90 37 API calls 2 library calls 37372->37418 37373 7ff6019a5a6c 37373->37372 37416 7ff6019943f4 11 API calls _set_fmode 37373->37416 37375->37373 37414 7ff6019943f4 11 API calls _set_fmode 37375->37414 37377 7ff6019a5b16 37380 7ff6019a5b98 37377->37380 37377->37385 37379 7ff6019a5ab2 37417 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37379->37417 37419 7ff601999c10 17 API calls _isindst 37380->37419 37381 7ff6019a5a61 37415 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37381->37415 37385->37324 37385->37325 37420 7ff60199f5e8 EnterCriticalSection 37387->37420 37399->37328 37400->37337 37412->37370 37413->37375 37414->37381 37415->37373 37416->37379 37417->37372 37418->37377 37422 7ff60198f7ee 37421->37422 37423 7ff60198f7ae 37421->37423 37422->37423 37425 7ff60198f7fa 37422->37425 37433 7ff601999b24 37 API calls 2 library calls 37423->37433 37432 7ff60199477c EnterCriticalSection 37425->37432 37427 7ff60198f7ff 37428 7ff60198f908 71 API calls 37427->37428 37429 7ff60198f811 37428->37429 37430 7ff601994788 _fread_nolock LeaveCriticalSection 37429->37430 37431 7ff60198f7d5 37430->37431 37431->37218 37433->37431 37435 7ff60198fe2c 37434->37435 37442 7ff60198fb4c 37435->37442 37437 7ff60198fe4a 37437->37236 37438->37224 37439->37232 37440->37232 37441->37232 37443 7ff60198fb99 37442->37443 37444 7ff60198fb6c 37442->37444 37443->37437 37444->37443 37445 7ff60198fba1 37444->37445 37446 7ff60198fb76 37444->37446 37449 7ff60198fa8c 37445->37449 37456 7ff601999b24 37 API calls 2 library calls 37446->37456 37457 7ff60199477c EnterCriticalSection 37449->37457 37451 7ff60198faa9 37452 7ff60198facc 74 API calls 37451->37452 37453 7ff60198fab2 37452->37453 37454 7ff601994788 _fread_nolock LeaveCriticalSection 37453->37454 37455 7ff60198fabd 37454->37455 37455->37443 37456->37443 37459 7ff60198f191 37458->37459 37460 7ff60198f163 37458->37460 37467 7ff60198f183 37459->37467 37468 7ff60199477c EnterCriticalSection 37459->37468 37469 7ff601999b24 37 API calls 2 library calls 37460->37469 37463 7ff60198f1a8 37464 7ff60198f1c4 72 API calls 37463->37464 37465 7ff60198f1b4 37464->37465 37466 7ff601994788 _fread_nolock LeaveCriticalSection 37465->37466 37466->37467 37467->37240 37469->37467 37471 7ff60198f6d4 37470->37471 37472 7ff60198f706 37470->37472 37471->37180 37472->37471 37473 7ff60198f752 37472->37473 37474 7ff60198f715 __scrt_get_show_window_mode 37472->37474 37483 7ff60199477c EnterCriticalSection 37473->37483 37484 7ff6019943f4 11 API calls _set_fmode 37474->37484 37477 7ff60198f75a 37479 7ff60198f45c _fread_nolock 51 API calls 37477->37479 37478 7ff60198f72a 37485 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37478->37485 37480 7ff60198f771 37479->37480 37482 7ff601994788 _fread_nolock LeaveCriticalSection 37480->37482 37482->37471 37484->37478 37485->37471 37487 7ff601993cfe 37486->37487 37488 7ff601993d23 37487->37488 37490 7ff601993d5f 37487->37490 37504 7ff601999b24 37 API calls 2 library calls 37488->37504 37505 7ff601991f30 49 API calls _invalid_parameter_noinfo 37490->37505 37492 7ff601993d4d 37495 7ff60198b870 _log10_special 8 API calls 37492->37495 37493 7ff601993e3c 37494 7ff601999c58 __free_lconv_mon 11 API calls 37493->37494 37494->37492 37497 7ff601981c38 37495->37497 37496 7ff601993df6 37496->37493 37498 7ff601993e60 37496->37498 37499 7ff601993e11 37496->37499 37500 7ff601993e08 37496->37500 37497->37145 37498->37493 37501 7ff601993e6a 37498->37501 37506 7ff601999c58 37499->37506 37500->37493 37500->37499 37503 7ff601999c58 __free_lconv_mon 11 API calls 37501->37503 37503->37492 37504->37492 37505->37496 37507 7ff601999c5d RtlFreeHeap 37506->37507 37511 7ff601999c8c 37506->37511 37508 7ff601999c78 GetLastError 37507->37508 37507->37511 37509 7ff601999c85 __free_lconv_mon 37508->37509 37512 7ff6019943f4 11 API calls _set_fmode 37509->37512 37511->37492 37512->37511 37513->37195 37515 7ff60198bf5c 37536 7ff60198c12c 37515->37536 37518 7ff60198c0a8 37655 7ff60198c44c 7 API calls 2 library calls 37518->37655 37519 7ff60198bf78 __scrt_acquire_startup_lock 37521 7ff60198c0b2 37519->37521 37528 7ff60198bf96 __scrt_release_startup_lock 37519->37528 37656 7ff60198c44c 7 API calls 2 library calls 37521->37656 37523 7ff60198bfbb 37524 7ff60198c0bd __GetCurrentState 37525 7ff60198c041 37542 7ff60198c594 37525->37542 37527 7ff60198c046 37545 7ff601981000 37527->37545 37528->37523 37528->37525 37652 7ff601998e44 45 API calls 37528->37652 37533 7ff60198c069 37533->37524 37654 7ff60198c2b0 7 API calls 37533->37654 37535 7ff60198c080 37535->37523 37537 7ff60198c134 37536->37537 37538 7ff60198c140 __scrt_dllmain_crt_thread_attach 37537->37538 37539 7ff60198bf70 37538->37539 37540 7ff60198c14d 37538->37540 37539->37518 37539->37519 37540->37539 37657 7ff60198cba8 7 API calls 2 library calls 37540->37657 37658 7ff6019a97e0 37542->37658 37546 7ff601981009 37545->37546 37660 7ff601994794 37546->37660 37548 7ff60198352b 37667 7ff6019833e0 37548->37667 37552 7ff60198b870 _log10_special 8 API calls 37554 7ff60198372a 37552->37554 37653 7ff60198c5d8 GetModuleHandleW 37554->37653 37555 7ff60198356c 37558 7ff601981bf0 49 API calls 37555->37558 37556 7ff601983736 37557 7ff601983f70 108 API calls 37556->37557 37559 7ff601983746 37557->37559 37575 7ff601983588 37558->37575 37560 7ff601983785 37559->37560 37753 7ff6019876a0 37559->37753 37762 7ff6019825f0 53 API calls _log10_special 37560->37762 37564 7ff601983778 37567 7ff60198377d 37564->37567 37568 7ff60198379f 37564->37568 37565 7ff601983538 37565->37552 37566 7ff60198365f __std_exception_copy 37569 7ff601983844 37566->37569 37572 7ff601987e10 14 API calls 37566->37572 37570 7ff60198f36c 74 API calls 37567->37570 37571 7ff601981bf0 49 API calls 37568->37571 37766 7ff601983e90 49 API calls 37569->37766 37570->37560 37574 7ff6019837be 37571->37574 37576 7ff6019836ae 37572->37576 37581 7ff6019818f0 115 API calls 37574->37581 37729 7ff601987e10 37575->37729 37751 7ff601987f80 40 API calls __std_exception_copy 37576->37751 37577 7ff601983852 37579 7ff601983865 37577->37579 37580 7ff601983871 37577->37580 37767 7ff601983fe0 37579->37767 37584 7ff601981bf0 49 API calls 37580->37584 37585 7ff6019837df 37581->37585 37582 7ff6019836bd 37586 7ff60198380f 37582->37586 37588 7ff6019836cf 37582->37588 37601 7ff601983805 __std_exception_copy 37584->37601 37585->37575 37587 7ff6019837ef 37585->37587 37764 7ff601988400 58 API calls _log10_special 37586->37764 37763 7ff6019825f0 53 API calls _log10_special 37587->37763 37592 7ff601981bf0 49 API calls 37588->37592 37590 7ff6019886b0 2 API calls 37594 7ff60198389e SetDllDirectoryW 37590->37594 37595 7ff6019836f1 37592->37595 37593 7ff601983814 37765 7ff601987c40 84 API calls 2 library calls 37593->37765 37599 7ff6019838c3 37594->37599 37600 7ff6019836fc 37595->37600 37595->37601 37603 7ff601983a50 37599->37603 37770 7ff601986560 53 API calls 37599->37770 37752 7ff6019825f0 53 API calls _log10_special 37600->37752 37601->37590 37602 7ff601983834 37602->37569 37602->37601 37607 7ff601983a7d 37603->37607 37608 7ff601983a5a PostMessageW GetMessageW 37603->37608 37606 7ff6019838d5 37771 7ff601986b00 118 API calls 2 library calls 37606->37771 37742 7ff601983080 37607->37742 37608->37607 37610 7ff6019838ea 37612 7ff601983947 37610->37612 37614 7ff601983901 37610->37614 37772 7ff6019865a0 121 API calls _log10_special 37610->37772 37612->37603 37619 7ff60198395c 37612->37619 37626 7ff601983905 37614->37626 37773 7ff601986970 91 API calls 37614->37773 37618 7ff601983a97 37780 7ff601986780 FreeLibrary 37618->37780 37777 7ff6019830e0 122 API calls 2 library calls 37619->37777 37620 7ff601983916 37620->37626 37774 7ff601986cd0 54 API calls 37620->37774 37624 7ff601983aa3 37625 7ff601983964 37625->37565 37628 7ff60198396c 37625->37628 37626->37612 37775 7ff601982870 53 API calls _log10_special 37626->37775 37778 7ff6019883e0 LocalFree 37628->37778 37630 7ff60198393f 37776 7ff601986780 FreeLibrary 37630->37776 37652->37525 37653->37533 37654->37535 37655->37521 37656->37524 37657->37539 37659 7ff60198c5ab GetStartupInfoW 37658->37659 37659->37527 37663 7ff60199e790 37660->37663 37661 7ff60199e7e3 37781 7ff601999b24 37 API calls 2 library calls 37661->37781 37663->37661 37664 7ff60199e836 37663->37664 37782 7ff60199e668 71 API calls _fread_nolock 37664->37782 37666 7ff60199e80c 37666->37548 37783 7ff60198bb70 37667->37783 37670 7ff60198341b 37790 7ff6019829e0 51 API calls _log10_special 37670->37790 37671 7ff601983438 37785 7ff6019885a0 FindFirstFileExW 37671->37785 37675 7ff60198342e 37679 7ff60198b870 _log10_special 8 API calls 37675->37679 37676 7ff60198344b 37791 7ff601988620 CreateFileW GetFinalPathNameByHandleW CloseHandle 37676->37791 37677 7ff6019834a5 37793 7ff601988760 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 37677->37793 37682 7ff6019834dd 37679->37682 37681 7ff601983458 37684 7ff60198345c 37681->37684 37685 7ff601983474 __vcrt_InitializeCriticalSectionEx 37681->37685 37682->37565 37689 7ff6019818f0 37682->37689 37683 7ff6019834b3 37683->37675 37794 7ff6019826c0 49 API calls _log10_special 37683->37794 37792 7ff6019826c0 49 API calls _log10_special 37684->37792 37685->37677 37688 7ff60198346d 37688->37675 37690 7ff601983f70 108 API calls 37689->37690 37691 7ff601981925 37690->37691 37692 7ff601981bb6 37691->37692 37693 7ff6019876a0 83 API calls 37691->37693 37694 7ff60198b870 _log10_special 8 API calls 37692->37694 37696 7ff60198196b 37693->37696 37695 7ff601981bd1 37694->37695 37695->37555 37695->37556 37697 7ff60198f9f4 73 API calls 37696->37697 37728 7ff60198199c 37696->37728 37699 7ff601981985 37697->37699 37698 7ff60198f36c 74 API calls 37698->37692 37700 7ff601981989 37699->37700 37701 7ff6019819a1 37699->37701 37795 7ff601982760 53 API calls 2 library calls 37700->37795 37703 7ff60198f6bc _fread_nolock 53 API calls 37701->37703 37704 7ff6019819b9 37703->37704 37705 7ff6019819d7 37704->37705 37706 7ff6019819bf 37704->37706 37708 7ff601981a06 37705->37708 37709 7ff6019819ee 37705->37709 37796 7ff601982760 53 API calls 2 library calls 37706->37796 37711 7ff601981bf0 49 API calls 37708->37711 37797 7ff601982760 53 API calls 2 library calls 37709->37797 37712 7ff601981a1d 37711->37712 37713 7ff601981bf0 49 API calls 37712->37713 37714 7ff601981a68 37713->37714 37715 7ff60198f9f4 73 API calls 37714->37715 37716 7ff601981a8c 37715->37716 37717 7ff601981ab9 37716->37717 37718 7ff601981aa1 37716->37718 37720 7ff60198f6bc _fread_nolock 53 API calls 37717->37720 37798 7ff601982760 53 API calls 2 library calls 37718->37798 37721 7ff601981ace 37720->37721 37722 7ff601981aec 37721->37722 37723 7ff601981ad4 37721->37723 37800 7ff60198f430 37722->37800 37799 7ff601982760 53 API calls 2 library calls 37723->37799 37728->37698 37730 7ff601987e1a 37729->37730 37731 7ff6019886b0 2 API calls 37730->37731 37732 7ff601987e39 GetEnvironmentVariableW 37731->37732 37733 7ff601987e56 ExpandEnvironmentStringsW 37732->37733 37734 7ff601987ea2 37732->37734 37733->37734 37736 7ff601987e78 37733->37736 37735 7ff60198b870 _log10_special 8 API calls 37734->37735 37738 7ff601987eb4 37735->37738 37809 7ff601988760 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 37736->37809 37738->37566 37739 7ff601987e8a 37740 7ff60198b870 _log10_special 8 API calls 37739->37740 37741 7ff601987e9a 37740->37741 37741->37566 37810 7ff601985af0 37742->37810 37746 7ff6019830a1 37750 7ff6019830b9 37746->37750 37880 7ff601985800 37746->37880 37748 7ff6019830ad 37748->37750 37889 7ff601985990 53 API calls 37748->37889 37779 7ff6019833a0 FreeLibrary 37750->37779 37751->37582 37752->37565 37754 7ff6019876c4 37753->37754 37755 7ff60198779b __std_exception_copy 37754->37755 37756 7ff60198f9f4 73 API calls 37754->37756 37755->37564 37757 7ff6019876e0 37756->37757 37757->37755 37952 7ff601996bd8 37757->37952 37759 7ff6019876f5 37759->37755 37760 7ff60198f9f4 73 API calls 37759->37760 37761 7ff60198f6bc _fread_nolock 53 API calls 37759->37761 37760->37759 37761->37759 37762->37565 37763->37565 37764->37593 37765->37602 37766->37577 37768 7ff601981bf0 49 API calls 37767->37768 37769 7ff601984010 37768->37769 37769->37601 37770->37606 37771->37610 37772->37614 37773->37620 37774->37626 37775->37630 37776->37612 37777->37625 37779->37618 37780->37624 37781->37666 37782->37666 37784 7ff6019833ec GetModuleFileNameW 37783->37784 37784->37670 37784->37671 37786 7ff6019885df FindClose 37785->37786 37787 7ff6019885f2 37785->37787 37786->37787 37788 7ff60198b870 _log10_special 8 API calls 37787->37788 37789 7ff601983442 37788->37789 37789->37676 37789->37677 37790->37675 37791->37681 37792->37688 37793->37683 37794->37675 37795->37728 37796->37728 37797->37728 37798->37728 37799->37728 37801 7ff60198f439 37800->37801 37802 7ff601981b06 37800->37802 37807 7ff6019943f4 11 API calls _set_fmode 37801->37807 37802->37728 37806 7ff6019825f0 53 API calls _log10_special 37802->37806 37804 7ff60198f43e 37808 7ff601999bf0 37 API calls _invalid_parameter_noinfo 37804->37808 37806->37728 37807->37804 37808->37802 37809->37739 37811 7ff601985b05 37810->37811 37812 7ff601981bf0 49 API calls 37811->37812 37813 7ff601985b41 37812->37813 37814 7ff601985b6d 37813->37814 37815 7ff601985b4a 37813->37815 37817 7ff601983fe0 49 API calls 37814->37817 37900 7ff6019825f0 53 API calls _log10_special 37815->37900 37818 7ff601985b85 37817->37818 37819 7ff601985ba3 37818->37819 37901 7ff6019825f0 53 API calls _log10_special 37818->37901 37890 7ff601983f10 37819->37890 37821 7ff60198b870 _log10_special 8 API calls 37824 7ff60198308e 37821->37824 37824->37750 37841 7ff601985c80 37824->37841 37825 7ff601985bbb 37827 7ff601983fe0 49 API calls 37825->37827 37826 7ff6019881a0 3 API calls 37826->37825 37828 7ff601985bd4 37827->37828 37829 7ff601985bf9 37828->37829 37830 7ff601985bd9 37828->37830 37896 7ff6019881a0 37829->37896 37902 7ff6019825f0 53 API calls _log10_special 37830->37902 37833 7ff601985b63 37833->37821 37834 7ff601985c06 37835 7ff601985c49 37834->37835 37836 7ff601985c12 37834->37836 37904 7ff6019850b0 95 API calls 37835->37904 37838 7ff6019886b0 2 API calls 37836->37838 37839 7ff601985c2a 37838->37839 37903 7ff6019829e0 51 API calls _log10_special 37839->37903 37905 7ff601984c80 37841->37905 37843 7ff601985cba 37844 7ff601985cd3 37843->37844 37845 7ff601985cc2 37843->37845 37912 7ff601984450 37844->37912 37937 7ff6019825f0 53 API calls _log10_special 37845->37937 37849 7ff601985cf0 37853 7ff601985d10 37849->37853 37854 7ff601985cff 37849->37854 37850 7ff601985cdf 37938 7ff6019825f0 53 API calls _log10_special 37850->37938 37852 7ff601985cce 37852->37746 37916 7ff601984700 37853->37916 37939 7ff6019825f0 53 API calls _log10_special 37854->37939 37857 7ff601985d2b 37858 7ff601985d40 37857->37858 37859 7ff601985d2f 37857->37859 37861 7ff601985d60 37858->37861 37862 7ff601985d4f 37858->37862 37940 7ff6019825f0 53 API calls _log10_special 37859->37940 37923 7ff6019845a0 37861->37923 37941 7ff6019825f0 53 API calls _log10_special 37862->37941 37866 7ff601985d80 37869 7ff601985da0 37866->37869 37870 7ff601985d8f 37866->37870 37867 7ff601985d6f 37942 7ff6019825f0 53 API calls _log10_special 37867->37942 37872 7ff601985db1 37869->37872 37874 7ff601985dc2 37869->37874 37943 7ff6019825f0 53 API calls _log10_special 37870->37943 37944 7ff6019825f0 53 API calls _log10_special 37872->37944 37877 7ff601985dec 37874->37877 37945 7ff6019965c0 73 API calls 37874->37945 37876 7ff601985dda 37946 7ff6019965c0 73 API calls 37876->37946 37877->37852 37947 7ff6019825f0 53 API calls _log10_special 37877->37947 37881 7ff601985820 37880->37881 37881->37881 37882 7ff601985849 37881->37882 37888 7ff601985860 __std_exception_copy 37881->37888 37951 7ff6019825f0 53 API calls _log10_special 37882->37951 37884 7ff601985855 37884->37748 37885 7ff60198596b 37885->37748 37886 7ff601981440 116 API calls 37886->37888 37887 7ff6019825f0 53 API calls 37887->37888 37888->37885 37888->37886 37888->37887 37889->37750 37891 7ff601983f1a 37890->37891 37892 7ff6019886b0 2 API calls 37891->37892 37893 7ff601983f3f 37892->37893 37894 7ff60198b870 _log10_special 8 API calls 37893->37894 37895 7ff601983f67 37894->37895 37895->37825 37895->37826 37897 7ff6019886b0 2 API calls 37896->37897 37898 7ff6019881b4 LoadLibraryExW 37897->37898 37899 7ff6019881d3 __std_exception_copy 37898->37899 37899->37834 37900->37833 37901->37819 37902->37833 37903->37833 37904->37833 37907 7ff601984cac 37905->37907 37906 7ff601984cb4 37906->37843 37907->37906 37910 7ff601984e54 37907->37910 37948 7ff601995db4 48 API calls 37907->37948 37908 7ff601985017 __std_exception_copy 37908->37843 37909 7ff601984180 47 API calls 37909->37910 37910->37908 37910->37909 37913 7ff601984480 37912->37913 37914 7ff60198b870 _log10_special 8 API calls 37913->37914 37915 7ff6019844ea 37914->37915 37915->37849 37915->37850 37917 7ff60198476f 37916->37917 37920 7ff60198471b 37916->37920 37950 7ff601984300 MultiByteToWideChar MultiByteToWideChar __std_exception_copy 37917->37950 37919 7ff60198477c 37919->37857 37922 7ff60198475a 37920->37922 37949 7ff601984300 MultiByteToWideChar MultiByteToWideChar __std_exception_copy 37920->37949 37922->37857 37924 7ff6019845b5 37923->37924 37925 7ff601981bf0 49 API calls 37924->37925 37926 7ff601984601 37925->37926 37927 7ff601981bf0 49 API calls 37926->37927 37936 7ff601984687 __std_exception_copy 37926->37936 37928 7ff601984640 37927->37928 37931 7ff6019886b0 2 API calls 37928->37931 37928->37936 37929 7ff60198b870 _log10_special 8 API calls 37930 7ff6019846dc 37929->37930 37930->37866 37930->37867 37932 7ff60198465a 37931->37932 37933 7ff6019886b0 2 API calls 37932->37933 37934 7ff601984671 37933->37934 37935 7ff6019886b0 2 API calls 37934->37935 37935->37936 37936->37929 37937->37852 37938->37852 37939->37852 37940->37852 37941->37852 37942->37852 37943->37852 37944->37852 37945->37876 37946->37877 37947->37852 37948->37907 37949->37922 37950->37919 37951->37884 37953 7ff601996c08 37952->37953 37956 7ff6019966e4 37953->37956 37955 7ff601996c21 37955->37759 37957 7ff60199672e 37956->37957 37958 7ff6019966ff 37956->37958 37966 7ff60199477c EnterCriticalSection 37957->37966 37967 7ff601999b24 37 API calls 2 library calls 37958->37967 37961 7ff60199671f 37961->37955 37962 7ff601996733 37963 7ff601996750 38 API calls 37962->37963 37964 7ff60199673f 37963->37964 37965 7ff601994788 _fread_nolock LeaveCriticalSection 37964->37965 37965->37961 37967->37961 37968 7ff60198ab3c 37970 7ff601989e3a 37968->37970 37969 7ff601989eb6 37970->37969 37972 7ff60198b0b0 37970->37972 37973 7ff60198b0d3 37972->37973 37974 7ff60198b0f1 memcpy_s 37972->37974 37976 7ff60199c90c 37973->37976 37974->37969 37977 7ff60199c957 37976->37977 37981 7ff60199c91b _set_fmode 37976->37981 37984 7ff6019943f4 11 API calls _set_fmode 37977->37984 37979 7ff60199c93e HeapAlloc 37980 7ff60199c955 37979->37980 37979->37981 37980->37974 37981->37977 37981->37979 37983 7ff6019a28a0 EnterCriticalSection LeaveCriticalSection _set_fmode 37981->37983 37983->37981 37984->37980

                                                                Executed Functions

                                                                Function 00007FFE13201060 Relevance: 632.7, APIs: 189, Strings: 172, Instructions: 923networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ffe13201060-7ffe132010aa WSAStartup 1 7ffe13203108-7ffe13203110 0->1 2 7ffe132010b0-7ffe132010cb Py_AtExit 0->2 5 7ffe13203145 1->5 6 7ffe13203112-7ffe13203115 1->6 3 7ffe13201159-7ffe1320117f PyModule_Create2 2->3 4 7ffe132010d1-7ffe13201153 call 7ffe13202f5c VerSetConditionMask * 3 VerifyVersionInfoW 2->4 8 7ffe13201185-7ffe132011c9 PyModule_AddObject PyErr_NewException 3->8 9 7ffe1320219e-7ffe132021a0 3->9 4->3 12 7ffe1320314c-7ffe1320315c PyErr_SetString 5->12 10 7ffe1320313c-7ffe13203143 6->10 11 7ffe13203117-7ffe1320311a 6->11 8->9 14 7ffe132011cf-7ffe13201209 PyModule_AddObject PyErr_NewException 8->14 15 7ffe1320216e-7ffe1320219d call 7ffe13202280 9->15 10->12 11->5 16 7ffe1320311c-7ffe13203136 PyErr_Format 11->16 17 7ffe13203162-7ffe1320316b PyErr_NoMemory 12->17 14->9 19 7ffe1320120f-7ffe13201262 PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 14->19 16->10 17->9 20 7ffe13203171 17->20 19->9 22 7ffe13201268-7ffe13201284 PyModule_AddObject 19->22 23 7ffe1320322a-7ffe13203234 _Py_Dealloc 20->23 22->9 24 7ffe1320128a-7ffe132012b5 PyModule_AddObject PyMem_Malloc 22->24 23->9 24->17 25 7ffe132012bb-7ffe13201304 PyCapsule_New 24->25 26 7ffe1320130a-7ffe1320131f PyModule_AddObject 25->26 27 7ffe13203176-7ffe13203181 call 7ffe13204b80 25->27 29 7ffe1320318c-7ffe1320318f 26->29 30 7ffe13201325-7ffe13202034 PyModule_AddIntConstant * 11 PyModule_AddStringConstant * 2 PyModule_AddIntConstant * 137 26->30 27->9 35 7ffe13203187 27->35 32 7ffe1320319a-7ffe1320319d 29->32 33 7ffe13203191-7ffe13203194 _Py_Dealloc 29->33 34 7ffe13202037-7ffe13202042 PyLong_FromUnsignedLong 30->34 32->9 36 7ffe132031a3 32->36 33->32 34->9 37 7ffe13202048-7ffe13202064 PyModule_AddObject 34->37 35->23 36->23 37->34 38 7ffe13202066-7ffe132020c7 PyModule_AddIntConstant * 4 PyModule_GetDict 37->38 39 7ffe132020cd-7ffe13202147 VerSetConditionMask * 3 38->39 40 7ffe13203220-7ffe13203224 38->40 41 7ffe1320214a-7ffe13202165 VerifyVersionInfoA 39->41 40->9 40->23 42 7ffe1320216b 41->42 43 7ffe132031a8-7ffe132031c6 PyUnicode_FromString 41->43 42->15 43->40 44 7ffe132031c8-7ffe132031e3 _PyDict_Pop 43->44 45 7ffe132031e5-7ffe132031e8 _Py_Dealloc 44->45 46 7ffe132031ee-7ffe132031f1 44->46 45->46 46->40 47 7ffe132031f3-7ffe132031f8 46->47 48 7ffe132031fa-7ffe132031fd _Py_Dealloc 47->48 49 7ffe13203203-7ffe13203215 47->49 48->49 49->41 50 7ffe1320321b 49->50 50->40
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Module_$Constant$Object$ConditionMask$Err_$ExceptionInfoStringVerifyVersion$Capsule_Create2DictExitFormatFromLongLong_MallocMem_StartupUnsigned
                                                                • String ID: 00:00:00:00:00:00$00:00:00:FF:FF:FF$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_DROP_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket$socket.gaierror$socket.herror$timeout
                                                                • API String ID: 2280847565-1299366327
                                                                • Opcode ID: de31a07a70c23239d4b04c80589f0f0a269b501d95a9cdd44f27bf4122d5a2ac
                                                                • Instruction ID: 0d093d2f738055a56b329381084ebffcd4f4bdf168f119301dc647ac592e2413
                                                                • Opcode Fuzzy Hash: de31a07a70c23239d4b04c80589f0f0a269b501d95a9cdd44f27bf4122d5a2ac
                                                                • Instruction Fuzzy Hash: 78A2FA64B18F0289EA14EF17E85427E2B21BBAABA0F4550B5CD0E27774DEBCE15DC700
                                                                Function 00007FF601981000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 97 7ff601981000-7ff601983536 call 7ff60198f138 call 7ff60198f140 call 7ff60198bb70 call 7ff601994700 call 7ff601994794 call 7ff6019833e0 111 7ff601983538-7ff60198353f 97->111 112 7ff601983544-7ff601983566 call 7ff6019818f0 97->112 113 7ff60198371a-7ff601983735 call 7ff60198b870 111->113 118 7ff60198356c-7ff601983583 call 7ff601981bf0 112->118 119 7ff601983736-7ff60198374c call 7ff601983f70 112->119 123 7ff601983588-7ff6019835c1 118->123 124 7ff601983785-7ff60198379a call 7ff6019825f0 119->124 125 7ff60198374e-7ff60198377b call 7ff6019876a0 119->125 126 7ff6019835c7-7ff6019835cb 123->126 127 7ff601983653-7ff60198366d call 7ff601987e10 123->127 141 7ff601983712 124->141 138 7ff60198377d-7ff601983780 call 7ff60198f36c 125->138 139 7ff60198379f-7ff6019837be call 7ff601981bf0 125->139 130 7ff6019835cd-7ff6019835e5 call 7ff601994560 126->130 131 7ff601983638-7ff60198364d call 7ff6019818e0 126->131 143 7ff601983695-7ff60198369c 127->143 144 7ff60198366f-7ff601983675 127->144 149 7ff6019835e7-7ff6019835eb 130->149 150 7ff6019835f2-7ff60198360a call 7ff601994560 130->150 131->126 131->127 138->124 158 7ff6019837c1-7ff6019837ca 139->158 141->113 145 7ff601983844-7ff601983863 call 7ff601983e90 143->145 146 7ff6019836a2-7ff6019836c0 call 7ff601987e10 call 7ff601987f80 143->146 151 7ff601983677-7ff601983680 144->151 152 7ff601983682-7ff601983690 call 7ff60199415c 144->152 166 7ff601983865-7ff60198386f call 7ff601983fe0 145->166 167 7ff601983871-7ff601983882 call 7ff601981bf0 145->167 175 7ff6019836c6-7ff6019836c9 146->175 176 7ff60198380f-7ff60198381e call 7ff601988400 146->176 149->150 163 7ff60198360c-7ff601983610 150->163 164 7ff601983617-7ff60198362f call 7ff601994560 150->164 151->152 152->143 158->158 162 7ff6019837cc-7ff6019837e9 call 7ff6019818f0 158->162 162->123 179 7ff6019837ef-7ff601983800 call 7ff6019825f0 162->179 163->164 164->131 180 7ff601983631 164->180 178 7ff601983887-7ff6019838a1 call 7ff6019886b0 166->178 167->178 175->176 181 7ff6019836cf-7ff6019836f6 call 7ff601981bf0 175->181 190 7ff60198382c-7ff601983836 call 7ff601987c40 176->190 191 7ff601983820 176->191 192 7ff6019838a3 178->192 193 7ff6019838af-7ff6019838c1 SetDllDirectoryW 178->193 179->141 180->131 197 7ff6019836fc-7ff601983703 call 7ff6019825f0 181->197 198 7ff601983805-7ff60198380d call 7ff60199415c 181->198 190->178 204 7ff601983838 190->204 191->190 192->193 195 7ff6019838c3-7ff6019838ca 193->195 196 7ff6019838d0-7ff6019838ec call 7ff601986560 call 7ff601986b00 193->196 195->196 200 7ff601983a50-7ff601983a58 195->200 215 7ff601983947-7ff60198394a call 7ff601986510 196->215 216 7ff6019838ee-7ff6019838f4 196->216 207 7ff601983708-7ff60198370a 197->207 198->178 208 7ff601983a7d-7ff601983a88 call 7ff6019833d0 call 7ff601983080 200->208 209 7ff601983a5a-7ff601983a77 PostMessageW GetMessageW 200->209 204->145 207->141 217 7ff601983a8d-7ff601983aaf call 7ff6019833a0 call 7ff601986780 call 7ff601986510 208->217 209->208 223 7ff60198394f-7ff601983956 215->223 218 7ff6019838f6-7ff601983903 call 7ff6019865a0 216->218 219 7ff60198390e-7ff601983918 call 7ff601986970 216->219 218->219 232 7ff601983905-7ff60198390c 218->232 229 7ff60198391a-7ff601983921 219->229 230 7ff601983923-7ff601983931 call 7ff601986cd0 219->230 223->200 227 7ff60198395c-7ff601983966 call 7ff6019830e0 223->227 227->207 241 7ff60198396c-7ff601983980 call 7ff6019883e0 227->241 234 7ff60198393a-7ff601983942 call 7ff601982870 call 7ff601986780 229->234 230->223 243 7ff601983933 230->243 232->234 234->215 248 7ff6019839a5-7ff6019839e8 call 7ff601987f20 call 7ff601987fc0 call 7ff601986780 call 7ff601986510 call 7ff601987ec0 241->248 249 7ff601983982-7ff60198399f PostMessageW GetMessageW 241->249 243->234 260 7ff601983a3d-7ff601983a4b call 7ff6019818a0 248->260 261 7ff6019839ea-7ff601983a00 call 7ff6019881f0 call 7ff601987ec0 248->261 249->248 260->207 261->260 268 7ff601983a02-7ff601983a10 261->268 269 7ff601983a12-7ff601983a2c call 7ff6019825f0 call 7ff6019818a0 268->269 270 7ff601983a31-7ff601983a38 call 7ff601982870 268->270 269->207 270->260
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName
                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                • API String ID: 514040917-585287483
                                                                • Opcode ID: b3266ab5b599bac58e49b83a3d96428c259aabf8854c5c280912ab733958fcfb
                                                                • Instruction ID: 31d67e0877885e1a208ec70ad9ccd2fe2fd40374663ea2ef36dd29fa620c37df
                                                                • Opcode Fuzzy Hash: b3266ab5b599bac58e49b83a3d96428c259aabf8854c5c280912ab733958fcfb
                                                                • Instruction Fuzzy Hash: C9F17021F08682A2FB19EB21D5552F96351BF54B8CFA44032DA1EC76D7EFACE658C340
                                                                Function 00007FF6019A5C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 533 7ff6019a5c74-7ff6019a5ce7 call 7ff6019a59a8 536 7ff6019a5d01-7ff6019a5d0b call 7ff601997830 533->536 537 7ff6019a5ce9-7ff6019a5cf2 call 7ff6019943d4 533->537 543 7ff6019a5d26-7ff6019a5d8f CreateFileW 536->543 544 7ff6019a5d0d-7ff6019a5d24 call 7ff6019943d4 call 7ff6019943f4 536->544 542 7ff6019a5cf5-7ff6019a5cfc call 7ff6019943f4 537->542 560 7ff6019a6042-7ff6019a6062 542->560 545 7ff6019a5d91-7ff6019a5d97 543->545 546 7ff6019a5e0c-7ff6019a5e17 GetFileType 543->546 544->542 549 7ff6019a5dd9-7ff6019a5e07 GetLastError call 7ff601994368 545->549 550 7ff6019a5d99-7ff6019a5d9d 545->550 552 7ff6019a5e19-7ff6019a5e54 GetLastError call 7ff601994368 CloseHandle 546->552 553 7ff6019a5e6a-7ff6019a5e71 546->553 549->542 550->549 558 7ff6019a5d9f-7ff6019a5dd7 CreateFileW 550->558 552->542 568 7ff6019a5e5a-7ff6019a5e65 call 7ff6019943f4 552->568 556 7ff6019a5e73-7ff6019a5e77 553->556 557 7ff6019a5e79-7ff6019a5e7c 553->557 563 7ff6019a5e82-7ff6019a5ed7 call 7ff601997748 556->563 557->563 564 7ff6019a5e7e 557->564 558->546 558->549 571 7ff6019a5ef6-7ff6019a5f27 call 7ff6019a5728 563->571 572 7ff6019a5ed9-7ff6019a5ee5 call 7ff6019a5bb0 563->572 564->563 568->542 578 7ff6019a5f29-7ff6019a5f2b 571->578 579 7ff6019a5f2d-7ff6019a5f6f 571->579 572->571 580 7ff6019a5ee7 572->580 581 7ff6019a5ee9-7ff6019a5ef1 call 7ff601999dd0 578->581 582 7ff6019a5f91-7ff6019a5f9c 579->582 583 7ff6019a5f71-7ff6019a5f75 579->583 580->581 581->560 585 7ff6019a6040 582->585 586 7ff6019a5fa2-7ff6019a5fa6 582->586 583->582 584 7ff6019a5f77-7ff6019a5f8c 583->584 584->582 585->560 586->585 588 7ff6019a5fac-7ff6019a5ff1 CloseHandle CreateFileW 586->588 590 7ff6019a5ff3-7ff6019a6021 GetLastError call 7ff601994368 call 7ff601997970 588->590 591 7ff6019a6026-7ff6019a603b 588->591 590->591 591->585
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                • String ID:
                                                                • API String ID: 1617910340-0
                                                                • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                • Instruction ID: fa80f79266c53877c03f04f03bd749ad33a8e4351d2a8f24ff2834dec2693a03
                                                                • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                • Instruction Fuzzy Hash: 8AC1BF36F28A418AEB10CF69C4916AC3761FB49B98B614225DF2E97796CF38E459C340
                                                                Function 00007FF6019885A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                • Instruction ID: c65aefb6f8dd6804c7a43148d0c6b8ddbe92fd8e1ee09a28082e863cc96e086a
                                                                • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                • Instruction Fuzzy Hash: 9FF06822A2D64287F7608B60B4897667350FB4476CF540339D96E826D5DF7CE0598A04
                                                                Function 00007FFE1320500C Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 247threadnetworkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 51 7ffe1320500c-7ffe13205046 52 7ffe13205048-7ffe13205052 51->52 53 7ffe13205054-7ffe13205079 PySys_Audit 51->53 52->53 54 7ffe13205094-7ffe132050a2 52->54 55 7ffe1320507b-7ffe1320507e 53->55 56 7ffe132050cf 53->56 60 7ffe132050a8-7ffe132050b0 54->60 61 7ffe13205283-7ffe13205293 PyLong_AsLongLong 54->61 58 7ffe1320535b-7ffe13205398 PyEval_SaveThread 55->58 59 7ffe13205084-7ffe1320508e 55->59 57 7ffe132050d4-7ffe132050f5 call 7ffe13202280 56->57 65 7ffe1320539a-7ffe132053b6 WSASocketW 58->65 66 7ffe132053c5-7ffe132053cb socket 58->66 59->54 59->58 67 7ffe132050f6-7ffe132050ff 60->67 68 7ffe132050b2-7ffe132050c9 PyErr_Format 60->68 63 7ffe13205295-7ffe1320529e PyErr_Occurred 61->63 64 7ffe132052c0-7ffe132052ef memset getsockname 61->64 63->56 71 7ffe132052a4-7ffe132052bb PyErr_SetString 63->71 72 7ffe132052fd-7ffe13205300 64->72 73 7ffe132052f1-7ffe132052f4 64->73 69 7ffe132053ce-7ffe132053db PyEval_RestoreThread 65->69 75 7ffe132053b8-7ffe132053c3 65->75 66->69 74 7ffe13205107-7ffe13205158 67->74 68->56 76 7ffe13205214-7ffe13205219 call 7ffe13204008 69->76 77 7ffe132053e1-7ffe132053eb 69->77 71->56 72->76 81 7ffe13205306-7ffe13205311 WSAGetLastError 72->81 78 7ffe13205317-7ffe1320531a 73->78 79 7ffe132052f6-7ffe132052fb 73->79 74->74 80 7ffe1320515a-7ffe132051cd PySys_Audit 74->80 75->66 76->56 82 7ffe13205233-7ffe1320525c 77->82 83 7ffe132053f1-7ffe13205403 SetHandleInformation 77->83 86 7ffe1320531c-7ffe1320534a getsockopt 78->86 87 7ffe13205354-7ffe13205356 78->87 79->78 80->56 84 7ffe132051d3-7ffe13205212 PyEval_SaveThread WSASocketW PyEval_RestoreThread 80->84 81->76 81->78 92 7ffe13205262-7ffe1320526f call 7ffe13203cc4 82->92 93 7ffe1320541f-7ffe13205421 82->93 83->82 88 7ffe13205409-7ffe1320541a closesocket PyErr_SetFromWindowsErr 83->88 84->76 89 7ffe1320521e-7ffe1320522c 84->89 86->76 91 7ffe13205350 86->91 87->82 88->56 89->82 91->87 92->93 96 7ffe13205275-7ffe1320527e closesocket 92->96 93->57 96->56
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_closesocket$ErrorFormatFromHandleInformationLastLong_OccurredStringWindowsgetsocknamegetsockoptmemsetsocket
                                                                • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                • API String ID: 2694513709-2881308447
                                                                • Opcode ID: 7924b488af6f99509b9dc87039506b924d131f0bae3dfb7d7f3a034fdeb34a8e
                                                                • Instruction ID: fec6f99f473ee45508fe384ac0557606ffd1ef44fc61dcf9d1eae341453315b1
                                                                • Opcode Fuzzy Hash: 7924b488af6f99509b9dc87039506b924d131f0bae3dfb7d7f3a034fdeb34a8e
                                                                • Instruction Fuzzy Hash: 1BC1A321A0CF818AE620AB2AD54427D77A1FBE9BB4F105375DA5D236B1DF7CE588C700
                                                                Function 00007FFE132046BC Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114networkthreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 276 7ffe132046bc-7ffe132046f0 277 7ffe132046f3-7ffe132046f6 276->277 278 7ffe13204708-7ffe1320470b 277->278 279 7ffe132046f8-7ffe13204700 277->279 282 7ffe1320470d-7ffe13204719 _PyDeadline_Get 278->282 283 7ffe1320472f-7ffe1320473e _PyDeadline_Init 278->283 280 7ffe132047a7-7ffe132047b8 PyEval_SaveThread call 7ffe13204a2c 279->280 281 7ffe13204706 279->281 287 7ffe132047bc-7ffe132047c9 PyEval_RestoreThread 280->287 284 7ffe13204741 281->284 285 7ffe1320471b-7ffe1320471e 282->285 286 7ffe13204744-7ffe13204754 call 7ffe13203ba8 282->286 283->284 284->286 288 7ffe13204838-7ffe13204849 PyErr_SetString 285->288 289 7ffe13204724-7ffe1320472a 285->289 294 7ffe13204759-7ffe1320475c 286->294 291 7ffe132047cb-7ffe132047ce 287->291 292 7ffe13204829-7ffe1320482c 287->292 293 7ffe1320484f 288->293 289->293 297 7ffe132047d8-7ffe132047e3 WSAGetLastError 291->297 298 7ffe132047d0-7ffe132047d6 WSAGetLastError 291->298 295 7ffe13204834-7ffe13204836 292->295 296 7ffe1320482e 292->296 299 7ffe13204854-7ffe13204862 293->299 300 7ffe1320479e-7ffe132047a1 294->300 301 7ffe1320475e-7ffe13204761 294->301 295->299 296->295 302 7ffe132047e5-7ffe132047ed PyErr_CheckSignals 297->302 303 7ffe132047f1-7ffe132047f6 297->303 298->297 300->280 300->285 304 7ffe1320476b-7ffe13204776 WSAGetLastError 301->304 305 7ffe13204763-7ffe13204769 WSAGetLastError 301->305 302->280 306 7ffe132047ef 302->306 307 7ffe132047f8-7ffe13204807 WSAGetLastError 303->307 308 7ffe1320481f-7ffe13204822 303->308 309 7ffe1320477c-7ffe13204784 PyErr_CheckSignals 304->309 310 7ffe13204824-7ffe13204827 304->310 305->304 311 7ffe1320478a-7ffe1320478d 306->311 307->277 312 7ffe1320480d-7ffe13204818 WSAGetLastError 307->312 308->293 308->310 309->277 309->311 310->293 311->293 313 7ffe13204793-7ffe13204799 311->313 312->308 315 7ffe1320481a 312->315 313->293 315->277
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Eval_Thread$Err_$CheckDeadline_RestoreSaveSignals$InitStringTime_Timeval_clampselect
                                                                • String ID: timed out
                                                                • API String ID: 497267021-3163636755
                                                                • Opcode ID: 38c4f76a7ee197147ac4bfb2bcbfd9314fe9dd1a8714764610627149840ccdaf
                                                                • Instruction ID: fba2c0798f730893532ae5ffecedc638357a7d66aee35bc64f8ddb47bd900e00
                                                                • Opcode Fuzzy Hash: 38c4f76a7ee197147ac4bfb2bcbfd9314fe9dd1a8714764610627149840ccdaf
                                                                • Instruction Fuzzy Hash: 8F417821E08E424EF6647B63A84423D2690BFE4B74F0485B0CE4D726B4DF7CE48DCA10
                                                                Function 00007FFE133045B8 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 68threadlibraryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_FromThread$Arg_AuditCharErrorFormatFreeLastLibraryLoadLong_Mem_ParseRestoreSaveStringSys_TupleUnicode_VoidWideWindows
                                                                • String ID: Could not find module '%.500S' (or one of its dependencies). Try using the full path with constructor syntax.$U|i:LoadLibrary$ctypes.dlopen
                                                                • API String ID: 3805577924-808210370
                                                                • Opcode ID: 8085d2a71d9d3a5a76fe34bec048b7c14a2e952a150ea8cd1b327b92dda5160e
                                                                • Instruction ID: f7848eb60575e56ef097a722c5592340ee40c087229b898f2f696bd19a425042
                                                                • Opcode Fuzzy Hash: 8085d2a71d9d3a5a76fe34bec048b7c14a2e952a150ea8cd1b327b92dda5160e
                                                                • Instruction Fuzzy Hash: ED215C60B0CF47C9FA449BA3E84407DA760AFA8BB5F0440B1C92E66275EF7CE549C708
                                                                Function 00007FF6019818F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 329 7ff6019818f0-7ff60198192b call 7ff601983f70 332 7ff601981bc1-7ff601981be5 call 7ff60198b870 329->332 333 7ff601981931-7ff601981971 call 7ff6019876a0 329->333 338 7ff601981977-7ff601981987 call 7ff60198f9f4 333->338 339 7ff601981bae-7ff601981bb1 call 7ff60198f36c 333->339 344 7ff601981989-7ff60198199c call 7ff601982760 338->344 345 7ff6019819a1-7ff6019819bd call 7ff60198f6bc 338->345 343 7ff601981bb6-7ff601981bbe 339->343 343->332 344->339 350 7ff6019819d7-7ff6019819ec call 7ff601994154 345->350 351 7ff6019819bf-7ff6019819d2 call 7ff601982760 345->351 356 7ff601981a06-7ff601981a87 call 7ff601981bf0 * 2 call 7ff60198f9f4 350->356 357 7ff6019819ee-7ff601981a01 call 7ff601982760 350->357 351->339 365 7ff601981a8c-7ff601981a9f call 7ff601994170 356->365 357->339 368 7ff601981ab9-7ff601981ad2 call 7ff60198f6bc 365->368 369 7ff601981aa1-7ff601981ab4 call 7ff601982760 365->369 374 7ff601981aec-7ff601981b08 call 7ff60198f430 368->374 375 7ff601981ad4-7ff601981ae7 call 7ff601982760 368->375 369->339 380 7ff601981b1b-7ff601981b29 374->380 381 7ff601981b0a-7ff601981b16 call 7ff6019825f0 374->381 375->339 380->339 382 7ff601981b2f-7ff601981b3e 380->382 381->339 384 7ff601981b40-7ff601981b46 382->384 386 7ff601981b48-7ff601981b55 384->386 387 7ff601981b60-7ff601981b6f 384->387 388 7ff601981b71-7ff601981b7a 386->388 387->387 387->388 389 7ff601981b7c-7ff601981b7f 388->389 390 7ff601981b8f 388->390 389->390 391 7ff601981b81-7ff601981b84 389->391 392 7ff601981b91-7ff601981bac 390->392 391->390 393 7ff601981b86-7ff601981b89 391->393 392->339 392->384 393->390 394 7ff601981b8b-7ff601981b8d 393->394 394->392
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock$Message
                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                • API String ID: 677216364-3497178890
                                                                • Opcode ID: a30161ddcb53f347f25b1f2e6897933f8ffefd05ad1f673dd95f3daa5e00265f
                                                                • Instruction ID: c3a9e1b68bc027f7f38d962650654a4062ffb247846985f6bbbc2263d23a7ba3
                                                                • Opcode Fuzzy Hash: a30161ddcb53f347f25b1f2e6897933f8ffefd05ad1f673dd95f3daa5e00265f
                                                                • Instruction Fuzzy Hash: 6F71A371F1D6868AEB60DB28E4506B923A0FF4478CF644035D98DC779BEEBCE5498B40
                                                                Function 00007FF601981440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2030045667-3659356012
                                                                • Opcode ID: 51d15d1460699289e77add4f3069a3676c8cf109b6e96b600a9136aabbfff977
                                                                • Instruction ID: 2d8743a836de98e0938188987db3ded58b84fffdd3414772b94c64e5e02808b1
                                                                • Opcode Fuzzy Hash: 51d15d1460699289e77add4f3069a3676c8cf109b6e96b600a9136aabbfff977
                                                                • Instruction Fuzzy Hash: 9B417822B0864347EB249B19E4515B56390FF44BDCF684431DE4EC7A97EEBCE5468740
                                                                Function 00007FFE13203A8C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83networkthreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$CheckErr_Eval_SignalsThread$RestoreSaveconnect
                                                                • String ID: 3'
                                                                • API String ID: 1012362816-280543908
                                                                • Opcode ID: 4c2aaa0c3d8159640696ba06d8d00cbee7b06f13f29e807c9c1db9180f4fbb81
                                                                • Instruction ID: fe6405dfe62989b72a6413779f435e955a844315a1f62e6f5e528a6675bd8e57
                                                                • Opcode Fuzzy Hash: 4c2aaa0c3d8159640696ba06d8d00cbee7b06f13f29e807c9c1db9180f4fbb81
                                                                • Instruction Fuzzy Hash: B7313221B08F428AE7646F67A44417F6691BFA47B8F040176DE4E627B5DE7CE448C640
                                                                Function 00007FF6019811F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                • API String ID: 2030045667-2813020118
                                                                • Opcode ID: ea1ca5e8f3e50544152690d8b8276f8aacb6a5aed49fa9de0bf1ed317fada1aa
                                                                • Instruction ID: 53219271ab31fbcd02294e6e8de787daca4b390f6fa0d5ea727549af7d2fdfd4
                                                                • Opcode Fuzzy Hash: ea1ca5e8f3e50544152690d8b8276f8aacb6a5aed49fa9de0bf1ed317fada1aa
                                                                • Instruction Fuzzy Hash: 6A512862B086428AEB609B16E4503BA6291FF8479CF684135ED4EC7BD7EF7CE546C700
                                                                Function 00007FF60199AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 880 7ff60199ad6c-7ff60199ad92 881 7ff60199ad94-7ff60199ada8 call 7ff6019943d4 call 7ff6019943f4 880->881 882 7ff60199adad-7ff60199adb1 880->882 900 7ff60199b19e 881->900 884 7ff60199b187-7ff60199b193 call 7ff6019943d4 call 7ff6019943f4 882->884 885 7ff60199adb7-7ff60199adbe 882->885 902 7ff60199b199 call 7ff601999bf0 884->902 885->884 888 7ff60199adc4-7ff60199adf2 885->888 888->884 889 7ff60199adf8-7ff60199adff 888->889 892 7ff60199ae01-7ff60199ae13 call 7ff6019943d4 call 7ff6019943f4 889->892 893 7ff60199ae18-7ff60199ae1b 889->893 892->902 898 7ff60199ae21-7ff60199ae27 893->898 899 7ff60199b183-7ff60199b185 893->899 898->899 904 7ff60199ae2d-7ff60199ae30 898->904 903 7ff60199b1a1-7ff60199b1b8 899->903 900->903 902->900 904->892 907 7ff60199ae32-7ff60199ae57 904->907 909 7ff60199ae59-7ff60199ae5b 907->909 910 7ff60199ae8a-7ff60199ae91 907->910 913 7ff60199ae82-7ff60199ae88 909->913 914 7ff60199ae5d-7ff60199ae64 909->914 911 7ff60199ae93-7ff60199aebb call 7ff60199c90c call 7ff601999c58 * 2 910->911 912 7ff60199ae66-7ff60199ae7d call 7ff6019943d4 call 7ff6019943f4 call 7ff601999bf0 910->912 943 7ff60199aed8-7ff60199af03 call 7ff60199b594 911->943 944 7ff60199aebd-7ff60199aed3 call 7ff6019943f4 call 7ff6019943d4 911->944 941 7ff60199b010 912->941 915 7ff60199af08-7ff60199af1f 913->915 914->912 914->913 918 7ff60199af21-7ff60199af29 915->918 919 7ff60199af9a-7ff60199afa4 call 7ff6019a2c2c 915->919 918->919 922 7ff60199af2b-7ff60199af2d 918->922 930 7ff60199b02e 919->930 931 7ff60199afaa-7ff60199afbf 919->931 922->919 928 7ff60199af2f-7ff60199af45 922->928 928->919 933 7ff60199af47-7ff60199af53 928->933 939 7ff60199b033-7ff60199b053 ReadFile 930->939 931->930 935 7ff60199afc1-7ff60199afd3 GetConsoleMode 931->935 933->919 937 7ff60199af55-7ff60199af57 933->937 935->930 940 7ff60199afd5-7ff60199afdd 935->940 937->919 942 7ff60199af59-7ff60199af71 937->942 945 7ff60199b059-7ff60199b061 939->945 946 7ff60199b14d-7ff60199b156 GetLastError 939->946 940->939 949 7ff60199afdf-7ff60199b001 ReadConsoleW 940->949 952 7ff60199b013-7ff60199b01d call 7ff601999c58 941->952 942->919 953 7ff60199af73-7ff60199af7f 942->953 943->915 944->941 945->946 947 7ff60199b067 945->947 950 7ff60199b173-7ff60199b176 946->950 951 7ff60199b158-7ff60199b16e call 7ff6019943f4 call 7ff6019943d4 946->951 955 7ff60199b06e-7ff60199b083 947->955 957 7ff60199b003 GetLastError 949->957 958 7ff60199b022-7ff60199b02c 949->958 962 7ff60199b009-7ff60199b00b call 7ff601994368 950->962 963 7ff60199b17c-7ff60199b17e 950->963 951->941 952->903 953->919 961 7ff60199af81-7ff60199af83 953->961 955->952 965 7ff60199b085-7ff60199b090 955->965 957->962 958->955 961->919 969 7ff60199af85-7ff60199af95 961->969 962->941 963->952 972 7ff60199b092-7ff60199b0ab call 7ff60199a984 965->972 973 7ff60199b0b7-7ff60199b0bf 965->973 969->919 980 7ff60199b0b0-7ff60199b0b2 972->980 976 7ff60199b0c1-7ff60199b0d3 973->976 977 7ff60199b13b-7ff60199b148 call 7ff60199a7c4 973->977 981 7ff60199b12e-7ff60199b136 976->981 982 7ff60199b0d5 976->982 977->980 980->952 981->952 984 7ff60199b0da-7ff60199b0e1 982->984 985 7ff60199b0e3-7ff60199b0e7 984->985 986 7ff60199b11d-7ff60199b128 984->986 987 7ff60199b103 985->987 988 7ff60199b0e9-7ff60199b0f0 985->988 986->981 990 7ff60199b109-7ff60199b119 987->990 988->987 989 7ff60199b0f2-7ff60199b0f6 988->989 989->987 992 7ff60199b0f8-7ff60199b101 989->992 990->984 991 7ff60199b11b 990->991 991->981 992->990
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                • Instruction ID: 1800ea3d61b59c95ebfa28e2cf0f9669eb850a31d0d34cac452d486db1a5c8e4
                                                                • Opcode Fuzzy Hash: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                • Instruction Fuzzy Hash: EAC1F562A0C78799EB619B1DA4606BD3BA0FB91B88F750131DA5E83793DF7CE855C300
                                                                Function 00007FFE13204EAC Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 993 7ffe13204eac-7ffe13204ee4 994 7ffe13204ee6-7ffe13204ef0 993->994 995 7ffe13204ef2-7ffe13204efc 993->995 996 7ffe13204f07-7ffe13204f48 _PyArg_UnpackKeywords 994->996 995->996 997 7ffe13204efe-7ffe13204f05 995->997 998 7ffe13204f4e-7ffe13204f51 996->998 999 7ffe13204fe6 996->999 997->996 997->998 1000 7ffe13204f53-7ffe13204f59 998->1000 1001 7ffe13204fcf-7ffe13204fdf call 7ffe1320500c 998->1001 1002 7ffe13204feb-7ffe13205009 call 7ffe13202280 999->1002 1004 7ffe13204f5b-7ffe13204f66 _PyLong_AsInt 1000->1004 1005 7ffe13204f79-7ffe13204f80 1000->1005 1007 7ffe13204fe4 1001->1007 1008 7ffe13204f68-7ffe13204f71 PyErr_Occurred 1004->1008 1009 7ffe13204f73-7ffe13204f77 1004->1009 1011 7ffe13204f82-7ffe13204f8d _PyLong_AsInt 1005->1011 1012 7ffe13204fa0-7ffe13204fa7 1005->1012 1007->1002 1008->999 1008->1009 1009->1001 1009->1005 1013 7ffe13204f9a-7ffe13204f9e 1011->1013 1014 7ffe13204f8f-7ffe13204f98 PyErr_Occurred 1011->1014 1015 7ffe13204fcb 1012->1015 1016 7ffe13204fa9-7ffe13204fb5 _PyLong_AsInt 1012->1016 1013->1001 1013->1012 1014->999 1014->1013 1015->1001 1017 7ffe13204fb7-7ffe13204fc0 PyErr_Occurred 1016->1017 1018 7ffe13204fc2-7ffe13204fc9 1016->1018 1017->999 1017->1018 1018->1001 1018->1015
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                • String ID:
                                                                • API String ID: 591546834-0
                                                                • Opcode ID: a7a7f93d6c09b976a644a8703b6fda579b77e3a5ef28a09bae6b61967c8d869f
                                                                • Instruction ID: eb4ad592a6999e98ac3a90d04a1228bc86872c2b0bf46d158e9ef9d165ffd9f1
                                                                • Opcode Fuzzy Hash: a7a7f93d6c09b976a644a8703b6fda579b77e3a5ef28a09bae6b61967c8d869f
                                                                • Instruction Fuzzy Hash: 5A41A221A09E424AFA60BB27A55877D6290BFA4BB4F144675DE1D737E0DF3CE44CCA00
                                                                Function 00007FF6019833E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,00007FF601983534), ref: 00007FF601983411
                                                                  • Part of subcall function 00007FF6019829E0: GetLastError.KERNEL32(?,?,?,00007FF60198342E,?,00007FF601983534), ref: 00007FF601982A14
                                                                  • Part of subcall function 00007FF6019829E0: FormatMessageW.KERNEL32(?,?,?,00007FF60198342E), ref: 00007FF601982A7D
                                                                  • Part of subcall function 00007FF6019829E0: MessageBoxW.USER32 ref: 00007FF601982ACF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Message$ErrorFileFormatLastModuleName
                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                • API String ID: 517058245-2863816727
                                                                • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                • Instruction ID: 238738a7f64b543bd1854d27a4d7db43bdf6576d023029b010963663ee2e269f
                                                                • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                • Instruction Fuzzy Hash: E3217161F1C54292FB219B34E8513B95250BF48B9CFE00136D65EC65E7EFACE609C740
                                                                Function 00007FFE13203CC4 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                • String ID:
                                                                • API String ID: 863680558-0
                                                                • Opcode ID: 512bd52ceaf9c0de34ffa74ee59c230cdbc7db2c8c488b05b8fb4fcd4203aa17
                                                                • Instruction ID: 6d59fa3c1e88a6abb1fa415125d21fc56a7b01216ddb03bf4de44a53d4deae63
                                                                • Opcode Fuzzy Hash: 512bd52ceaf9c0de34ffa74ee59c230cdbc7db2c8c488b05b8fb4fcd4203aa17
                                                                • Instruction Fuzzy Hash: 07012121A18E8286E710AB67E44402F6BA0EFD8BA4B504170EA5E53734CE7CD499C710
                                                                Function 00007FFE13204984 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatFromLongLong_RestoreSaveSignalsSys_connect
                                                                • String ID: connect_ex$socket.connect
                                                                • API String ID: 3879675179-935070752
                                                                • Opcode ID: 7d4dcffa2edb09ece9d6c617b455fe9f262b2331e1b69a2bbe7cc4c60c6c3a53
                                                                • Instruction ID: c4461f0d3fd9ec3244258765d02200a44dc158f8a93e6347c24560121fefe0a3
                                                                • Opcode Fuzzy Hash: 7d4dcffa2edb09ece9d6c617b455fe9f262b2331e1b69a2bbe7cc4c60c6c3a53
                                                                • Instruction Fuzzy Hash: 10118660708F8289E650ABA3F4517AF63A0FFD87D0F444072DA4D77665DE2CE108CB40
                                                                Function 00007FF601994938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 1279662727-0
                                                                • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                • Instruction ID: fa02268210cfd61974545ced4fb4805f4bb47b76f372a724c5078c99da872f44
                                                                • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                • Instruction Fuzzy Hash: 8B41B332D1878287F7558B6496203797360FBA57A8F209334EA9C83AD6DF7CA5E18700
                                                                Function 00007FFE13203BA8 Relevance: 6.1, APIs: 4, Instructions: 75threadtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveTime_Timeval_clampselect
                                                                • String ID:
                                                                • API String ID: 3905867726-0
                                                                • Opcode ID: 947ac965c37a758a9fa8a6c53622192885134dfb450c88c4b3ce8717958678c4
                                                                • Instruction ID: 39d595b8ecc1f2cd55885b72d9b482497ccae592321bb130ca6986de7c53f863
                                                                • Opcode Fuzzy Hash: 947ac965c37a758a9fa8a6c53622192885134dfb450c88c4b3ce8717958678c4
                                                                • Instruction Fuzzy Hash: 4F318422B08F828AD7609F26A8446AF63A0FBD97B4F500275DB6D937A4DF3DD449C704
                                                                Function 00007FF60198BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 3251591375-0
                                                                • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                • Instruction ID: ba515f98196df9f4a0bc2d543ab1270b5116a564fddc4946c96a25abcf42ee7d
                                                                • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                • Instruction Fuzzy Hash: 9C315D11E0D24747FF54AB68D4613F92391AF4278CFB40439EA4ECB6D3DEADB8498261
                                                                Function 00007FF60198F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 8760811a46c694da2ce7fcb713cb8132a6e7826c56b7b9f56bdeeaa18c726bba
                                                                • Instruction ID: 1cfd8b9022c75d0f6cf2cf534b98af6f1d87ecbf0db28d160876dacbd76eca48
                                                                • Opcode Fuzzy Hash: 8760811a46c694da2ce7fcb713cb8132a6e7826c56b7b9f56bdeeaa18c726bba
                                                                • Instruction Fuzzy Hash: 8851DF62B0928247FB289E3A940467A6681FF84BBCF246735DE6DC37D7CE7CE4018610
                                                                Function 00007FF60199B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastPointer
                                                                • String ID:
                                                                • API String ID: 2976181284-0
                                                                • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                • Instruction ID: 7d73874259a001ccb10885c85f4a5271d343e3893463a01ec352ceee2f80c508
                                                                • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                • Instruction Fuzzy Hash: A811C162B18A8185DB108B29B8541797361EB44FF8F684331EEBE877EACE7CD0508740
                                                                Function 00007FFE13204A2C Relevance: 3.0, APIs: 2, Instructions: 22networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastgetsockopt
                                                                • String ID:
                                                                • API String ID: 1230475664-0
                                                                • Opcode ID: 080af4ea2029d23d9151f6a955685a54dcf6792f85f9aebfc89d6658b6cab2d3
                                                                • Instruction ID: ab3dda4f88e6c558fe84d1167a75a7f8ae08d2ba360077e577381561e5c2b3e8
                                                                • Opcode Fuzzy Hash: 080af4ea2029d23d9151f6a955685a54dcf6792f85f9aebfc89d6658b6cab2d3
                                                                • Instruction Fuzzy Hash: 2FF08C31A089828AEB24AB02D82063E6360FFD5720FA00074D68D66AB4DFBCE409CB04
                                                                Function 00007FF601999C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C6E
                                                                • GetLastError.KERNEL32(?,?,?,00007FF6019A2032,?,?,?,00007FF6019A206F,?,?,00000000,00007FF6019A2535,?,?,?,00007FF6019A2467), ref: 00007FF601999C78
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 485612231-0
                                                                • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                • Instruction ID: ead462954c4c73030430ae8a5163420fb59fb94d7e059af78dd8505d8cd57eac
                                                                • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                • Instruction Fuzzy Hash: 2BE0C250F0968246FF196BFAAD650791291DF9874DFA04034DD0EC3253EE2C684A8350
                                                                Function 00007FF601999E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(?,?,?,00007FF601999CE5,?,?,00000000,00007FF601999D9A), ref: 00007FF601999ED6
                                                                • GetLastError.KERNEL32(?,?,?,00007FF601999CE5,?,?,00000000,00007FF601999D9A), ref: 00007FF601999EE0
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CloseErrorHandleLast
                                                                • String ID:
                                                                • API String ID: 918212764-0
                                                                • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                • Instruction ID: d34df2e48efc3452f0e5df32e7b6bf7a658cccf86feb7161fb0fc21d1bd0359f
                                                                • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                • Instruction Fuzzy Hash: 4B21C321F1C64245FF9497E9A5A037D2291DF847ACF284239EA2EC73D3DE6CB4448300
                                                                Function 00007FF60199B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                • Instruction ID: a90415d2532884c7145b523cf42cfc14f63ba8942a897a5be1b6beee3e4a20f4
                                                                • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                • Instruction Fuzzy Hash: D741A0329082418BEB34DB1EB56167D73A0EBA6B88F240135DA9EC7692CF3DE502C751
                                                                Function 00007FF6019876A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID:
                                                                • API String ID: 840049012-0
                                                                • Opcode ID: 9a396ddbd756f70ef3e191b25ce4394719a0476fb4587d3b2d2fc682a28141be
                                                                • Instruction ID: f80ca9ffc8ee126aded130388bde5074df4d85c7f05e6b10afbb6aa58b9bb519
                                                                • Opcode Fuzzy Hash: 9a396ddbd756f70ef3e191b25ce4394719a0476fb4587d3b2d2fc682a28141be
                                                                • Instruction Fuzzy Hash: 5D218321B0865247FB14AA56A9147BAA651BF45BDCFB85430EE0D87787DEBDE041C700
                                                                Function 00007FF60199AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                • Instruction ID: 636483d5a1d679937a3f049ba5c7dd5094a054e089d837697ae213926eaa0186
                                                                • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                • Instruction Fuzzy Hash: 5F31B021E186828AF712AB6D88613BD3650EF50BA9F610135EA1D873D3DFBCE442C710
                                                                Function 00007FF6019952A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                • Instruction ID: a943b801aeeec6931d3b5436645e357af64ece70e9cf1be0c2c616aac641825c
                                                                • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                • Instruction Fuzzy Hash: E411C621A0C2414AFB629F59942117FA260FF55B88F650032FE4CC7A87CF3CD4418740
                                                                Function 00007FF6019A5664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                • Instruction ID: d75ed149ef49bb9f974355263861c38543c63c611e155acc85ad3acbac3cfc51
                                                                • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                • Instruction Fuzzy Hash: EC21A772B18A8186EB618F19E44037977A0FB94B98F754234E65DC76EADF3CD405CB00
                                                                Function 00007FF60198F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                • Instruction ID: 15807b7beaf554d2474db0137832f37dd63ba843fc08efb4eb7af1437b55cebb
                                                                • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                • Instruction Fuzzy Hash: B501D621A0878241FB04EF669901079A695FF95FE8F685635DE6CD3BD7DE7CE5028300
                                                                Function 00007FF6019881A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF6019886B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF601983FA4,00000000,00007FF601981925), ref: 00007FF6019886E9
                                                                • LoadLibraryExW.KERNEL32(?,00007FF601985C06,?,00007FF60198308E), ref: 00007FF6019881C2
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ByteCharLibraryLoadMultiWide
                                                                • String ID:
                                                                • API String ID: 2592636585-0
                                                                • Opcode ID: 77ae25245f8b45af1157fbb3b937bf879f85066301c944067a0f7c96525a2952
                                                                • Instruction ID: a8045ab2e35095e12c65f09a3820bd27056b85552d802464a8e185721b12fdb9
                                                                • Opcode Fuzzy Hash: 77ae25245f8b45af1157fbb3b937bf879f85066301c944067a0f7c96525a2952
                                                                • Instruction Fuzzy Hash: 1FD0C201F2464181FB54AB7BBA565795551AF89BC8FA88034EE1D43B47DC3CD0810B00
                                                                Function 00007FF60199C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF60198FFB0,?,?,?,00007FF60199161A,?,?,?,?,?,00007FF601992E09), ref: 00007FF60199C94A
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AllocHeap
                                                                • String ID:
                                                                • API String ID: 4292702814-0
                                                                • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                • Instruction ID: 6e86393eb4b9e506eba96923b44f5867c931d4ed34100e6c398da64fa20a8990
                                                                • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                • Instruction Fuzzy Hash: 1AF01C21F192878DFF6467BA5D713791280DF88BA8F694630ED6EC62C3DE2CB5818160

                                                                Non-executed Functions

                                                                Function 00007FFE1325AAD8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: a7a0b375acf53c908aaa84b1677749aa5f730714d3c2174efe7977e719f92665
                                                                • Instruction ID: 0ce68c2f49e28a49f2f41a659eb91ac922b17f837c66b9ef3b42fb920314e661
                                                                • Opcode Fuzzy Hash: a7a0b375acf53c908aaa84b1677749aa5f730714d3c2174efe7977e719f92665
                                                                • Instruction Fuzzy Hash: 633162B2604F8189EB609F65E8403ED3360FB94754F444539DA4E57AA4EF3CD649C710
                                                                Function 00007FFE13202BC0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: be945e1872453a46079eb03b3ba9076c6fe97ae394edff2aba9fdbd75b39c04d
                                                                • Instruction ID: 0852c36288efed1d048696d6d48df1265faf287f86b3f2f567fa1e2ba286c968
                                                                • Opcode Fuzzy Hash: be945e1872453a46079eb03b3ba9076c6fe97ae394edff2aba9fdbd75b39c04d
                                                                • Instruction Fuzzy Hash: 19318C72608F818AEB60AF61E8803EE7365FB95354F44407ADA4E53BA4DF78C14CC700
                                                                Function 00007FFE132752F0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984079129.00007FFE13271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13270000, based on PE: true
                                                                • Associated: 00000001.00000002.2984061552.00007FFE13270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984101399.00007FFE13276000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984120218.00007FFE13279000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13270000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                                                • Instruction ID: 5f0979b79f21aff314980ebb7e3e8a1dd440fd45f419afa7ac52a8a1d4553e20
                                                                • Opcode Fuzzy Hash: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                                                • Instruction Fuzzy Hash: DB314C72609E818AEB60AF62E8503ED7361FBA4764F44443ADA4E57AA4EF3CD548C700
                                                                Function 00007FFE130C1B00 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983683177.00007FFE130C1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                • Associated: 00000001.00000002.2983665437.00007FFE130C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983719451.00007FFE130C5000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 491c6c3a996b181e7d4f6ff731a66c8976c72585f48119a1a83f76a26148e78e
                                                                • Instruction ID: 5c9fa5b3ca02b78fbdec2e7d926b6a2f48967bb0f62326b8ae28baca8814fbcc
                                                                • Opcode Fuzzy Hash: 491c6c3a996b181e7d4f6ff731a66c8976c72585f48119a1a83f76a26148e78e
                                                                • Instruction Fuzzy Hash: 4B317072618F818AEB649F61E8903ED33A1FB94754F8444B9DA8D57BA8DF3CD648C700
                                                                Function 00007FFE13306254 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: ea38b9b02c827df44fb5011cb61d735aee822b3a281d6ad786fd76dbeb1e9228
                                                                • Instruction ID: 3ac8390263ad603ed948ab1fe9e7d74c07f0fae0b0a12e2a7fd973481d2f738e
                                                                • Opcode Fuzzy Hash: ea38b9b02c827df44fb5011cb61d735aee822b3a281d6ad786fd76dbeb1e9228
                                                                • Instruction Fuzzy Hash: 22316A72709F818AEB608F61E8403ED7364FB94764F44407ADA5E57AA9EF3CC648C708
                                                                Function 00007FFE132045E8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                • String ID: bind$socket.bind
                                                                • API String ID: 1695574521-187351271
                                                                • Opcode ID: dc24cef773245b4122254bbfd203ff68aadfac931a17838e96712d49baaaed77
                                                                • Instruction ID: aa3fe70d3eba803d28a325b8707ee272b39505373e959c5c161fcfb6e66f17dd
                                                                • Opcode Fuzzy Hash: dc24cef773245b4122254bbfd203ff68aadfac931a17838e96712d49baaaed77
                                                                • Instruction Fuzzy Hash: BA115E61608F8289E620AB52F4407AE7764FFE4BA0F004176DA4D27B64DF7CE54CCB00
                                                                Function 00007FFE13205610 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_listen
                                                                • String ID: |i:listen
                                                                • API String ID: 3610171639-1087349693
                                                                • Opcode ID: 2dbeb274d4bae0e2ac5948526fc6aafbd0b7016d98b6296a5ce504e9575d9f50
                                                                • Instruction ID: 2b5af5a0c7496e28816d906f891c1ad2d8d2cabf6b0f1b31477cf13cf1bb445e
                                                                • Opcode Fuzzy Hash: 2dbeb274d4bae0e2ac5948526fc6aafbd0b7016d98b6296a5ce504e9575d9f50
                                                                • Instruction Fuzzy Hash: E5015B21A08E418AD754AB62E88412E67B1FFE8BA0B104071DA4E57B28CF7CE448CB00
                                                                Function 00007FFE13272E00 Relevance: 4.5, APIs: 3, Instructions: 42sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFE1327368D,?,00000001,00000000,00007FFE13272B10), ref: 00007FFE13272E4A
                                                                • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFE1327368D,?,00000001,00000000,00007FFE13272B10), ref: 00007FFE13272E94
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00007FFE1327368D,?,00000001,00000000,00007FFE13272B10), ref: 00007FFE13272EC2
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984079129.00007FFE13271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13270000, based on PE: true
                                                                • Associated: 00000001.00000002.2984061552.00007FFE13270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984101399.00007FFE13276000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984120218.00007FFE13279000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13270000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: InfoSleepSystemabort
                                                                • String ID:
                                                                • API String ID: 3812989525-0
                                                                • Opcode ID: 356e883e78af41a95903e3fe84684237f5ddaaae80b9a3ed4a034d8e13ef1f18
                                                                • Instruction ID: bf4fc993f2af993d156d5870b4c6b164cc3855747e2f99140542ace48f0fb545
                                                                • Opcode Fuzzy Hash: 356e883e78af41a95903e3fe84684237f5ddaaae80b9a3ed4a034d8e13ef1f18
                                                                • Instruction Fuzzy Hash: 96211431A19F528EEB61EB52E85533536A0BFB9734F1006BAC25D666B0DFBCB444CB40
                                                                Function 00007FFE132057F8 Relevance: 1.5, APIs: 1, Instructions: 21networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: recv
                                                                • String ID:
                                                                • API String ID: 1507349165-0
                                                                • Opcode ID: 2186b8548a74f713b9d8f013b35e4caa0f80f0123c71c12a71ece9f8242404c6
                                                                • Instruction ID: 144410edd51ba3e700a6153658fbc7f0c578896f0ea85a46c63529810e46a231
                                                                • Opcode Fuzzy Hash: 2186b8548a74f713b9d8f013b35e4caa0f80f0123c71c12a71ece9f8242404c6
                                                                • Instruction Fuzzy Hash: C2E092B1B00A4486DB189B1AE4912382390F718F74F205735DE3D8B3D0CE28D8E1C340
                                                                Function 00007FFE13305304 Relevance: 124.6, APIs: 52, Strings: 19, Instructions: 370COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330532F
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305366
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330538B
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133053AA
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133053CC
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133053EB
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330540D
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330542C
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305451
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305470
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305495
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133054B4
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133054D9
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133054F8
                                                                • PyUnicode_FromString.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330551F
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330553E
                                                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305565
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305584
                                                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133055AB
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133055CA
                                                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133055F1
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305610
                                                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305637
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305656
                                                                • PyLong_FromVoidPtr.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330567D
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330569C
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133056BE
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133056DD
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133056FF
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330571E
                                                                • PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305743
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330575E
                                                                • PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305795
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330921F
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330922E
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330923D
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330924C
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330925B
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330926A
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13309279
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13309288
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13309297
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133092A6
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133092B5
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133092C4
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133092D3
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133092E2
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133092F1
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13309300
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13309318
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13309327
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13309336
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Module_Object$From$Long_$Long$Void$StringUnicode_
                                                                • String ID: 1.1.0$ArgumentError$COMError$CTYPES_MAX_ARGCOUNT$FUNCFLAG_CDECL$FUNCFLAG_HRESULT$FUNCFLAG_PYTHONAPI$FUNCFLAG_STDCALL$FUNCFLAG_USE_ERRNO$FUNCFLAG_USE_LASTERROR$RTLD_GLOBAL$RTLD_LOCAL$__version__$_cast_addr$_memmove_addr$_memset_addr$_pointer_type_cache$_string_at_addr$_wstring_at_addr
                                                                • API String ID: 2895207140-772522829
                                                                • Opcode ID: b7dbbcc8b36d8762ecc7955ef4353bb7629bcf7eedf864b22fa349bc15453bc1
                                                                • Instruction ID: 1f388460a1c8370223fde7e821c69ac347c0d16c27ecfaeb36579b18fc8d23af
                                                                • Opcode Fuzzy Hash: b7dbbcc8b36d8762ecc7955ef4353bb7629bcf7eedf864b22fa349bc15453bc1
                                                                • Instruction Fuzzy Hash: 91E11C24B0EF43C9FE498B67D86427C6364AF69FA5F0451B5CD2E667B6DE2CE0058308
                                                                Function 00007FFE1A458EE4 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                • API String ID: 2943138195-1482988683
                                                                • Opcode ID: 36e6e2d055789cd29251c4bf9697f6c8a4377c58ea8e1572b96a4f003d2d3a05
                                                                • Instruction ID: 7dbdcc0aec0229bd67dc74b7a8b344ddb4082a3b9b28ae3fc64f9eee612ad8f4
                                                                • Opcode Fuzzy Hash: 36e6e2d055789cd29251c4bf9697f6c8a4377c58ea8e1572b96a4f003d2d3a05
                                                                • Instruction Fuzzy Hash: 8D0281B6F08E1294FB14EB66D8941BC27B0BB0AB64F5441F7DA0D52AB9DF3CA564C340
                                                                Function 00007FFE13206660 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 242threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_String$Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_LongLong_OccurredParseRestoreS_snprintfSaveSys_TupleValue_getaddrinfo
                                                                • String ID: %ld$Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                • API String ID: 3700949282-3943835681
                                                                • Opcode ID: ac0e0005ecee2beaaf5895c6605989e7061b2ddcda715d4e868953f6349ae067
                                                                • Instruction ID: d372a67ea0236718f4ba877f14602e6ea57b406b346069cacd52d6a67fc8d8a0
                                                                • Opcode Fuzzy Hash: ac0e0005ecee2beaaf5895c6605989e7061b2ddcda715d4e868953f6349ae067
                                                                • Instruction Fuzzy Hash: B8B13D72B08E028EEB20EFA2D4405BD67B1EBA8BB4B104575DD4D67B68DE3CE449C300
                                                                Function 00007FFE13301B80 Relevance: 54.5, APIs: 17, Strings: 14, Instructions: 246COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Dealloc$Arg_FormatParseSizeStringTuple_$Eval_Thread$AddressAttrAuditLong_Object_OccurredProcRestoreSaveSequence_Sys_TupleVoid
                                                                • String ID: O&O;illegal func_spec argument$O|O$_handle$abstract class$could not convert the _handle attribute to a pointer$ctypes.dlsym$function '%s' not found$function ordinal %d not found$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes$the _handle attribute of the second argument must be an integer
                                                                • API String ID: 1081342661-1557499450
                                                                • Opcode ID: 81bf86f915efca78798dbd81cfc19dde70ba7face78de59bde1888ce70c5e139
                                                                • Instruction ID: d532d22d92ac4eb3b5cc5eb456d72f820f58fb43ed434943a8df3dd742d5ee6f
                                                                • Opcode Fuzzy Hash: 81bf86f915efca78798dbd81cfc19dde70ba7face78de59bde1888ce70c5e139
                                                                • Instruction Fuzzy Hash: D4C12835B09E02C9EA548B67E8501BC63A0FB64BB4F6441B6D92D276B9DF3CE445D308
                                                                Function 00007FFE1330C9D0 Relevance: 54.5, APIs: 23, Strings: 8, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_ErrorLast_errno$State_UnraisableWrite$CheckContainsDict_EnsureFunctionObject_ReleaseResultStringSubtypeType_VectorcallWarnmemcpy
                                                                • String ID: Parsing argument %zd$cannot build parameter$create argument %zd:$getting _needs_com_addref_$memory leak in callback function.$on calling ctypes callback function$on converting result of ctypes callback function$unexpected result of create argument %zd:
                                                                • API String ID: 1331253392-2697724128
                                                                • Opcode ID: 662eda2fa9ad5fa4c0407cff36c88571a43e939dd8943eeb715751b67e50d2ce
                                                                • Instruction ID: 3a65a620227f15be783003f74c69a5df0a4cb8808c2bd0afdf893c1e09b5203e
                                                                • Opcode Fuzzy Hash: 662eda2fa9ad5fa4c0407cff36c88571a43e939dd8943eeb715751b67e50d2ce
                                                                • Instruction Fuzzy Hash: 08B13922A09F42CAEF50DF26D8542AC67A0FB64BA8F444571DA2D6B7B5DF3CE445C308
                                                                Function 00007FFE13303BF0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 181threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$_errno$Eval_FromOccurredSaveStringThreadWindowsffi_callffi_prep_cif
                                                                • String ID: No ffi_type for result$ctypes.seh_exception$exception: access violation reading %p$exception: access violation writing %p$exception: breakpoint encountered$exception: datatype misalignment$exception: single step$ffi_prep_cif failed
                                                                • API String ID: 1937973484-2749438402
                                                                • Opcode ID: 430c0edaa122ef19808d40242a936452debd4f228559f93505334d9254383600
                                                                • Instruction ID: 9abbb828b182f8044b8f15ae67e0c0af70de21f54517d952162034c0c4cd1b5e
                                                                • Opcode Fuzzy Hash: 430c0edaa122ef19808d40242a936452debd4f228559f93505334d9254383600
                                                                • Instruction Fuzzy Hash: B8817F76A0CE52CAE6A08F13E84027DA760FB64BB4F1040B5D96E67675DF3CE445C708
                                                                Function 00007FFE133041E0 Relevance: 45.7, APIs: 18, Strings: 8, Instructions: 214stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Object_$AttrDeallocString$Err_$Format$CallDict_LookupMakeMallocMem_OccurredSizeUnicode_Updatestrchr
                                                                • String ID: __ctype_be__$__ctype_le__$_type_ '%s' not supported$cbBhHiIlLdfuzZqQPXOv?g$class must define a '_type_' attribute$class must define a '_type_' attribute which must bea single character string containing one of '%s'.$class must define a '_type_' attribute which must be a string of length 1$class must define a '_type_' string attribute
                                                                • API String ID: 692835343-917751260
                                                                • Opcode ID: 1cbc2b4066554eb2cebf210fbf6479008959c66222fb09b3e1ad465d8608973f
                                                                • Instruction ID: 45cec3fca596a4426b59d70a163ce787fc4e523a815f0172cf87d8912e8bd127
                                                                • Opcode Fuzzy Hash: 1cbc2b4066554eb2cebf210fbf6479008959c66222fb09b3e1ad465d8608973f
                                                                • Instruction Fuzzy Hash: E7A17B31A09F42C9EA508F27E8502BD77A0EF65BA4F0445B1DA6E6A375DF3CE084C308
                                                                Function 00007FFE13206D30 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 156threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Size$Arg_Err_ParseRestoreSaveStringTuple_$AuditBuildDecodeS_snprintfSys_Unicode_Value_freeaddrinfogetaddrinfogetnameinfohtonl
                                                                • String ID: $(O)$IPv4 sockaddr must be 2 tuple$Oi:getnameinfo$getnameinfo() argument 1 must be a tuple$getnameinfo(): flowinfo must be 0-1048575.$si|II;getnameinfo(): illegal sockaddr argument$sockaddr resolved to multiple addresses$socket.getnameinfo$surrogatepass
                                                                • API String ID: 2526741257-243639936
                                                                • Opcode ID: 32c5094f76eca928cf06a7504f4b0eea5f1d8eabecbe481599927c462cdb4e09
                                                                • Instruction ID: ed9127dc81116f57aab27a64335cf40e784305b589dce6bebcfb619f61eabcf5
                                                                • Opcode Fuzzy Hash: 32c5094f76eca928cf06a7504f4b0eea5f1d8eabecbe481599927c462cdb4e09
                                                                • Instruction Fuzzy Hash: 08815172A08F428AE720AF52E4442AE77B1FBD4BA4F500176DA4D63678DF7CE549CB40
                                                                Function 00007FFE133046D4 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_$Object_$AttrLong_LookupMallocMem_String$CallDict_ExceptionMakeMatchesMemoryOccurredSignSsize_tUpdate
                                                                • String ID: The '_length_' attribute is too large$The '_length_' attribute must be an integer$The '_length_' attribute must not be negative$_type_ must have storage info$array too large$class must define a '_length_' attribute$class must define a '_type_' attribute
                                                                • API String ID: 4019195241-504660705
                                                                • Opcode ID: 055b8fc62c60c1bd71026e2f714f2505c56a84889395af57f89967a2e91b601f
                                                                • Instruction ID: 223270375ccf2d3632946dcdb457c73b96414a3df23ecdffe893e86f3287a901
                                                                • Opcode Fuzzy Hash: 055b8fc62c60c1bd71026e2f714f2505c56a84889395af57f89967a2e91b601f
                                                                • Instruction Fuzzy Hash: A3A11E31A09E02C9EA548F36E89027D67A1FF64BB4F0446B1DA7E662B5DF3CE545C308
                                                                Function 00007FFE1330A4C0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 215COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Number_OccurredSsize_t$FromString$Bytes_Mem_SizeUnicode_$CharCheckFreeIndex_List_MallocMemoryWide
                                                                • String ID: Pointer indices must be integer$slice start is required for step < 0$slice step cannot be zero$slice stop is required
                                                                • API String ID: 3053630023-3059441807
                                                                • Opcode ID: 6979928dfef85d8a828cd9ee037a140b3c1fa3fa22f5c964d232601827984960
                                                                • Instruction ID: af6879d8550a719c9cde3074a2eb089fa6308092039236231c98b6d9521a62aa
                                                                • Opcode Fuzzy Hash: 6979928dfef85d8a828cd9ee037a140b3c1fa3fa22f5c964d232601827984960
                                                                • Instruction Fuzzy Hash: 9B914621B09E028AFA519B67E55413CA2A1BF74FB0F4487B1D93E677F5DE2CE4468308
                                                                Function 00007FFE132041C0 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 166threadstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Threadfreeaddrinfo$RestoreSavegetaddrinfoinet_ptonmemcpystrcmp$Err_Stringstrchr
                                                                • String ID: 255.255.255.255$<broadcast>$address family mismatched$unknown address family$unsupported address family$wildcard resolved to multiple address
                                                                • API String ID: 535957624-1715193308
                                                                • Opcode ID: cdefa8b7dc4e1c9f1d37940d2dd5b1f1bb56c3d4d45ba7a3aa08869bb9be269c
                                                                • Instruction ID: 19b7fa322d47d6559d1b4d7494f8cbd1492fcd83e2fcbf38dac7b239fbee5e44
                                                                • Opcode Fuzzy Hash: cdefa8b7dc4e1c9f1d37940d2dd5b1f1bb56c3d4d45ba7a3aa08869bb9be269c
                                                                • Instruction Fuzzy Hash: 6571A061E08F428AE724AF27A54027D23A0BFE4B64F508276DA4D736B1DF7CE589C700
                                                                Function 00007FFE1330C6B4 Relevance: 42.1, APIs: 21, Strings: 3, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromLong_$Err_Void$Object_StringUnraisableWrite$ArgsAttrCallFunctionImportImport_InternLongModuleOccurredUnicode_
                                                                • String ID: DllGetClassObject$_ctypes.DllGetClassObject$ctypes
                                                                • API String ID: 375360433-177550262
                                                                • Opcode ID: b5513430baef804698b72f87c032f2232b88aa434da5969d4ce7dec095e12011
                                                                • Instruction ID: 8be47f3b8dbc8e918be2e98ffb5c6d3dbb5b9cd14d9964a0cbe8566fb758b32d
                                                                • Opcode Fuzzy Hash: b5513430baef804698b72f87c032f2232b88aa434da5969d4ce7dec095e12011
                                                                • Instruction Fuzzy Hash: 9E51BB25F09F02C9FE559F23A95823DA3A0BF65FA5F0841B4D96E2A771DF3CA4458308
                                                                Function 00007FFE130C2260 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 202timethreadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _PyTime_FromSecondsObject.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C22BF
                                                                • PyErr_ExceptionMatches.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C22D3
                                                                • PyErr_SetString.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C231F
                                                                  • Part of subcall function 00007FFE130C25C8: PySequence_Fast.PYTHON311(00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C25F0
                                                                • _PyDeadline_Init.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C23DA
                                                                • PyEval_SaveThread.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C241A
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2423
                                                                • select.WS2_32(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C243D
                                                                • PyEval_RestoreThread.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2449
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C244F
                                                                • PyErr_CheckSignals.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C245E
                                                                • _PyDeadline_Get.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2479
                                                                • _PyTime_AsTimeval_clamp.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2497
                                                                • PyErr_Occurred.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C24F2
                                                                • PyTuple_Pack.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2509
                                                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2520
                                                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2534
                                                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C2548
                                                                • WSAGetLastError.WS2_32(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C25AE
                                                                • PyErr_SetExcFromWindowsErr.PYTHON311(?,?,?,00007FFDFB926CC8,?,?,00007FFE130C224F), ref: 00007FFE130C25C0
                                                                  • Part of subcall function 00007FFE130C25C8: PyObject_AsFileDescriptor.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C265C
                                                                  • Part of subcall function 00007FFE130C25C8: PyErr_SetString.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26CA
                                                                  • Part of subcall function 00007FFE130C25C8: _Py_Dealloc.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26D9
                                                                  • Part of subcall function 00007FFE130C25C8: _Py_Dealloc.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26E8
                                                                  • Part of subcall function 00007FFE130C25C8: _Py_Dealloc.PYTHON311(?,?,00007FFE130C224F), ref: 00007FFE130C26FE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983683177.00007FFE130C1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                • Associated: 00000001.00000002.2983665437.00007FFE130C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983719451.00007FFE130C5000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$Deadline_Eval_FromStringThreadTime__errno$CheckDescriptorErrorExceptionFastFileInitLastMatchesObjectObject_OccurredPackRestoreSaveSecondsSequence_SignalsTimeval_clampTuple_Windowsselect
                                                                • String ID: timeout must be a float or None$timeout must be non-negative
                                                                • API String ID: 1581318368-2150404077
                                                                • Opcode ID: af26c906d80cdcaef9b1c7707cf0177dbe53b8e671061a6009a46fe445b3fcbf
                                                                • Instruction ID: 0d0ccfb523f8f69407f6ea346ff704b20fe0101c510c8ac5c401419013793413
                                                                • Opcode Fuzzy Hash: af26c906d80cdcaef9b1c7707cf0177dbe53b8e671061a6009a46fe445b3fcbf
                                                                • Instruction Fuzzy Hash: BF918161A18E838DEA209F26E8541B963E6FF64BA4F8041F1DD0D67AB8DF3CD645C300
                                                                Function 00007FFE13302E40 Relevance: 38.6, APIs: 17, Strings: 5, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Mem_$CallDict_Err_FreeFunctionItemMallocObject_$DeallocErrorFromLong_OccurredStringUnicode_VoidWith
                                                                • String ID: LP_%s$_type_$must be a ctypes type$s(O){sO}$s(O){}
                                                                • API String ID: 2461613936-2311978994
                                                                • Opcode ID: dac97228159b1c0431957491c5f87e729db2124b065f25bc7d08890040e0cdb2
                                                                • Instruction ID: c0256a0744acaaf55b5d386a0bc8e046d056f331a630a4cf92cfd6975c98151f
                                                                • Opcode Fuzzy Hash: dac97228159b1c0431957491c5f87e729db2124b065f25bc7d08890040e0cdb2
                                                                • Instruction Fuzzy Hash: A6513F21E0DE47C9FA558B27A95417CA3A0AF65BF1F0802B1D93E767B6DE3CE4458308
                                                                Function 00007FFE13203588 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 167networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_Format$Deallochtons
                                                                • String ID: %s(): AF_INET address must be tuple, not %.500s$%s(): AF_INET6 address must be tuple, not %.500s$%s(): bad family$%s(): flowinfo must be 0-1048575.$%s(): port must be 0-65535.$%s(): unknown Bluetooth protocol$%s(): wrong format$O&i;AF_INET address must be a pair (host, port)$O&i|II;AF_INET6 address must be a tuple (host, port[, flowinfo[, scopeid]])
                                                                • API String ID: 2819711985-3893595010
                                                                • Opcode ID: 345e012d61b2e8659524b3f56b858863a74126cd3a1e83b1df232dfea0b2f435
                                                                • Instruction ID: 03d679b6e56c453c60eec30f9306fb0f5afa4b653d12c3d59d9b69b1c84886bc
                                                                • Opcode Fuzzy Hash: 345e012d61b2e8659524b3f56b858863a74126cd3a1e83b1df232dfea0b2f435
                                                                • Instruction Fuzzy Hash: 6D812DB6A08F4689EB10AF62D8402BE37A0FBE4B68F504172DA0D676B4DF7CD448C740
                                                                Function 00007FFE13309798 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 176COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: From$Bytes_Err_Mem_SizeSlice_StringUnicode_$AdjustCharCheckFreeIndex_IndicesList_MallocMemoryNumber_OccurredSsize_tUnpackWide
                                                                • String ID: indices must be integers
                                                                • API String ID: 4188490530-2024404580
                                                                • Opcode ID: e570ecff3f3fa346b7648cae94d04275b3108b85bd0816525fe5c5b16466f0b5
                                                                • Instruction ID: f87a6755c914ab0425020c4ad3fadac34fca0c14ccde29e4162404794eafa865
                                                                • Opcode Fuzzy Hash: e570ecff3f3fa346b7648cae94d04275b3108b85bd0816525fe5c5b16466f0b5
                                                                • Instruction Fuzzy Hash: 11717F22B09E42CAEA549B27995407CA361FFA4BF4B0445B1ED3E67BF5DE3CE4458308
                                                                Function 00007FFE1330D4A0 Relevance: 33.3, APIs: 18, Strings: 1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyUnicode_FromFormatV.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D4C5
                                                                • PyErr_Fetch.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D4E4
                                                                • PyErr_NormalizeException.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D4F6
                                                                • PyType_GetName.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D50D
                                                                • PyObject_Str.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D515
                                                                • PyUnicode_AppendAndDel.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D527
                                                                • PyUnicode_FromString.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D534
                                                                • PyUnicode_AppendAndDel.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D541
                                                                • PyErr_Clear.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D550
                                                                • PyObject_Str.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D55A
                                                                • PyErr_Clear.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D565
                                                                • PyUnicode_FromString.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D572
                                                                • PyUnicode_AppendAndDel.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D57F
                                                                • PyErr_SetObject.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D594
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D5A9
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D5BE
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D5D3
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,?,00000000,?,00007FFE13307997), ref: 00007FFE1330D5E8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Unicode_$Err_$Dealloc$AppendFrom$ClearObject_String$ExceptionFetchFormatNameNormalizeObjectType_
                                                                • String ID: ???
                                                                • API String ID: 979652146-1053719742
                                                                • Opcode ID: a0277b81e7bf4beead51eb80468770295d906e45afe09c37c0bcdcee4447fb49
                                                                • Instruction ID: 439e8ae1135cfa9c904d73ad39802124806421b5d995c8caceb2982bfc0dd194
                                                                • Opcode Fuzzy Hash: a0277b81e7bf4beead51eb80468770295d906e45afe09c37c0bcdcee4447fb49
                                                                • Instruction Fuzzy Hash: F041E862B09E02CDFF459BA6D8582BC63B0AF64B68F044475DD2E62675DF3CA485C318
                                                                Function 00007FFE13309E68 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 78threadlibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$String$DeallocEval_Thread$AddressArg_AttrAuditFormatLong_Object_OccurredParseProcRestoreSaveSizeSys_Tuple_Void
                                                                • String ID: Os:in_dll$_handle$could not convert the _handle attribute to a pointer$ctypes.dlsym$symbol '%s' not found$the _handle attribute of the second argument must be an integer
                                                                • API String ID: 1915345233-3856192562
                                                                • Opcode ID: 7ca03c74892ce7554a02cb8c30f6c35098380688a7c70d2a3342523bcc2a4215
                                                                • Instruction ID: 1f5b6d6a4a22c2fa21b2674069a0eb2e943ff9f244838c997cb99404871710aa
                                                                • Opcode Fuzzy Hash: 7ca03c74892ce7554a02cb8c30f6c35098380688a7c70d2a3342523bcc2a4215
                                                                • Instruction Fuzzy Hash: AE310A21B08E42C9EA449F27E844178A3A0FFA4FE5F0541B6E92E67775DF6CE449C708
                                                                Function 00007FFE132032E8 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 173networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAGetLastError.WS2_32 ref: 00007FFE13203313
                                                                  • Part of subcall function 00007FFE13204088: _Py_BuildValue_SizeT.PYTHON311(?,?,?,00007FFE13203320), ref: 00007FFE1320409E
                                                                  • Part of subcall function 00007FFE13204088: PyErr_SetObject.PYTHON311(?,?,?,00007FFE13203320), ref: 00007FFE132040B6
                                                                  • Part of subcall function 00007FFE13204088: _Py_Dealloc.PYTHON311(?,?,?,00007FFE13203320), ref: 00007FFE132040C5
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE13203330
                                                                • PyErr_SetFromErrno.PYTHON311 ref: 00007FFE13203346
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$BuildDeallocErrnoErrorFromLastObjectSizeValue__errno
                                                                • String ID: NOO$surrogatepass$unsupported address family
                                                                • API String ID: 316901363-472101058
                                                                • Opcode ID: dcd42529ef49c9ac7a46733f8ddf47eaf21d2d38896ab5ee38034c2f4b85ccb4
                                                                • Instruction ID: 23fcdfb28733bde5e7f2b71a4ab45375d3fb666bde52cd0ebf1e113d35fa1433
                                                                • Opcode Fuzzy Hash: dcd42529ef49c9ac7a46733f8ddf47eaf21d2d38896ab5ee38034c2f4b85ccb4
                                                                • Instruction Fuzzy Hash: 00716722A18F8289EA55AB26E44417E67A0FFE4BA4F044575DB4E67774EF3CE449C300
                                                                Function 00007FFE1330F724 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 157COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_GetAttrString.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F756
                                                                • PySequence_Fast.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F772
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F784
                                                                • PyArg_ParseTuple.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F7E8
                                                                • PyObject_GetAttr.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F802
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F854
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F8D0
                                                                • PyObject_SetAttr.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F8E4
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F8F8
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F917
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F931
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F940
                                                                • PyErr_SetString.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F972
                                                                • _Py_Dealloc.PYTHON311(?,?,?,?,?,00000018,00000000,00000018,00000000,?,?,00007FFE13308C2F), ref: 00007FFE1330F983
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_$String$Arg_Err_FastParseSequence_Tuple
                                                                • String ID: OO|O$_fields_$_fields_ must be a sequence$unexpected type
                                                                • API String ID: 1182381414-2418103425
                                                                • Opcode ID: 9a21982e818a441de51ee13329167cb0591f09edfc229330b12a1e4341a6436c
                                                                • Instruction ID: 61f6ebe62f71975031af7b284b3e461677afcee4c305de32e8164eef0709a802
                                                                • Opcode Fuzzy Hash: 9a21982e818a441de51ee13329167cb0591f09edfc229330b12a1e4341a6436c
                                                                • Instruction Fuzzy Hash: 3C615E72A08F469AEA548B27E94417DB3A0FB65BB0F044175DAAD23B74DF3CE459C308
                                                                Function 00007FFE13305028 Relevance: 30.1, APIs: 20, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330504E
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305065
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330507D
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133050A0
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133050C6
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133050EC
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305112
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305138
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330515E
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305181
                                                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133051A7
                                                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133051CD
                                                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133051F3
                                                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305219
                                                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330523F
                                                                • PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330526C
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305281
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133052A0
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133052B1
                                                                • PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133052D3
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ReadyType_$Module_Type
                                                                • String ID:
                                                                • API String ID: 2298540608-0
                                                                • Opcode ID: 54f91af859aac5329c47ad103bf883f4ecd078e41e036d01a27fff442e20b039
                                                                • Instruction ID: 544d0cf561773f0b8b2989b2dc439c2dbebda3759f157ea5b3d9fe8da2be7baa
                                                                • Opcode Fuzzy Hash: 54f91af859aac5329c47ad103bf883f4ecd078e41e036d01a27fff442e20b039
                                                                • Instruction Fuzzy Hash: 6771C320B0CE03DAF6018B13BD44169B7A8BF20BA4F4440B5E86DA7276DF3CE046831C
                                                                Function 00007FFE1A45C78C Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 289COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                • String ID: `anonymous namespace'
                                                                • API String ID: 3863519203-3062148218
                                                                • Opcode ID: 29843075ff213e4678463bd9e4c4852a4219599ce3764149382065ef125c3596
                                                                • Instruction ID: 6a758915081d58248ca3c32c78a191dc0b8c5a9bcc3ca2fce3e8a3b1add8117b
                                                                • Opcode Fuzzy Hash: 29843075ff213e4678463bd9e4c4852a4219599ce3764149382065ef125c3596
                                                                • Instruction Fuzzy Hash: 89E15AB2B08F8295EB10EF26E4801BC7BA0FB45BA4F5041B6EA5D57B65DF38E564C700
                                                                Function 00007FFE133026C0 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: COM method call without VTable$Expected a COM this pointer as first argument$NULL COM pointer access$native com method call without 'this' parameter$this function takes %d argument%s (%d given)$this function takes at least %d argument%s (%d given)
                                                                • API String ID: 0-1981512665
                                                                • Opcode ID: f07b7bceabcce526c4a62d906a5ec0dd6d9bc262e596e910abc21d3a49bdda52
                                                                • Instruction ID: e20fc0e3e0c10f50cb0623592af98fa4fa4a5d844827a0d181eef163f3f54a7c
                                                                • Opcode Fuzzy Hash: f07b7bceabcce526c4a62d906a5ec0dd6d9bc262e596e910abc21d3a49bdda52
                                                                • Instruction Fuzzy Hash: C2914A26A08F42C9EA61CB27E44027EA7A0FB64BA4F0440B1DEAD67775DF3CE445C708
                                                                Function 00007FFE13302C90 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$String$LongLong_Occurred$Bytes_Capsule_CharClearFreeMem_Unicode_UnsignedWide
                                                                • String ID: Don't know how to convert parameter %d$_ctypes pymem$int too long to convert
                                                                • API String ID: 3969321993-4137960972
                                                                • Opcode ID: 84a72b6a64f7e58ef7106ff91161727bef33725574b0370cedf856625ec34b12
                                                                • Instruction ID: ecb341416fa6edc03293b05184f78b650cb4963097775a5711aee0ce6f345dfa
                                                                • Opcode Fuzzy Hash: 84a72b6a64f7e58ef7106ff91161727bef33725574b0370cedf856625ec34b12
                                                                • Instruction Fuzzy Hash: 19511832B09F42CAEB458F26E88413C63A0FB68BA4B1445B5DA7DA3775DF3CE4558348
                                                                Function 00007FFE13301404 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_$CallErr_ErrorFromFunction_ItemLong_Object_OccurredPackSizeSsize_tTuple_With
                                                                • String ID: %.200s_Array_%Id$Array length must be >= 0, not %zd$Expected a type object$_length_$_type_$s(O){s:n,s:O}
                                                                • API String ID: 2975079148-1488966637
                                                                • Opcode ID: 4b9e39d2e5c219fd7f77c84992df2d80c2fda8daf9d237960527683bdad92fae
                                                                • Instruction ID: f8c9830053603b16ba94878c3041a55d0eef9c31ed1bb8cb4eaf9397d37b4a99
                                                                • Opcode Fuzzy Hash: 4b9e39d2e5c219fd7f77c84992df2d80c2fda8daf9d237960527683bdad92fae
                                                                • Instruction Fuzzy Hash: D2515D25E09F42C9FA519B57E9502B9A3A0EF68BB4F1444B1D92E2A375EE3CE0458348
                                                                Function 00007FFE13309A88 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$String$Arg_AuditBuffer_ContiguousDeallocFormatFromMemoryObjectParseSizeSys_Tuple_View_
                                                                • String ID: Buffer size too small (%zd instead of at least %zd bytes)$O|n:from_buffer$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$underlying buffer is not C contiguous$underlying buffer is not writable
                                                                • API String ID: 3947696715-3790261066
                                                                • Opcode ID: 6f91a64f5329831d1cdf7c4b25470fb5dbaa7ad2f9e3551f3ba25eea1f825ae0
                                                                • Instruction ID: e2f927dfa2007ae2b50283f17dd8118b8cec94099bb47179128c5b748fa4ccf5
                                                                • Opcode Fuzzy Hash: 6f91a64f5329831d1cdf7c4b25470fb5dbaa7ad2f9e3551f3ba25eea1f825ae0
                                                                • Instruction Fuzzy Hash: 5A415C61B09E42C9EA14CB27E8501BD63A1AFA8BF4F0441B1D93D676B5DF6CE544C308
                                                                Function 00007FFE1330D5F8 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 79threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Capsule_$Dict_Err_ItemMem_String$CallocDeallocDictErrorFreeFromInternOccurredPointerState_ThreadUnicode_ValidWith
                                                                • String ID: _ctypes pymem$cannot get thread state$ctypes.error_object$ctypes.error_object is an invalid capsule
                                                                • API String ID: 2323834031-3474121714
                                                                • Opcode ID: accf9b440147d9a92cb32684a6abaa720b59604840fdd08eebf715022aa40aa7
                                                                • Instruction ID: 2746d1ab0b1a6da271bd43b0a3123dae39644e27240775214a939425a0924ecf
                                                                • Opcode Fuzzy Hash: accf9b440147d9a92cb32684a6abaa720b59604840fdd08eebf715022aa40aa7
                                                                • Instruction Fuzzy Hash: F5314860B0AF46C9FA549B17E85813C63E0AF68BB5B8444B4D82E63775EF3CE4458308
                                                                Function 00007FFE13304118 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_$Format$AttrLookupObject_OccurredSequence_StringTupleTuple_
                                                                • String ID: _argtypes_ has too many arguments (%zi), maximum is %i$_argtypes_ must be a sequence of types$item %zd in _argtypes_ has no from_param method
                                                                • API String ID: 4102822968-1150265712
                                                                • Opcode ID: b465a1dad8b079f441bebe69d373bb45d8456e0132b52fc939e0217758a31e23
                                                                • Instruction ID: aca1c0e890f3d3d8d180834f10bc3e673cbfeca3a79e505dd6876c451c5d7d84
                                                                • Opcode Fuzzy Hash: b465a1dad8b079f441bebe69d373bb45d8456e0132b52fc939e0217758a31e23
                                                                • Instruction Fuzzy Hash: 55411B22B09E03C9EA558F27E84417CA7A0AFB5FB4F0401B1D93E6A775DE3CE5468708
                                                                Function 00007FFE132038E4 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Bytes_String$DeallocErr_Size
                                                                • String ID: encoding of hostname failed$host name must not contain null character$idna$str, bytes or bytearray expected, not %s
                                                                • API String ID: 2522550923-2120988924
                                                                • Opcode ID: 3f218649045629f6069e9841134a8ddc55994a625152d29d63930f96b81b775f
                                                                • Instruction ID: 1a18dfdc74f71736e6dcb3b4e97800e721d11117a3712abc008195b3d88795b7
                                                                • Opcode Fuzzy Hash: 3f218649045629f6069e9841134a8ddc55994a625152d29d63930f96b81b775f
                                                                • Instruction Fuzzy Hash: 54414261A08F0689EB54AB57E49033E2760AFE5BB4F1445B5CB5E672B0DF7CE459C300
                                                                Function 00007FFE1330D2E0 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: From$FormatUnicode_$DeallocDoubleFloat_
                                                                • String ID: <cparam '%c' (%R)>$<cparam '%c' (%d)>$<cparam '%c' (%ld)>$<cparam '%c' (%lld)>$<cparam '%c' (%p)>$<cparam '%c' ('%c')>$<cparam '%c' ('\x%02x')>$<cparam '%c' at %p>$<cparam 0x%02x at %p>
                                                                • API String ID: 1798191970-1075073485
                                                                • Opcode ID: e630b7be73e712d3a37526d796ee4f4f39b16323d62473f23fa0d0fb00351437
                                                                • Instruction ID: d331ff3eaaabff9b745cb65fdf491ac65fffc49a9a2019ce485f5b4e1e6da1f5
                                                                • Opcode Fuzzy Hash: e630b7be73e712d3a37526d796ee4f4f39b16323d62473f23fa0d0fb00351437
                                                                • Instruction Fuzzy Hash: 49416F21A0CD438DE6698B3B945C03C6AE1EF76B74F1801F0C56E265BADE2CF945C748
                                                                Function 00007FFE13206200 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                • API String ID: 418579395-1608436615
                                                                • Opcode ID: 038f49541202c8c9e344ee84141582b914636cdd657cab73a632a64df90ac60f
                                                                • Instruction ID: 8253bb9efe1b22da5d25b6aa07c36b6ce7f2842316b75d79b2e57b4cce3d5ab1
                                                                • Opcode Fuzzy Hash: 038f49541202c8c9e344ee84141582b914636cdd657cab73a632a64df90ac60f
                                                                • Instruction Fuzzy Hash: 4D410D72608E869ADB209F62E8406AE7770FBD8BA4F500271DA9D53674DF7CD50CCB40
                                                                Function 00007FFE13309C0C Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Buffer_ReleaseString$Arg_AuditFormatParseSizeSys_Tuple_memcpy
                                                                • String ID: Buffer size too small (%zd instead of at least %zd bytes)$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$y*|n:from_buffer_copy
                                                                • API String ID: 2374319793-1742308441
                                                                • Opcode ID: 2d8fddc9779f14f0481d8ddfd406fb15762d92becc72ec0614fe25a827832394
                                                                • Instruction ID: e0a1c59dbce8be94849c2666aec59e14745a531f7f075425afe2b02e00910208
                                                                • Opcode Fuzzy Hash: 2d8fddc9779f14f0481d8ddfd406fb15762d92becc72ec0614fe25a827832394
                                                                • Instruction Fuzzy Hash: A3311B61B18F46C9EA54CB17E8402A9A360FFA9BE0F4040B2DA6E67775DE3CE445C708
                                                                Function 00007FFE1330C224 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AttrObject_String$Arg_Dealloc$KeywordsParseSequence_SizeSliceTuple_
                                                                • String ID: OOO:COMError$args$details$hresult$text
                                                                • API String ID: 4238450639-2065934886
                                                                • Opcode ID: 7b88bc987767ef29d30f6af4a34bd6ec754f27a2cd5e2595f319dc9faf46bccc
                                                                • Instruction ID: 9c6e6aa6e2786b8f8de3ad89fde33631c2df5d316a648d6196aae1e302e95df2
                                                                • Opcode Fuzzy Hash: 7b88bc987767ef29d30f6af4a34bd6ec754f27a2cd5e2595f319dc9faf46bccc
                                                                • Instruction Fuzzy Hash: FB312971B18F4289FE108F77E8401AD63A0FFA5BE4F4450B1DA2E6A675DE2CE445C348
                                                                Function 00007FFE132021B0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                                                • String ID: socket.gethostname
                                                                • API String ID: 1075394898-2650736202
                                                                • Opcode ID: 7298ead834648a7f4bc6c3e3640df6640e6ed5735f611ada6b462331e5912f76
                                                                • Instruction ID: 1f399b7c8878fb8e10fd88b1b8802e97d83148f080b5610571ca48146fce95f1
                                                                • Opcode Fuzzy Hash: 7298ead834648a7f4bc6c3e3640df6640e6ed5735f611ada6b462331e5912f76
                                                                • Instruction Fuzzy Hash: 67313021A0CF468EE724AB62A85417F67A1FFE9BA4F404075DA4E62674DF7CE40CC600
                                                                Function 00007FFE132076AC Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Err_Release$String$From$Arg_ErrnoFormatParseSizeTuple_Unicode_inet_ntop
                                                                • String ID: invalid length of packed IP address string$iy*:inet_ntop$unknown address family %d
                                                                • API String ID: 418764794-2822559286
                                                                • Opcode ID: cf4bd7ae1774b7dacff3fff39d392359017d4e22f2b23853f2c82bc2b4d813ba
                                                                • Instruction ID: 3f2d9ee3abc16787d511ec6560ee72ba89ad9e676ee88cdd09673e5b1c5e4e37
                                                                • Opcode Fuzzy Hash: cf4bd7ae1774b7dacff3fff39d392359017d4e22f2b23853f2c82bc2b4d813ba
                                                                • Instruction Fuzzy Hash: DB31F021A18D8399EF50AB26E85467E23A0FFE4BA4F4044B2D54EA7574DF7CD40CC700
                                                                Function 00007FFE1330C5B0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Dealloc$StringUnraisableWrite$AttrClearFromImportImport_InternLongLong_ModuleObject_OccurredUnicode_
                                                                • String ID: DllCanUnloadNow$_ctypes.DllCanUnloadNow$ctypes
                                                                • API String ID: 3419117993-4136862661
                                                                • Opcode ID: 6480632f02bad077a56764e5c1bb2d947567b6f8de28b8c217792b4108e53cfe
                                                                • Instruction ID: 1764c96660e1645c80371851389f3e43a26389749a07da1ff963b9ad566cec3d
                                                                • Opcode Fuzzy Hash: 6480632f02bad077a56764e5c1bb2d947567b6f8de28b8c217792b4108e53cfe
                                                                • Instruction Fuzzy Hash: 89210165F09F06C9FE549B23EA9423C63A0AF74BB5F0810B4D92E66372DF3CA4459308
                                                                Function 00007FFE13207380 Relevance: 24.1, APIs: 16, Instructions: 99COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FreeTable$Err_FromList_Windows$AppendBuildConvertInterfaceLuidNameSizeTable2Value_memcpy
                                                                • String ID:
                                                                • API String ID: 1684791173-0
                                                                • Opcode ID: ec0ff591f7a44de46b97f53e6c011e55b3b54e9b216352143d0cf6e100584644
                                                                • Instruction ID: c32e63791ddff4842f7ccbf5a216c2f04228744a2e301fef2605b2e401fbc540
                                                                • Opcode Fuzzy Hash: ec0ff591f7a44de46b97f53e6c011e55b3b54e9b216352143d0cf6e100584644
                                                                • Instruction Fuzzy Hash: 87413431A08F4289EA64AB26E85427E67A1FFE9B65F040071C98E677A4DF7CE40DC741
                                                                Function 00007FFE1A45D5B0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: NameName::$Name::operator+atolswprintf_s
                                                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                • API String ID: 2331677841-2441609178
                                                                • Opcode ID: 9797e925e62f8d7d60f646e305733279f9163504f8593401decf67f28b7cb35e
                                                                • Instruction ID: a0640689a17bf5f943b04cc540ad424429349c19d9146e0dc1704bca9f803f80
                                                                • Opcode Fuzzy Hash: 9797e925e62f8d7d60f646e305733279f9163504f8593401decf67f28b7cb35e
                                                                • Instruction Fuzzy Hash: 0DF19FA2F0CE4294FB14FB6685541BC27B1AF44F64F0401F7C98D26AB5DE3CA96AC340
                                                                Function 00007FFE13307FCF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 171COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Mem_$DeallocErr_Free$AttrFormatMallocMemoryObject_StringUnicode_
                                                                • String ID: %s:%s:$bit fields not allowed for type %s$number of bits invalid for bit field
                                                                • API String ID: 2455365098-3576608231
                                                                • Opcode ID: 2c8a630497d9b26071984d54006c75933da3e15f2b28fdb68437a92c613d873a
                                                                • Instruction ID: e5ddf4aa29f93fc9cea3e2872105824a062b466274afc93257b997728968b03c
                                                                • Opcode Fuzzy Hash: 2c8a630497d9b26071984d54006c75933da3e15f2b28fdb68437a92c613d873a
                                                                • Instruction Fuzzy Hash: BC817A32B08F4289EB50CB66E5482AD73A5FB65BB8F4002B6DA2D677A5DF3CD445C304
                                                                Function 00007FFE13253634 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_BufferContiguousIndexKeywordsLong_Number_Object_ReleaseSsize_tUnpackmemset
                                                                • String ID: argument 'data'$contiguous buffer$decompress
                                                                • API String ID: 2593461735-2667845042
                                                                • Opcode ID: 3b05843de0e9ce16ff05c83b1e5ddb82a75458333f409d7b11fcb9ec86cb24ae
                                                                • Instruction ID: 8b27eadde886a9769a42d999684ff1f876a6c3596227befa0e9573d362e109db
                                                                • Opcode Fuzzy Hash: 3b05843de0e9ce16ff05c83b1e5ddb82a75458333f409d7b11fcb9ec86cb24ae
                                                                • Instruction Fuzzy Hash: 854162A2A18F428AEA10AF13D4447F963A4FBA4BA4F445271DE5D637A4FF3CE645C700
                                                                Function 00007FFE13205428 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 113networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_ParseSizeTuple_$Ioctl$Err_FormatFromLongLong_Unsigned
                                                                • String ID: invalid ioctl command %lu$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                                                • API String ID: 1148432870-4238462244
                                                                • Opcode ID: 6af88f0f7ab4189eaa2f3f439bcd14503b5b66fadfc05a0468ddcdd5e31740c8
                                                                • Instruction ID: 26bbb47f0949e5a659fc0648cb1921fade3e1ce9ee0640c1450c383eb1f84cb1
                                                                • Opcode Fuzzy Hash: 6af88f0f7ab4189eaa2f3f439bcd14503b5b66fadfc05a0468ddcdd5e31740c8
                                                                • Instruction Fuzzy Hash: 09514D32A18E029DEB50DF62E8405ED37B0FB98764F544172DA4DA3A68DF3CD598CB40
                                                                Function 00007FFE13205F88 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: SizeTuple_$Arg_Buffer_ParseRelease$AuditErr_FormatFromLong_Ssize_tSys_
                                                                • String ID: sendto$sendto() takes 2 or 3 arguments (%zd given)$socket.sendto$y*O:sendto$y*iO:sendto
                                                                • API String ID: 3528750861-2448770124
                                                                • Opcode ID: 6ef297011c41e40e00d0fec8183777252a493334b46fd21cb5a027fe8353a864
                                                                • Instruction ID: df7cc8bd54c60a93f1c9ca1a31a75fe61a513a00992b87e37dc1635a20435cd2
                                                                • Opcode Fuzzy Hash: 6ef297011c41e40e00d0fec8183777252a493334b46fd21cb5a027fe8353a864
                                                                • Instruction Fuzzy Hash: 78410B71608F4699EB10DB66E8402AE77B0FBD8BA4F500176DA8D67B64DF7CD548C700
                                                                Function 00007FFE13207148 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 50threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: String$Err_Eval_Thread$Arg_AuditFromParseRestoreSaveSizeSys_Tuple_Unicode_getservbyporthtons
                                                                • String ID: getservbyport: port must be 0-65535.$i|s:getservbyport$port/proto not found$socket.getservbyport
                                                                • API String ID: 3420281234-2618607128
                                                                • Opcode ID: 684d64edd5c1e662378f9cafadfeac506a1a90c000d0be84bc84ad99a05fdcb9
                                                                • Instruction ID: f9ed70a084407014a0c31274766af395d80b9c16447a6269639740971fc1e12e
                                                                • Opcode Fuzzy Hash: 684d64edd5c1e662378f9cafadfeac506a1a90c000d0be84bc84ad99a05fdcb9
                                                                • Instruction Fuzzy Hash: E7210E61A08E4789EA00AB17E88417E6770FFE9BA5F504071EA4D67678DF7DE04CC700
                                                                Function 00007FFE1330BA14 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _PyDict_GetItemIdWithError.PYTHON311 ref: 00007FFE1330BA90
                                                                • PyErr_Occurred.PYTHON311 ref: 00007FFE1330BAA3
                                                                  • Part of subcall function 00007FFE1330BA14: PySequence_GetItem.PYTHON311 ref: 00007FFE1330BAE8
                                                                  • Part of subcall function 00007FFE1330BA14: PySequence_GetItem.PYTHON311 ref: 00007FFE1330BAFF
                                                                  • Part of subcall function 00007FFE1330BA14: PyDict_Contains.PYTHON311 ref: 00007FFE1330BB27
                                                                  • Part of subcall function 00007FFE1330BA14: PyObject_SetAttr.PYTHON311 ref: 00007FFE1330BB3C
                                                                  • Part of subcall function 00007FFE1330BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1330BB4D
                                                                  • Part of subcall function 00007FFE1330BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1330BB5C
                                                                  • Part of subcall function 00007FFE1330BA14: PyErr_Format.PYTHON311 ref: 00007FFE1330BB97
                                                                  • Part of subcall function 00007FFE1330BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1330BBA6
                                                                  • Part of subcall function 00007FFE1330BA14: _Py_Dealloc.PYTHON311 ref: 00007FFE1330BBC0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Item$Dict_Err_Sequence_$AttrContainsErrorFormatObject_OccurredWith
                                                                • String ID: duplicate values for field %R
                                                                • API String ID: 1919794741-1910533534
                                                                • Opcode ID: f71277947be2d2287fba46fe0b915e6ba484f6932f6352b1fb4de12eb2f3b1be
                                                                • Instruction ID: a1de8b584f09ab9ec9fccc277eae174e53fd49bb6733708afb8883336b94b565
                                                                • Opcode Fuzzy Hash: f71277947be2d2287fba46fe0b915e6ba484f6932f6352b1fb4de12eb2f3b1be
                                                                • Instruction Fuzzy Hash: 8D517021B09E428AEE599F27A95457DA7A0BF64BF4F0445B1DD3E273B5EE7CE0018308
                                                                Function 00007FFE1330D0A8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 123threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Free$String$Eval_Thread$BuildDeallocErr_ErrorFromInfoLocalObjectProgRestoreSaveValue
                                                                • String ID: iu(uuuiu)
                                                                • API String ID: 2817777535-1877708109
                                                                • Opcode ID: f3fff332be11df24bb43f445367687364f99778bf223ac6a64006d9486d4d9c8
                                                                • Instruction ID: ee4a670b1e50bfb84c2f7f7d4de432d7f12117d873385315ee0e46fcc6fd28e2
                                                                • Opcode Fuzzy Hash: f3fff332be11df24bb43f445367687364f99778bf223ac6a64006d9486d4d9c8
                                                                • Instruction Fuzzy Hash: B151E466B05E06DAEB00DF66D4943AC63B0FB98BA8F004576DE1E67B69DE3CD509C304
                                                                Function 00007FFE133094A0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$CheckIndex_Number_OccurredSsize_tString
                                                                • String ID: Array does not support item deletion$Can only assign sequence of same size$indices must be integer
                                                                • API String ID: 428023279-3643249925
                                                                • Opcode ID: 67ecbcca89311aff2d866ea192ce1f612227fb21c186869f9d79deb68ba184de
                                                                • Instruction ID: ce80c319a527939f5423192c1ef29a87edb4a6bdfae9663938ac839ca22bba62
                                                                • Opcode Fuzzy Hash: 67ecbcca89311aff2d866ea192ce1f612227fb21c186869f9d79deb68ba184de
                                                                • Instruction Fuzzy Hash: FF415D62B08E46C9EA548F67D8500BD6361FF64BF8B0445B1ED3D676B6EE3CE4858308
                                                                Function 00007FFE133040BC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_$FastLookupSequence_
                                                                • String ID: '%U' is specified in _anonymous_ but not in _fields_$_anonymous_ must be a sequence
                                                                • API String ID: 1391743325-2678605723
                                                                • Opcode ID: 7250101b7d384b3603d10181ac32ac0acd4c5aaae793a49ebea8f6d5bde9a43b
                                                                • Instruction ID: fd9070352f287bfb9c591c086a0f5fba67618f7a7438f7a6e3ee8ac4b7556e3a
                                                                • Opcode Fuzzy Hash: 7250101b7d384b3603d10181ac32ac0acd4c5aaae793a49ebea8f6d5bde9a43b
                                                                • Instruction Fuzzy Hash: CD414A72A09E02C9EA588F67E95017CA7A0FF65BB0F0441B1DE2E276B1CF3CE4558308
                                                                Function 00007FFE133020E8 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Object_$DeallocErr_$AttrCallCheckClearInstanceLookupRecursiveStringUnicode_
                                                                • String ID: abstract class$while processing _as_parameter_$wrong type
                                                                • API String ID: 4206935778-1173273510
                                                                • Opcode ID: 961a10382abbd73e4d2a667dfe19ccb16767b9e8d8b3bad4ce0000eff4bf0ebe
                                                                • Instruction ID: 9e9ed5540fb0ba364519a4e11eaa955e849353606220052134b765e590cf8c2e
                                                                • Opcode Fuzzy Hash: 961a10382abbd73e4d2a667dfe19ccb16767b9e8d8b3bad4ce0000eff4bf0ebe
                                                                • Instruction Fuzzy Hash: 34415C21A08E42CAEA559B27E84017DA360FFA9BB0F0441B1DE2DA77B1DF3CE445C348
                                                                Function 00007FFE13302320 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Dict_ErrorItemOccurredWith$AttrLookupObject_$Callable_CheckLongLong_MaskSequence_StringTupleTuple_Unsigned
                                                                • String ID: _restype_ must be a type, a callable, or None$class must define _flags_ which must be an integer
                                                                • API String ID: 3087875697-2538317290
                                                                • Opcode ID: c02ca58e13a46a6ce0520458656b58573f0571ee4510cffb2fc4fd828f69ccf3
                                                                • Instruction ID: 99f2f7b227ed0465062f1f9253e90080d0b28a73435832325955f600032f4b8a
                                                                • Opcode Fuzzy Hash: c02ca58e13a46a6ce0520458656b58573f0571ee4510cffb2fc4fd828f69ccf3
                                                                • Instruction Fuzzy Hash: 74414D21B09F02DAEA458B26E94437863A0FF69B64F445575DA2D673B2DF3CE498C308
                                                                Function 00007FFE13203EA0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: BuildSizeValue_
                                                                • String ID: OiII$Unknown Bluetooth protocol$iy#
                                                                • API String ID: 1740464280-1931379703
                                                                • Opcode ID: 811c50eada70b53de2986ccdbf135792e8a7c51667e22f96ce3885f6766bbc49
                                                                • Instruction ID: 6a54bae1ba83f88ff14a42debd7d328781f0d2194463f779e9ae446e9d06c276
                                                                • Opcode Fuzzy Hash: 811c50eada70b53de2986ccdbf135792e8a7c51667e22f96ce3885f6766bbc49
                                                                • Instruction Fuzzy Hash: 2D313161A08E5289EA64AB57E54903EA6B0BFE4BA4B4440B5CB0E67770EF7CE45DC300
                                                                Function 00007FFE1330DEDC Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$FormatMem_$Arg_CallocMemoryParseReallocStringTuplememcpy
                                                                • String ID: Memory cannot be resized because this object doesn't own it$On:resize$excepted ctypes instance$minimum size is %zd
                                                                • API String ID: 2473355626-828838525
                                                                • Opcode ID: f25097e4f29e0a836fc8ce735c340e9b52c9a2e89e2e7b96c33704ef34719194
                                                                • Instruction ID: 4ed9abd8cf70128c92e9fe805b8d646446f74d3d7c18ddaec1b3a16ca5f683fc
                                                                • Opcode Fuzzy Hash: f25097e4f29e0a836fc8ce735c340e9b52c9a2e89e2e7b96c33704ef34719194
                                                                • Instruction Fuzzy Hash: 21313C61B09F42C9EA548B57E45417D63B0FFA8BA4F1041B2DA2E67775DF2CE484C708
                                                                Function 00007FFE1A45AC40 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: b0c5aa40c95afe9820d08c2b3a0b3f0a0bd29e174dcc6565612d28bd398cd5cc
                                                                • Instruction ID: a7aa80316a2878be015e071105aea082f55ffaeb5075f6b9b9b5806ce88fa842
                                                                • Opcode Fuzzy Hash: b0c5aa40c95afe9820d08c2b3a0b3f0a0bd29e174dcc6565612d28bd398cd5cc
                                                                • Instruction Fuzzy Hash: 7CF16DB6B08B829AE711EF66D4901FC37B0EB04B5CB4044B6EA4D57BA9DF38D569C340
                                                                Function 00007FFE133028F0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 197COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: LongLong_MaskTuple_Unsigned
                                                                • String ID: %s 'out' parameter must be passed as default value$NULL stgdict unexpected$call takes exactly %d arguments (%zd given)$paramflag %u not yet implemented
                                                                • API String ID: 1136903700-2588965191
                                                                • Opcode ID: 91dd6e13f2742febeda4ec11071149d11ba9fea3fb7657fd2f121691aebacfe3
                                                                • Instruction ID: c5b260d3820350dfa1d74c0cd35bf04799c6cd0ff09955a60c9543ee8fdbbc1e
                                                                • Opcode Fuzzy Hash: 91dd6e13f2742febeda4ec11071149d11ba9fea3fb7657fd2f121691aebacfe3
                                                                • Instruction Fuzzy Hash: 3E815A72A09F42CAEA628F17D44067DA3A4FBA8BA4F104072DA6DA3765DF3CE441C704
                                                                Function 00007FFE1330AA7C Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance$not a ctype instance
                                                                • API String ID: 1450464846-2159251832
                                                                • Opcode ID: 07203d23819d05828f358a56c03890258eda92ffb1c002cf2859f9f66371a8e9
                                                                • Instruction ID: 1eddb75ea578aaef2d3a8524712a31f3db0a32a8a4b1cdd5d54163ec3b0ffdf1
                                                                • Opcode Fuzzy Hash: 07203d23819d05828f358a56c03890258eda92ffb1c002cf2859f9f66371a8e9
                                                                • Instruction Fuzzy Hash: 3A713C61A08F428AFA049B17E5502BD6361FFA5FE0F0841B2DE2D677B6DF2CE4418348
                                                                Function 00007FFE1330AEA0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_ParseSizeTuple_$FormatString
                                                                • String ID: abstract class$is|Oz#$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes
                                                                • API String ID: 2189051491-1121734848
                                                                • Opcode ID: 3d6b330cc5c9dd7f19e068a29130591e5b204b1fdfc58b1c50816dd1f366be30
                                                                • Instruction ID: f1c8fbb514968765254c304f0c658eb1e4a146c2c7ad7009873660356db14bf5
                                                                • Opcode Fuzzy Hash: 3d6b330cc5c9dd7f19e068a29130591e5b204b1fdfc58b1c50816dd1f366be30
                                                                • Instruction Fuzzy Hash: 80613A72B08E02C9EB48CF16E9802AC63A4FB54BA4F1441B6DE2D67B64DF3DE485C304
                                                                Function 00007FFE13206A48 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditErr_FreeMem_ParseSizeStringSys_Tuple_
                                                                • String ID: et:gethostbyaddr$idna$socket.gethostbyaddr$unsupported address family
                                                                • API String ID: 1738687268-1751716127
                                                                • Opcode ID: 21981c606748fb82564060e3f010e4e740aac59376a10161e0d402e5c7a175be
                                                                • Instruction ID: 6860c9df991aa402b55c65f8942f4fdc5485dff4ca0d31e0c4726bec6c3e8ab3
                                                                • Opcode Fuzzy Hash: 21981c606748fb82564060e3f010e4e740aac59376a10161e0d402e5c7a175be
                                                                • Instruction Fuzzy Hash: 8F314161B18E8289EA60AB17F9503BE6760FBD4BE4F440072DA4E27665DE7CE50CC700
                                                                Function 00007FFE13205BA4 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Release$Size$Arg_BuildDeallocErr_Keywords_ParseStringTupleValue_
                                                                • String ID: nbytes is greater than the length of the buffer$negative buffersize in recvfrom_into$w*|ni:recvfrom_into
                                                                • API String ID: 252658603-4033050226
                                                                • Opcode ID: 9779a835a3d373f1e00e4f9253419f8f93039c6076db6d831e5c5cfbf06e46d8
                                                                • Instruction ID: 7fbf9b9af8599078ade26c67b5354cdc1525dd3242c6441a4f08a39ae287567f
                                                                • Opcode Fuzzy Hash: 9779a835a3d373f1e00e4f9253419f8f93039c6076db6d831e5c5cfbf06e46d8
                                                                • Instruction Fuzzy Hash: AC314672A0CF46C9EA10AB52E8442BE6760FBE9BA4F500176DA8D67660DF7DE54CC700
                                                                Function 00007FFE13207080 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_AuditErr_FromLongLong_ParseRestoreSaveSizeStringSys_Tuple_getservbynamehtons
                                                                • String ID: service/proto not found$socket.getservbyname$s|s:getservbyname
                                                                • API String ID: 1135235387-1257235949
                                                                • Opcode ID: 50c410380efebb145164b2a6ee2d31ff3aa59654f6791e367b31230d43ed6af4
                                                                • Instruction ID: 42528dd23e1cedbc20f178b56a92d5dad11ff80d8827e7b23f5311e4ccede0ef
                                                                • Opcode Fuzzy Hash: 50c410380efebb145164b2a6ee2d31ff3aa59654f6791e367b31230d43ed6af4
                                                                • Instruction Fuzzy Hash: F3112C61A08E4286DA00AB17E84027EA770FBE5FE5F400071EA8E67674DF7CE04DC700
                                                                Function 00007FFE1A452F14 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 314COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 4223619315-393685449
                                                                • Opcode ID: 1fea5c564d133bdba3aecb898f1e2b7bc476544beebca211cb7a23793dbe9004
                                                                • Instruction ID: e8cc468c752573ce801f211601fbd0435f1f4d5e40cf52f815ae5a79b57f6e2d
                                                                • Opcode Fuzzy Hash: 1fea5c564d133bdba3aecb898f1e2b7bc476544beebca211cb7a23793dbe9004
                                                                • Instruction Fuzzy Hash: DEE150B2B08F4186EB10AB66D4502BD77A4FB45FA8F1401B6EA4D57B69CF38E5A4C700
                                                                Function 00007FFE13302980 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 249COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CallDeallocErr_FormatObject_memset
                                                                • String ID: argument %zd: $too many arguments (%zi), maximum is %i
                                                                • API String ID: 1791410686-4072972272
                                                                • Opcode ID: 4740f729d07df1b72c89f8ee573bc102a3c799c06bb822e8bf3e008f4163d2c1
                                                                • Instruction ID: 3bc9d7978121afc41723f9e2fb87533c532f56c7c972b191337e4c07529dc566
                                                                • Opcode Fuzzy Hash: 4740f729d07df1b72c89f8ee573bc102a3c799c06bb822e8bf3e008f4163d2c1
                                                                • Instruction Fuzzy Hash: 78B17F62A08E8289EA619F2784402BD6360FF25BF8F544671DE7DA77E5DF3CE5418308
                                                                Function 00007FFE1A45E72C Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Replicator::operator[]
                                                                • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                • API String ID: 3676697650-3207858774
                                                                • Opcode ID: ecd4a8ae6d7230611fff1dd4e64a59f99909a897cce7822f33257ee1ddf9a1a8
                                                                • Instruction ID: 643e62bf24f5c2b9b99468e577bec5373a6d064ef5e31ed0111f09d99902349a
                                                                • Opcode Fuzzy Hash: ecd4a8ae6d7230611fff1dd4e64a59f99909a897cce7822f33257ee1ddf9a1a8
                                                                • Instruction Fuzzy Hash: 5F91ACA2B08E8695FB24EF26D4412B877B1AB44B68F4481F3DA5D036B5DF3CE565C340
                                                                Function 00007FFE13204D64 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Bytes_FromSizegetsockopt$Arg_DeallocLongLong_ParseResizeStringTuple_
                                                                • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                                                • API String ID: 3532181676-2750947780
                                                                • Opcode ID: 15b8bcdde415823467fdb4a0ed8eec2ce9c2fd89354c765c19f8db92f5921497
                                                                • Instruction ID: 8952d45a2cd662d63d620c2c3c4f3c859e01bddbfdd94b56cc7034186df2d303
                                                                • Opcode Fuzzy Hash: 15b8bcdde415823467fdb4a0ed8eec2ce9c2fd89354c765c19f8db92f5921497
                                                                • Instruction Fuzzy Hash: B6311872A18E428BEB14EB26E44446E77A0FBD4B64B504175EB4E67A78DF3CD409CF40
                                                                Function 00007FFE1330AD18 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Arg_AttrDict_Err_FormatObject_ParseSizeStringTuple_Updatememcpy
                                                                • String ID: %.200s.__dict__ must be a dictionary, not %.200s$O!s#$__dict__
                                                                • API String ID: 111561578-4068157617
                                                                • Opcode ID: df2c1ae6872be876c0abca8e9306c520b908d31e559ab2d333eeb8cb4e17a471
                                                                • Instruction ID: f8779fc8039d7e0df572b6ae8383f47ce12db070aea38b87450ef24d371f6340
                                                                • Opcode Fuzzy Hash: df2c1ae6872be876c0abca8e9306c520b908d31e559ab2d333eeb8cb4e17a471
                                                                • Instruction Fuzzy Hash: 22313862B08F46C9EA408F66E8541BCB3A0FB69BB0B544172DA2D23765CF3CE495C304
                                                                Function 00007FFE13205844 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Release$Arg_Err_FromKeywords_Long_ParseSizeSsize_tStringTuple
                                                                • String ID: buffer too small for requested bytes$negative buffersize in recv_into$w*|ni:recv_into
                                                                • API String ID: 1544103690-1758107600
                                                                • Opcode ID: 4cd52dd9801ced5f390c235a0164f2c18d4f816f4ec9513556e453f9d8d8963f
                                                                • Instruction ID: 0f010dbb643d6a131a926ebe56970a2535af7a8edae9204853330ce03184b610
                                                                • Opcode Fuzzy Hash: 4cd52dd9801ced5f390c235a0164f2c18d4f816f4ec9513556e453f9d8d8963f
                                                                • Instruction Fuzzy Hash: DF212671A0CF46C9EA10AB52F4842BE6760FBE97A4F900176CA5E63660DF7CE54CC700
                                                                Function 00007FFE1325A32C Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 349153199-0
                                                                • Opcode ID: 94e1b7c85106b5dcadd5bf74e1c1f6267d6a35972fcb64925ed8eb6f2d0728e2
                                                                • Instruction ID: e53e947a3de8701929a36d7848c80451776e9284cbd4d9ce91e358e8b4705fd3
                                                                • Opcode Fuzzy Hash: 94e1b7c85106b5dcadd5bf74e1c1f6267d6a35972fcb64925ed8eb6f2d0728e2
                                                                • Instruction Fuzzy Hash: 4E8194A0E19F434DFA52BB5794422F926A0AFF57A0F5442B5D90D637B2FE3CE642C600
                                                                Function 00007FFE132022A0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 349153199-0
                                                                • Opcode ID: 9bbd730a66e4cbb51c460212e6bb78fa7447f27bb902fb331a2f3e6d0f89718b
                                                                • Instruction ID: 17ef51dafcfe176f23aebfdb0cc8e5e5fea51db81a6825e025179f2bb11f89df
                                                                • Opcode Fuzzy Hash: 9bbd730a66e4cbb51c460212e6bb78fa7447f27bb902fb331a2f3e6d0f89718b
                                                                • Instruction Fuzzy Hash: C881AE21E08F078EFA54BB67945127D2690AFE67A0F1440B7DA0D637B6EE3CE84DC600
                                                                Function 00007FFE132749C0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984079129.00007FFE13271000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13270000, based on PE: true
                                                                • Associated: 00000001.00000002.2984061552.00007FFE13270000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984101399.00007FFE13276000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984120218.00007FFE13279000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13270000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 349153199-0
                                                                • Opcode ID: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                                                • Instruction ID: 4e8347594dddf321f60daeb9b438f8a4032d0bde15e37d4e5886bd4ed446f8d1
                                                                • Opcode Fuzzy Hash: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                                                • Instruction Fuzzy Hash: 2B817A21E08A438EFA60BB6794422796690BFF57A0F5441B5DA4D737B6DF3CE842C601
                                                                Function 00007FFE130C11D0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983683177.00007FFE130C1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                • Associated: 00000001.00000002.2983665437.00007FFE130C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983719451.00007FFE130C5000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 349153199-0
                                                                • Opcode ID: 49741281be2100ec61cea02429068dcdc2aa4a812f9568a561c19d79723e8765
                                                                • Instruction ID: ab34759b4aa24c2423623864389a62f7f9a8fa0c1ae0b42b4c73f15bfe66fa42
                                                                • Opcode Fuzzy Hash: 49741281be2100ec61cea02429068dcdc2aa4a812f9568a561c19d79723e8765
                                                                • Instruction Fuzzy Hash: 3081C021E1CE438EFB58AB6794412B966D3AF657A0FD441F5DA0DA77B2DF3CE4058200
                                                                Function 00007FFE1330B680 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CallObjectObject_
                                                                • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance
                                                                • API String ID: 3040866976-3177377183
                                                                • Opcode ID: d8d30b96da88cef245048956aa11174a0505f3ed0a0a37e68dc2437735cc2005
                                                                • Instruction ID: 78e07834fc6012b273adb67e4d95faa072150809aca44e7a31c00d4abfe8348e
                                                                • Opcode Fuzzy Hash: d8d30b96da88cef245048956aa11174a0505f3ed0a0a37e68dc2437735cc2005
                                                                • Instruction Fuzzy Hash: 71512765A08F46C9EE589F17D98027D6361AFA5FE4F0840B2ED2D677B6DF2CE4408308
                                                                Function 00007FFE1A45A4E8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                • API String ID: 2943138195-1464470183
                                                                • Opcode ID: f2c82fd6e231fdf3051f437846c0782e2719a4821ee929760b6b2afc08469b6e
                                                                • Instruction ID: 90fb06028247f6d77425227131e51550878adda126d9450814a8a4ab99568be3
                                                                • Opcode Fuzzy Hash: f2c82fd6e231fdf3051f437846c0782e2719a4821ee929760b6b2afc08469b6e
                                                                • Instruction Fuzzy Hash: F6518CB2F08F5699F700EB66E8844BC37B0BB14BA4F5441B6DA4D53A64DF39E565C300
                                                                Function 00007FFE133016B4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Unicode_$ConcatDict_FromInternStringTuple_Update
                                                                • String ID: _be
                                                                • API String ID: 1858819020-4071763053
                                                                • Opcode ID: 10cbbb94ffeeef5047c8331b99db0bdcf7c3f3ec2fb3fe09a0319070b4712324
                                                                • Instruction ID: 393589d894ec9c8a3b46765bb145c81351478614e39984c239e7811290ef5fba
                                                                • Opcode Fuzzy Hash: 10cbbb94ffeeef5047c8331b99db0bdcf7c3f3ec2fb3fe09a0319070b4712324
                                                                • Instruction Fuzzy Hash: D9513976A09F4689EB549F26D88023C73A4FB68FA0B184175DA6D23365DF3CE4A1C348
                                                                Function 00007FFE1330CE1C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 118COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1330C4D0: _PyObject_GC_NewVar.PYTHON311(?,?,?,00007FFE1330CE4C,?,?,?,?,?,00007FFE13306CC2), ref: 00007FFE1330C4E7
                                                                  • Part of subcall function 00007FFE1330C4D0: memset.VCRUNTIME140(?,?,?,00007FFE1330CE4C,?,?,?,?,?,00007FFE13306CC2), ref: 00007FFE1330C534
                                                                  • Part of subcall function 00007FFE1330C4D0: PyObject_GC_Track.PYTHON311(?,?,?,00007FFE1330CE4C,?,?,?,?,?,00007FFE13306CC2), ref: 00007FFE1330C53C
                                                                • PyErr_NoMemory.PYTHON311(?,?,?,?,?,00007FFE13306CC2), ref: 00007FFE1330CE8C
                                                                • _Py_Dealloc.PYTHON311 ref: 00007FFE1330CFCD
                                                                  • Part of subcall function 00007FFE1330F698: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1330CE69,?,?,?,?,?,00007FFE13306CC2), ref: 00007FFE1330F6AD
                                                                  • Part of subcall function 00007FFE1330F698: VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1330CE69,?,?,?,?,?,00007FFE13306CC2), ref: 00007FFE1330F6ED
                                                                • ffi_prep_cif.LIBFFI-8 ref: 00007FFE1330CF4E
                                                                • PyErr_Format.PYTHON311 ref: 00007FFE1330CF6C
                                                                • ffi_prep_closure.LIBFFI-8 ref: 00007FFE1330CF86
                                                                • PyErr_SetString.PYTHON311 ref: 00007FFE1330CFBE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Object_$AllocDeallocFormatInfoMemoryStringSystemTrackVirtualffi_prep_cifffi_prep_closurememset
                                                                • String ID: ffi_prep_cif failed with %d$ffi_prep_closure failed with %d$invalid result type for callback function
                                                                • API String ID: 262837356-3338905684
                                                                • Opcode ID: d5e79a3c8a6f2ae5980b289ff7b9deb079edb7f79e81270934b3751b0593511a
                                                                • Instruction ID: 7615e6bcaefc756dcf03c9eaed563334c177df4f32ba9eea240e080a6d89092f
                                                                • Opcode Fuzzy Hash: d5e79a3c8a6f2ae5980b289ff7b9deb079edb7f79e81270934b3751b0593511a
                                                                • Instruction Fuzzy Hash: C1510A72A09F42C9EB548F26E84067D63A0FB64BA4F1401B6DE2D6B679CF3CD455C388
                                                                Function 00007FFE13205E1C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Err_Release$Arg_CheckDeadline_ParseSignalsSizeStringTuple_
                                                                • String ID: timed out$y*|i:sendall
                                                                • API String ID: 1463051379-3431350491
                                                                • Opcode ID: 0233282a2e0e5b505cd3ce4dbfb0ae80f2fea130364450412f972856bf191ae2
                                                                • Instruction ID: 87f04f6d099c9cca1cf66a3b086bbe0d4dfa449452bec871a4d142891f37d267
                                                                • Opcode Fuzzy Hash: 0233282a2e0e5b505cd3ce4dbfb0ae80f2fea130364450412f972856bf191ae2
                                                                • Instruction Fuzzy Hash: D9411A31A0CE8289E710AF12E84426E7760FBD4BA4F544076DE8E63B64DF7CE449C740
                                                                Function 00007FFE13205934 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Bytes_DeallocSizeStringTuple_$Arg_Err_FromPackParseResize
                                                                • String ID: negative buffersize in recvfrom$n|i:recvfrom
                                                                • API String ID: 3092067012-1867657612
                                                                • Opcode ID: 1109addb0000dc4976cb9f45841f30f465119ce44644b453f1eae205618acd3f
                                                                • Instruction ID: 375ffd05078628b046a98beefb2449cee3cb2b9a4c784b1a6cb33572cc3f8b4c
                                                                • Opcode Fuzzy Hash: 1109addb0000dc4976cb9f45841f30f465119ce44644b453f1eae205618acd3f
                                                                • Instruction Fuzzy Hash: 21315C72A1DF4689EE44AB12E49417E67A0FFE4BE4F544075EA8E67768DE3CE008C740
                                                                Function 00007FFE1330E0F0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocObject_$Arg_AttrCallFromMethodParseTupleUnicode_Vectorcall
                                                                • String ID: OO!
                                                                • API String ID: 3012979734-3205451899
                                                                • Opcode ID: b86a9e6aec3d04f9dfe7387ee9b59cc105e28f1fb880d666b22fe7cdd29bfbaf
                                                                • Instruction ID: dae5c028f66e8284a32fb9d86f9af210c76b63ade4681fea1e9e022e956469fa
                                                                • Opcode Fuzzy Hash: b86a9e6aec3d04f9dfe7387ee9b59cc105e28f1fb880d666b22fe7cdd29bfbaf
                                                                • Instruction Fuzzy Hash: 0C212A71B0DF46C9EE488B63E854678A3A0AF68BA0F0440B5DD6E67775EE7CE4458308
                                                                Function 00007FFE1330E224 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 55memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: String$Free$Err_Mem_$AllocCharFormatUnicode_Wide
                                                                • String ID: String too long for BSTR$unicode string expected instead of %s instance
                                                                • API String ID: 920172908-178309214
                                                                • Opcode ID: cf6aaef1cfa7e26ad3eb861eb924d9a3e9377ee2f3586ae237e535f2c803a6dc
                                                                • Instruction ID: 46dd7cb431599e55c65e945c01a5df915f93b970ab5652e5eff641bb45468603
                                                                • Opcode Fuzzy Hash: cf6aaef1cfa7e26ad3eb861eb924d9a3e9377ee2f3586ae237e535f2c803a6dc
                                                                • Instruction Fuzzy Hash: D9213861B09F42C9EA44DB53E840179A364FFA8FE0F1440B2EA6E63735DE3CE4858318
                                                                Function 00007FFE1330A080 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$DeallocString$Formatmemcpy
                                                                • String ID: byte string too long$bytes expected instead of %s instance$can't delete attribute
                                                                • API String ID: 1948958528-1866040848
                                                                • Opcode ID: fa96def4341ef930101010d25cc26409db7019c647d688fb077c539500109b12
                                                                • Instruction ID: c7a83d555d5c71d1886241eaabd11c21cc8678994cd5f2090f01e880cda3dd46
                                                                • Opcode Fuzzy Hash: fa96def4341ef930101010d25cc26409db7019c647d688fb077c539500109b12
                                                                • Instruction Fuzzy Hash: 62214F71A08E42C9FB548B1BE94017C63A0FB64BB4F145272DA2E67676CF2CE4868309
                                                                Function 00007FFE13206C48 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 52threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_AuditFreeMem_ParseRestoreSaveSizeSys_Tuple_gethostbyname
                                                                • String ID: et:gethostbyname_ex$idna$socket.gethostbyname
                                                                • API String ID: 646687969-574663143
                                                                • Opcode ID: 91a3a09bb96c3ec567ad4bee7220103acfbdc48aa8aae966a13cdd727d66b018
                                                                • Instruction ID: 3968eadf10d801195fbdd514d162c6628253a6c100bdfe593b6768975c85a0de
                                                                • Opcode Fuzzy Hash: 91a3a09bb96c3ec567ad4bee7220103acfbdc48aa8aae966a13cdd727d66b018
                                                                • Instruction Fuzzy Hash: 40212C61B19F8299EA20AB63F9447AE6760FBD8BE4F400171DE4E67675DE3CE148C700
                                                                Function 00007FFE132077F0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_ErrnoFromParseSizeStringTuple_inet_pton
                                                                • String ID: illegal IP address string passed to inet_pton$is:inet_pton$unknown address family
                                                                • API String ID: 907464-903159468
                                                                • Opcode ID: 76e364a5825f36d5229760115179826e02bb58eaa43d797573741c5185630340
                                                                • Instruction ID: b928cd52e8662afa59680668419e30a025081a51e1ea749b08bde2072ac27d07
                                                                • Opcode Fuzzy Hash: 76e364a5825f36d5229760115179826e02bb58eaa43d797573741c5185630340
                                                                • Instruction Fuzzy Hash: 56214961A18E43CAEA54EB16E89007E3771FBE4B64F8000B2E64E66674DF7CE50DD700
                                                                Function 00007FFE13204AD4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 40threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Eval_RestoreThread$ExceptionFetchMatchesResourceSaveUnraisableWarningWriteclosesocket
                                                                • String ID: unclosed %R
                                                                • API String ID: 1289403202-2306019038
                                                                • Opcode ID: 6ca4684e6c490ddef4b79f5831110087eb726c1f75fd13c900abb8b822a24d75
                                                                • Instruction ID: 1d4f7ab15117b9c731e5b18f5afc718d91a2ce978ea92529ca37091366182da4
                                                                • Opcode Fuzzy Hash: 6ca4684e6c490ddef4b79f5831110087eb726c1f75fd13c900abb8b822a24d75
                                                                • Instruction Fuzzy Hash: 6C11E361A08F8286EA04AB62E84416E6760FBD5BB5F045271DE6A636F4CE7CD449C700
                                                                Function 00007FFE1A458BA4 Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: ea53d01b8add9f065da6da89440d1b5514e5cb284af6834d09ce1e9fb4639f71
                                                                • Instruction ID: 56f909d69b1f1cf20fb15c748fcca14e974003353800fc56cc72e71922b216bb
                                                                • Opcode Fuzzy Hash: ea53d01b8add9f065da6da89440d1b5514e5cb284af6834d09ce1e9fb4639f71
                                                                • Instruction Fuzzy Hash: 326170A2F14B5698FB01EBA2D8400FC37B1BB04BA8F5044B6DE0D6BA69DF78D555C740
                                                                Function 00007FFE13253360 Relevance: 15.1, APIs: 10, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Mem_memmove$Bytes_DeallocFromMallocReallocSizeString
                                                                • String ID:
                                                                • API String ID: 1285943476-0
                                                                • Opcode ID: b1532046c9828cc468a7a84711bf2d79d67f1a2fff2fc6f6c5e67236e34e6897
                                                                • Instruction ID: 706c13f8c980a088bf53dfe9a550876972e717ec955584ee33f8ecbc8084d03a
                                                                • Opcode Fuzzy Hash: b1532046c9828cc468a7a84711bf2d79d67f1a2fff2fc6f6c5e67236e34e6897
                                                                • Instruction Fuzzy Hash: E75181A2A09F4289EB11AF2794042B923A4FBA4FA4F145675CF4D67774EF3CE552C300
                                                                Function 00007FFE13206568 Relevance: 15.1, APIs: 10, Instructions: 59networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Long$Err_FromLong_Socketclosesocket$CurrentDuplicateHandleInformationOccurredProcessWindows
                                                                • String ID:
                                                                • API String ID: 3394293678-0
                                                                • Opcode ID: 0edd20fb7986b937f362815becdc3353667b1d2dbe2f27d78ce67fe63332d1ae
                                                                • Instruction ID: c9283c0eab9d269261c7400ca5700c690885b11612ffba76b7763d179136beaa
                                                                • Opcode Fuzzy Hash: 0edd20fb7986b937f362815becdc3353667b1d2dbe2f27d78ce67fe63332d1ae
                                                                • Instruction Fuzzy Hash: 7B217720A19F428AEA647B62A85437E6791EFE8BB4F140775C86E167F4DF7CE00CC600
                                                                Function 00007FF6019902E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2982288513.00007FF601981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF601980000, based on PE: true
                                                                • Associated: 00000001.00000002.2982272737.00007FF601980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982311973.00007FF6019AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982333894.00007FF6019C3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000001.00000002.2982368015.00007FF6019C6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ff601980000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: f$f$p$p$f
                                                                • API String ID: 3215553584-1325933183
                                                                • Opcode ID: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
                                                                • Instruction ID: 098fbd19f382b4396cbf98957524c58767e87eda1823548b710af2f22e4c4317
                                                                • Opcode Fuzzy Hash: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
                                                                • Instruction Fuzzy Hash: 2C12A322E0C1438AFB209A19E4347BD7659FB9075CFAC4131F6AA866C6DF3DE4809B51
                                                                Function 00007FFE1A4533E0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 211107550-393685449
                                                                • Opcode ID: 688fb15556d862c72de40c94a9225dad620afe04ad3ce9f2b8c9a53cb021efd3
                                                                • Instruction ID: 20cd599cd6a96cf8b22c4d9fa5763be91f5c11988486441bffc663a94f426c4f
                                                                • Opcode Fuzzy Hash: 688fb15556d862c72de40c94a9225dad620afe04ad3ce9f2b8c9a53cb021efd3
                                                                • Instruction Fuzzy Hash: 68E1A2B3A08A818AE714AF36D4903BD77A0FB45F68F1441B6DA8D47766CF38E595CB00
                                                                Function 00007FFE1330BBE8 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID: P$wrong type
                                                                • API String ID: 3617616757-281217272
                                                                • Opcode ID: e3327ad88a9a446218fbdf097499024a9865fdc2e91cfe0628b0646d4787f104
                                                                • Instruction ID: b481b5e2506ce6448c3b95e56308023425a0c44fe6d9c3b7263820f9ee56f9e9
                                                                • Opcode Fuzzy Hash: e3327ad88a9a446218fbdf097499024a9865fdc2e91cfe0628b0646d4787f104
                                                                • Instruction Fuzzy Hash: 56713F21B09E46C9FA589F17E85017E67A1AF65BA0F0444B1DA3E673B2DF3CE441C348
                                                                Function 00007FFE13301ABC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_ParseSizeTuple_$Err_Long_StringVoid$AttrAuditCallable_CheckObject_OccurredSequence_Sys_Tuple
                                                                • String ID: argument must be callable or integer function address$cannot construct instance of this class: no argtypes
                                                                • API String ID: 2570622991-2742191083
                                                                • Opcode ID: 540973c798f55e8bddb45151d9b86c5f877ff1e98a5e2c5b0f3278a9c8d95e1e
                                                                • Instruction ID: 8ebff92b8767da4ef9fdcc61a77bc7ecee94b60dbf89d82f6f9dbc57fa4e04b2
                                                                • Opcode Fuzzy Hash: 540973c798f55e8bddb45151d9b86c5f877ff1e98a5e2c5b0f3278a9c8d95e1e
                                                                • Instruction Fuzzy Hash: 9A514F25E0DF4289EA548B17955427D63A0EF65FF0F1840B1DE2E677B9EF2CE4419308
                                                                Function 00007FFE13251FFC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: %d work, %d block, ratio %5.2f$ too repetitive; using fallback sorting algorithm$VUUU
                                                                • API String ID: 711238415-2988393112
                                                                • Opcode ID: 9108c4c4e2d6d5df63023b1ab5f74cbde5b98f3dbb4d4334f7fd8b373665a9e5
                                                                • Instruction ID: 40afa703c65d5382ffe84ada64c55a8fd3ce94f2becb38a9cb66c7ef6ca7b51a
                                                                • Opcode Fuzzy Hash: 9108c4c4e2d6d5df63023b1ab5f74cbde5b98f3dbb4d4334f7fd8b373665a9e5
                                                                • Instruction Fuzzy Hash: 2B41A5B2A08B418BE710AF2694451B977A4FBE5B64F104375DA0E637B5EF3DE682C600
                                                                Function 00007FFE1A45C1D8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                • API String ID: 2943138195-2239912363
                                                                • Opcode ID: e6d89d71e33ac373f0738e0b515b9d7d47b180a069a0d86b59b00a9470073de2
                                                                • Instruction ID: 6687bc44508bd485d866c25ff530da5c347406c5587ee02f6a3bf1957e2a0818
                                                                • Opcode Fuzzy Hash: e6d89d71e33ac373f0738e0b515b9d7d47b180a069a0d86b59b00a9470073de2
                                                                • Instruction Fuzzy Hash: B1514CA2F18F4598FB11DB62D8412BD77B0BB08B64F4442F6DA4D13AA5DF3C90A4C754
                                                                Function 00007FFE130C25C8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983683177.00007FFE130C1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                • Associated: 00000001.00000002.2983665437.00007FFE130C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983719451.00007FFE130C5000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                                                • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                                                • API String ID: 3320488554-3996108163
                                                                • Opcode ID: 05e470237c1967013c16db83c877e5144c843c525c657350500e77854bb128da
                                                                • Instruction ID: 897d4a1924f98709312bba0c75f7e7565735dc8aaa4f8fe449576fd6daa43a8f
                                                                • Opcode Fuzzy Hash: 05e470237c1967013c16db83c877e5144c843c525c657350500e77854bb128da
                                                                • Instruction Fuzzy Hash: 08417C32619F018AEA108F1AE94413977AAFBA4BB4F4042F5DE6E53BA4DF3CE454C300
                                                                Function 00007FFE13302600 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CallDeallocObject_$FromFunctionLongLong_Traceback_
                                                                • String ID: GetResult$_ctypes/callproc.c
                                                                • API String ID: 2301701745-4166898048
                                                                • Opcode ID: 6b14f494761338040cbc18ac8ef32615b91be7de93a4bad4d1a784e7f6cbc817
                                                                • Instruction ID: 8f0950a55ee070ba3f572378fbce4730311934dc6ef709895f8926dcaae0fbea
                                                                • Opcode Fuzzy Hash: 6b14f494761338040cbc18ac8ef32615b91be7de93a4bad4d1a784e7f6cbc817
                                                                • Instruction Fuzzy Hash: 9C318121B0DE46C9FE659B27E80017DA3A4EF65BB0F0850B0DE2E677B5DE2CE4418308
                                                                Function 00007FFE13309D58 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsInstance.PYTHON311(?,?,00000000,00007FFE13306BCC), ref: 00007FFE13309D73
                                                                • PyObject_IsInstance.PYTHON311(?,?,00000000,00007FFE13306BCC), ref: 00007FFE13309DBB
                                                                • PyErr_Format.PYTHON311(?,?,00000000,00007FFE13306BCC), ref: 00007FFE13309E4D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: InstanceObject_$Err_Format
                                                                • String ID: ???$expected %s instance instead of %s$expected %s instance instead of pointer to %s
                                                                • API String ID: 215623467-1082101171
                                                                • Opcode ID: c42a85ef290f4f7c7dec54bd01f908c692fe1a4d2cba32a0c83425372474c043
                                                                • Instruction ID: 4e161a3b9d63e6f5c35625d50e32504bd2d309ca86a674f40f63be979fa1f2a9
                                                                • Opcode Fuzzy Hash: c42a85ef290f4f7c7dec54bd01f908c692fe1a4d2cba32a0c83425372474c043
                                                                • Instruction Fuzzy Hash: A0312D21A08E42C9EA549B67D54007D6361AF68FB4F5454B2EA3D677B5DF3CE841C308
                                                                Function 00007FFE132538BC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: String$Bytes_Err_FromSizeThread_allocate_lockThread_free_lock
                                                                • String ID: Unable to allocate lock
                                                                • API String ID: 1127547223-3516605728
                                                                • Opcode ID: c17eff7bc98fcddad25fa0aa7e8872bdeafa31c641a1adeb9191edbd123e9819
                                                                • Instruction ID: 14eaf8b2cbd60f767584ab78343eb459cf40e1487f533eea8802d03239cb2a05
                                                                • Opcode Fuzzy Hash: c17eff7bc98fcddad25fa0aa7e8872bdeafa31c641a1adeb9191edbd123e9819
                                                                • Instruction Fuzzy Hash: 98314DB2A08E4289EB54AF32D5453B823A0FFA4F78F1443B4CA4D566A5EF3CD685C740
                                                                Function 00007FFE1330D81C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$BuildDeallocFromLong_OccurredSsize_tStringTuple_Value
                                                                • String ID: not a ctypes type or object$siN
                                                                • API String ID: 1444022424-92050270
                                                                • Opcode ID: 26a9fcd1b49395e45c52150cf6bc8a8343daf74cdcd0b31558393dc906a49e26
                                                                • Instruction ID: 6758697bf73cc464dc60aec8874013aed65d50006f45ef7fd120af1ec3e67543
                                                                • Opcode Fuzzy Hash: 26a9fcd1b49395e45c52150cf6bc8a8343daf74cdcd0b31558393dc906a49e26
                                                                • Instruction Fuzzy Hash: 4C212921B09F42C9EA549B27E59427D63A0FF68FB5F0440B5DA2E67779DF2CE4418308
                                                                Function 00007FFE13207988 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Time_$Err_FromSecondsString$MillisecondsObjectTimeval
                                                                • String ID: Timeout value out of range$timeout doesn't fit into C timeval
                                                                • API String ID: 4240314503-2798848688
                                                                • Opcode ID: f4a3403413d0b3d7c856c31cf8b7ba7531603333823162405e1bc3dc7e5ad81e
                                                                • Instruction ID: d1218579e37c8188ced54c8a40a4c9ca93e6683d600a028a0943f6c9a4dbb72c
                                                                • Opcode Fuzzy Hash: f4a3403413d0b3d7c856c31cf8b7ba7531603333823162405e1bc3dc7e5ad81e
                                                                • Instruction Fuzzy Hash: E1112E32A18E4286EA10AB6AE44013E2761EBE4BB0F045271DAAD577B4DF7DE449C301
                                                                Function 00007FFE13252780 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                • String ID: argument$compress$contiguous buffer
                                                                • API String ID: 1731275941-2310704374
                                                                • Opcode ID: b138ca2d2723dab52cb10e3a74fac2df87b6dda8ec1f7609b2bdead44722ed7b
                                                                • Instruction ID: 4b37c937593851727c7551ad08223b0ec195494cd07061087c8e12624bd05480
                                                                • Opcode Fuzzy Hash: b138ca2d2723dab52cb10e3a74fac2df87b6dda8ec1f7609b2bdead44722ed7b
                                                                • Instruction Fuzzy Hash: CD1172A2A18B4295EB10EB26E8441F96360FBE8F94F9482B1D94D63674EE3CD645C700
                                                                Function 00007FFE13309FEC Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Err_ReleaseString$BufferObject_memcpy
                                                                • String ID: byte string too long$cannot delete attribute
                                                                • API String ID: 1128862751-688604938
                                                                • Opcode ID: c0fad4b2d32ac0ab3663af02738014edb070c5b9f2759e00e789a8b2334ff090
                                                                • Instruction ID: 6ce2c4e505abf9841be9d4a3bf664836cf2e77c7ab52b4deaf87338635bdc81a
                                                                • Opcode Fuzzy Hash: c0fad4b2d32ac0ab3663af02738014edb070c5b9f2759e00e789a8b2334ff090
                                                                • Instruction Fuzzy Hash: F1018B61B18D46C5FB20CB27E8400B96360FFA4BA8F504272D97E672B5DF2CE589C708
                                                                Function 00007FFE13206FFC Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 32threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_getprotobyname
                                                                • String ID: protocol not found$s:getprotobyname
                                                                • API String ID: 862796068-630402058
                                                                • Opcode ID: a4d0f157e69161900fd295891aa016e7b70d442cf82c6e992c0432fa93d25ec1
                                                                • Instruction ID: a991027e674c3f385160d65b168041f05399d09f4b26c14c64285638022dee1c
                                                                • Opcode Fuzzy Hash: a4d0f157e69161900fd295891aa016e7b70d442cf82c6e992c0432fa93d25ec1
                                                                • Instruction Fuzzy Hash: 51010861A18E428AEA04AB26E99403E67A1FBE8FE1F440471DA4E67634DE7CE04CC700
                                                                Function 00007FFE132075AC Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 29stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: SizeString$Arg_Bytes_Err_FromParseTuple_inet_addrstrcmp
                                                                • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                                                • API String ID: 717551241-4110412280
                                                                • Opcode ID: b3f22b26161e9026f1be4ea104701ab941468ac977f48e4eaa3df88f05bedf50
                                                                • Instruction ID: 39e9ad3023ffb8f3b9693e0a3ae3b20b4af3f56d670cc47915b45f47336bbcf8
                                                                • Opcode Fuzzy Hash: b3f22b26161e9026f1be4ea104701ab941468ac977f48e4eaa3df88f05bedf50
                                                                • Instruction Fuzzy Hash: 7D01ECA1A08E438AEA14BB2AE89017E2761EFE57B4F500171D65EA75B4DF7CD44DC700
                                                                Function 00007FFE1320762C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_ReleaseString$Arg_Err_FromParseSizeTuple_Unicode_inet_ntoa
                                                                • String ID: packed IP wrong length for inet_ntoa$y*:inet_ntoa
                                                                • API String ID: 1492101624-3027498899
                                                                • Opcode ID: ccab7d2a64d4296dd88b38da3c028862919155823b55703005afc4c29e9b2518
                                                                • Instruction ID: 3b47b9e02cc78870ac4a176b5abe857303592be29cc4fb7bc6df7de6ce39a104
                                                                • Opcode Fuzzy Hash: ccab7d2a64d4296dd88b38da3c028862919155823b55703005afc4c29e9b2518
                                                                • Instruction Fuzzy Hash: 30012161A08E4286DA10AF26E89407E2360FFE4B94B540171D64E63674DE7CD10DCB00
                                                                Function 00007FFE13305950 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 349153199-0
                                                                • Opcode ID: 31b097c5beb5f15cde6c2b56eb33e70b4a1a94a0495c7f4a48947f332bb9daf1
                                                                • Instruction ID: 976eb9ca490bdeb8ee8b52893b56f8f421b76d67cc0ad341a57930f5919ffdd4
                                                                • Opcode Fuzzy Hash: 31b097c5beb5f15cde6c2b56eb33e70b4a1a94a0495c7f4a48947f332bb9daf1
                                                                • Instruction Fuzzy Hash: 57819A21E1CA03CEF650AB6B948127D6290AFA57B0F5440B5EA6D737F7DE3CE8458708
                                                                Function 00007FFE13302FC0 Relevance: 13.7, APIs: 9, Instructions: 155COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dict_Item$CallCheckDeallocErrorFunctionMakeObject_ResultTuple_UpdateWith
                                                                • String ID:
                                                                • API String ID: 1807771726-0
                                                                • Opcode ID: 42a6a9498eb4336f8fb7f7e14a875b7f35efea189098be1472c8111e8b538fde
                                                                • Instruction ID: f45856ba144baee5ab0ccf33eca39afd7f82fe8a2115168b66493173047daa82
                                                                • Opcode Fuzzy Hash: 42a6a9498eb4336f8fb7f7e14a875b7f35efea189098be1472c8111e8b538fde
                                                                • Instruction Fuzzy Hash: 98616F21A09F4289FA558B27E94437D63A0BF65BB4F0840B5DA6D277B5DF3CE055C308
                                                                Function 00007FFE1320444C Relevance: 13.6, APIs: 9, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$ErrorFromLastLongclosesocket$CheckHandleInformationLong_SignalsStringWindowsmemset
                                                                • String ID:
                                                                • API String ID: 205095079-0
                                                                • Opcode ID: 49c354e606523974a3277e7978bdea3490ed1b4ba92528b3e4dfffad4a66567c
                                                                • Instruction ID: d3171a450ee13d4b427c1b5774ed98362ff0e449d42159c4311156843572dbe6
                                                                • Opcode Fuzzy Hash: 49c354e606523974a3277e7978bdea3490ed1b4ba92528b3e4dfffad4a66567c
                                                                • Instruction Fuzzy Hash: 8C416731608F8289EA64AB53E4403BE67A4FFE9BA0F444075DA8D27B65DF7CD448CB40
                                                                Function 00007FFE1A4561AA Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                • API String ID: 1852475696-928371585
                                                                • Opcode ID: ca6cf6770a5e62d56dc10247fecd8c14e7675c1b430a8679457d8e3be21ba961
                                                                • Instruction ID: ec8f4461fab7ece41ab71fbbe15d9c9515926b36fe585e8b5474011d9effbad8
                                                                • Opcode Fuzzy Hash: ca6cf6770a5e62d56dc10247fecd8c14e7675c1b430a8679457d8e3be21ba961
                                                                • Instruction Fuzzy Hash: DC51A1A2B18E4692EE20EB56F4802B9A360FF44FA4F5441B3EA4E43675DF3CE525C700
                                                                Function 00007FFE1A456B5C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A456D1B,?,?,00000000,00007FFE1A456B4C,?,?,?,?,00007FFE1A456885), ref: 00007FFE1A456BE1
                                                                • GetLastError.KERNEL32(?,?,?,00007FFE1A456D1B,?,?,00000000,00007FFE1A456B4C,?,?,?,?,00007FFE1A456885), ref: 00007FFE1A456BEF
                                                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE1A456D1B,?,?,00000000,00007FFE1A456B4C,?,?,?,?,00007FFE1A456885), ref: 00007FFE1A456C08
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A456D1B,?,?,00000000,00007FFE1A456B4C,?,?,?,?,00007FFE1A456885), ref: 00007FFE1A456C1A
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FFE1A456D1B,?,?,00000000,00007FFE1A456B4C,?,?,?,?,00007FFE1A456885), ref: 00007FFE1A456C60
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFE1A456D1B,?,?,00000000,00007FFE1A456B4C,?,?,?,?,00007FFE1A456885), ref: 00007FFE1A456C6C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                • String ID: api-ms-
                                                                • API String ID: 916704608-2084034818
                                                                • Opcode ID: 936032d40fa96b032ac86a2d89c5a398f87e2a2d839e469644f99c68bf1566a7
                                                                • Instruction ID: c3f432e5d3511cab6fd39c14fd46c7bff2044fef2dfb103abe1d927c75857ece
                                                                • Opcode Fuzzy Hash: 936032d40fa96b032ac86a2d89c5a398f87e2a2d839e469644f99c68bf1566a7
                                                                • Instruction Fuzzy Hash: CB31AE61B1AF4281EE22AB07A8005B5B2A4FB49FB5F5D05B6DD2D073A4EF3CE164C200
                                                                Function 00007FFE133021A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$CallDict_Err_MakeMallocMem_MemoryObject_Update
                                                                • String ID: X{}
                                                                • API String ID: 3445980372-2140212134
                                                                • Opcode ID: 3f2902342c13d165ca5a04ad6b751020229967bc3c101f7663baa985dba562bd
                                                                • Instruction ID: 614ee071a9f402aab5257652768e436504bb5be4cf18f1e387ec16bd04652ba7
                                                                • Opcode Fuzzy Hash: 3f2902342c13d165ca5a04ad6b751020229967bc3c101f7663baa985dba562bd
                                                                • Instruction Fuzzy Hash: CD315E31A0CF42C9EA958B66A94427D63A4BB65BB0F5841B0DA6D637B1CF3CE4558308
                                                                Function 00007FFE13301860 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrCallable_CheckErr_LookupObject_String
                                                                • String ID: restype must be a type, a callable, or None
                                                                • API String ID: 1528254987-4008198047
                                                                • Opcode ID: 6452f5985481fdf810af319e620606f51f1d816ac9bc74436ba4aa13f9c82220
                                                                • Instruction ID: f3cb330a21b9b1855cc4e7b8d07ba531b2b01c08a0eeed21457b3f529b3e6571
                                                                • Opcode Fuzzy Hash: 6452f5985481fdf810af319e620606f51f1d816ac9bc74436ba4aa13f9c82220
                                                                • Instruction Fuzzy Hash: 90318136F09F0289FA548B67E48037C63A0FF65BB5F1841B0CA2E666B4DF2CE5458308
                                                                Function 00007FFE1325C5F8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                • API String ID: 1563898963-3455802345
                                                                • Opcode ID: 9b026c52384d1bde9e7588ce781edc70c1283e8086e1dddbc8207b2c901252c2
                                                                • Instruction ID: 837503b409e9afc93e8396d7a2a6f29f7ffa6b070091d009a0a8851e0df36be6
                                                                • Opcode Fuzzy Hash: 9b026c52384d1bde9e7588ce781edc70c1283e8086e1dddbc8207b2c901252c2
                                                                • Instruction Fuzzy Hash: 4A314DA160AE528AEE14EB17E4400B86360BBE4FB4B545771DA2D577B4FF2CE652C300
                                                                Function 00007FFE1330B5AC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CharErr_Unicode_Wide$FormatString
                                                                • String ID: can't delete attribute$string too long$unicode string expected instead of %s instance
                                                                • API String ID: 530648689-1577475929
                                                                • Opcode ID: 54871f426e13d62f20164b13e72e16cb3eb4130456bf9d3dcc44f832ca140448
                                                                • Instruction ID: e9badf54a58798d0a569a19540ceafa4d599100174a870d8a20312bcfb58e92b
                                                                • Opcode Fuzzy Hash: 54871f426e13d62f20164b13e72e16cb3eb4130456bf9d3dcc44f832ca140448
                                                                • Instruction Fuzzy Hash: AC214961B08E46CAEA58CF57E48017CA361FBA4FE0F5455B2DA2D2777ACF2CE4458708
                                                                Function 00007FFE1330EBE4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Long$Long_MaskUnsigned
                                                                • String ID: _ctypes/cfield.c pymem$unicode string or integer address expected instead of %s instance
                                                                • API String ID: 1805849926-901310697
                                                                • Opcode ID: 2ce16603c6b5fb28991612c657e35fb793e2d5932663eadf79fd1512b973919a
                                                                • Instruction ID: ae26200dfc8a741527e38f10ece6d1c4beac5a77c3d4dda285ebb2abc108e8d7
                                                                • Opcode Fuzzy Hash: 2ce16603c6b5fb28991612c657e35fb793e2d5932663eadf79fd1512b973919a
                                                                • Instruction Fuzzy Hash: B7113A62B1AF42C9EA44CF17E84427C6360BB68BA0F5054B6D92E22375EE3DE495C318
                                                                Function 00007FFE132537BC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lockmemmove
                                                                • String ID: End of stream already reached
                                                                • API String ID: 4192957916-3466344095
                                                                • Opcode ID: 9d24e192cd5e41aae34a11841e36e0bc5166bdf8702469d9357772ef0d70671f
                                                                • Instruction ID: b1c38703de90fe77ac75fc9472168247dc382a8aabfd3b1da272db5a08c9de63
                                                                • Opcode Fuzzy Hash: 9d24e192cd5e41aae34a11841e36e0bc5166bdf8702469d9357772ef0d70671f
                                                                • Instruction Fuzzy Hash: 751130A1A08E4189EB04EB63E9442A96764FBD8FD4F0891B1DF1E53725EF3CE556C700
                                                                Function 00007FFE132056E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Bytes_SizeString$Arg_DeallocErr_FromParseResizeTuple_
                                                                • String ID: negative buffersize in recv$n|i:recv
                                                                • API String ID: 1342606314-3647384195
                                                                • Opcode ID: 0f2e265d39f511016bcec70da8533312cc5300a70e45771693c718f9922707e5
                                                                • Instruction ID: eb9b525729a55f20f6f48e82ea5e51834a598bd50ac93590cd0178693f796c18
                                                                • Opcode Fuzzy Hash: 0f2e265d39f511016bcec70da8533312cc5300a70e45771693c718f9922707e5
                                                                • Instruction Fuzzy Hash: 2A116D65A0CE42C9EE24AB52E48017EA7A0FFE4BB4F500472D94D67674EEBCE04DD700
                                                                Function 00007FFE132526EC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lock
                                                                • String ID: Compressor has been flushed
                                                                • API String ID: 1906554297-3904734015
                                                                • Opcode ID: 4f10c9a98a270c81542dec47670a47e5c1056ddde1cac534f6d7ef28f75aec1e
                                                                • Instruction ID: ed0fc833e44afe2e1020c279f94429115d0e55cedc5523ac39bcdf773a7a2ef8
                                                                • Opcode Fuzzy Hash: 4f10c9a98a270c81542dec47670a47e5c1056ddde1cac534f6d7ef28f75aec1e
                                                                • Instruction Fuzzy Hash: 0E1142B1A08E4285EB10EB13E9441B96364FBD9FE1B048571DE0D67B65EF3CE592C340
                                                                Function 00007FFE13252134 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_SizeThread_release_lock
                                                                • String ID: Repeated call to flush()
                                                                • API String ID: 3236580226-194442007
                                                                • Opcode ID: a7363f18bb3a4be2b1f04e20a3cf77806fbf112a27042f4a7a0e0242247e6c36
                                                                • Instruction ID: feb254720267ded960d97438f0c1665b65b895ba80ad43bc42a5b4bf40f27fe9
                                                                • Opcode Fuzzy Hash: a7363f18bb3a4be2b1f04e20a3cf77806fbf112a27042f4a7a0e0242247e6c36
                                                                • Instruction Fuzzy Hash: 06115171A08E4286E710AB27E9441B92360FBD9FA0F008270DA0E57765EF3CE696C740
                                                                Function 00007FFE1330F574 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$CharFormatStringUnicode_Wide
                                                                • String ID: one character unicode string expected$unicode string expected instead of %s instance
                                                                • API String ID: 3624372013-2255738861
                                                                • Opcode ID: a442bb40f20c3a4dd4081ba5bcb0ae0298b6afa5f68cd383e2f326c911a818c9
                                                                • Instruction ID: d257e66e32795929fd4be178c5299c33ce3efdfd56641a94a71b1a1f1f992de8
                                                                • Opcode Fuzzy Hash: a442bb40f20c3a4dd4081ba5bcb0ae0298b6afa5f68cd383e2f326c911a818c9
                                                                • Instruction Fuzzy Hash: AF111965B08E42C9EB448F66E8441796360FB68FB4F1455B2DA2E56635DE2CD488C308
                                                                Function 00007FFE1330DC30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_CharErrorFreeFromLastLocalParseTupleUnicode_Wide
                                                                • String ID: <no description>$|i:FormatError
                                                                • API String ID: 935104296-1632374824
                                                                • Opcode ID: da62cbb651d4d48137c88a006a0480f238e20f846b976fc73609049c0e997912
                                                                • Instruction ID: 0a48965377d8aaeb0e659e23c3ac1346c9bdd6f4270f3cb26ea240511d58a161
                                                                • Opcode Fuzzy Hash: da62cbb651d4d48137c88a006a0480f238e20f846b976fc73609049c0e997912
                                                                • Instruction Fuzzy Hash: E4018461B08E828AEA549B23B84807DA2E1FF64BB0F144270D97E533F5EE7CE4448708
                                                                Function 00007FFE1330DCC0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_FreeFromLibraryParseRestoreSaveTupleWindows
                                                                • String ID: O&:FreeLibrary
                                                                • API String ID: 204461231-2600264430
                                                                • Opcode ID: 078f241c74f91baaec2f50080a5493ab98081374dae74a9cab3a0cffd8d54dea
                                                                • Instruction ID: 1947d321dc2878390689a60f6397c33c6205d5da9a006850cc025ceb4d9f0cbb
                                                                • Opcode Fuzzy Hash: 078f241c74f91baaec2f50080a5493ab98081374dae74a9cab3a0cffd8d54dea
                                                                • Instruction Fuzzy Hash: D9011B25B0CE42CAE6418B67A84403D63A0EFA4BA4F1444B1DA7E63639DE3CE4458708
                                                                Function 00007FFE1330A9E4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: String$Size$AttrBuildBytes_Err_FromObject_Value_
                                                                • String ID: O(O(NN))$__dict__$ctypes objects containing pointers cannot be pickled
                                                                • API String ID: 1770468409-724424928
                                                                • Opcode ID: 3ee03d1d2b345c529b1bd3c85f0488fda98b0b8f69e1e8ea5ec09f1cc578dd04
                                                                • Instruction ID: 29c205897f5429e9d5aca930ae88f2c5ac6517040f4e43d099c45220e9e08b12
                                                                • Opcode Fuzzy Hash: 3ee03d1d2b345c529b1bd3c85f0488fda98b0b8f69e1e8ea5ec09f1cc578dd04
                                                                • Instruction Fuzzy Hash: FB015B25A08F42CAEA508B17E940079A3A0FB68BE0F4445B1DEAD63775DF2CE166C708
                                                                Function 00007FFE1320752C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_DeallocErr_ParseSizeStringTuple_if_nametoindex
                                                                • String ID: O&:if_nametoindex$no interface with this name
                                                                • API String ID: 3052430728-3835682882
                                                                • Opcode ID: 12e8203fb0cf7461e24a3d4e215b3143ca18e6a039aed69a66b3869146dbc896
                                                                • Instruction ID: f8c89767551c3a2533173f3694a069e23bdf916be87f16fb4d88c2c9f3f1575f
                                                                • Opcode Fuzzy Hash: 12e8203fb0cf7461e24a3d4e215b3143ca18e6a039aed69a66b3869146dbc896
                                                                • Instruction Fuzzy Hash: E801EC64A08E438AEB10AB67E89007E2761BFE8B64F5044B1DA4E66634DE7CE44DC710
                                                                Function 00007FFE132072A8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 26networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                • String ID: htons: Python int too large to convert to C 16-bit unsigned integer$htons: can't convert negative Python int to C 16-bit unsigned integer$i:htons
                                                                • API String ID: 1102113319-997571130
                                                                • Opcode ID: f5f3be2852d41024977e316b61593436f03594a4b4df2368eb7feee68b79267f
                                                                • Instruction ID: 708f509f3b464f42b11beffa01566c915073372c5555fc9bddee5308ff1163d4
                                                                • Opcode Fuzzy Hash: f5f3be2852d41024977e316b61593436f03594a4b4df2368eb7feee68b79267f
                                                                • Instruction Fuzzy Hash: 3AF0FF64E08E539DEE04BB17E85007D2660BFE4761F9044B2D54EAB170DE6CE40DD700
                                                                Function 00007FFE13207920 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 26networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                • String ID: i:ntohs$ntohs: Python int too large to convert to C 16-bit unsigned integer$ntohs: can't convert negative Python int to C 16-bit unsigned integer
                                                                • API String ID: 1102113319-2476431691
                                                                • Opcode ID: ce4feceb5a90c14b92646f1ea5f8c4eaf36e6cf8efd11a848fc75c933ffc50eb
                                                                • Instruction ID: 24ee4e9faf5a533eba8afb599393acb1acc77441712f26c9e3cdf16c2fda9529
                                                                • Opcode Fuzzy Hash: ce4feceb5a90c14b92646f1ea5f8c4eaf36e6cf8efd11a848fc75c933ffc50eb
                                                                • Instruction Fuzzy Hash: 4DF01260E08F5799EA04BB1BD89017E2760BFE5B61F9004B1D58EAB170DE7CE44CD310
                                                                Function 00007FFE1A452818 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abort$AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1501936508-0
                                                                • Opcode ID: cf0ce418dbf8095189d4875bbd922365259c44d693191a2e82a2bfde5589004d
                                                                • Instruction ID: b073622a3ceda261b0e01387bbdde0ab96bfadc6a741147bf3c4341d91097703
                                                                • Opcode Fuzzy Hash: cf0ce418dbf8095189d4875bbd922365259c44d693191a2e82a2bfde5589004d
                                                                • Instruction Fuzzy Hash: A751B1B1F09F4281EA69BB57944427963A0AF44FA4F0945F7EA4E077B5DE3CE461C300
                                                                Function 00007FFE1A4529FC Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abort$AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1501936508-0
                                                                • Opcode ID: 33b9a28e85c1583a9e53f416898540066328f1663c9e5eff4cdc8514e51169f9
                                                                • Instruction ID: d69d25f26ad970d347bc150744c37bca5baeb512cba4ef2993ac404ef6882b0a
                                                                • Opcode Fuzzy Hash: 33b9a28e85c1583a9e53f416898540066328f1663c9e5eff4cdc8514e51169f9
                                                                • Instruction Fuzzy Hash: 7551B0A1B0AF4281FA65AF17944463863A4AF04FA1F0985F7EA4E077A5DF7CE861C310
                                                                Function 00007FFE1330F990 Relevance: 12.1, APIs: 8, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Mem_$FreeMalloc$Err_Memorymemcpy
                                                                • String ID:
                                                                • API String ID: 920471837-0
                                                                • Opcode ID: c91e9501240dbb047462beff57c3e24aa08f07d97696b8881faa54e688d9ffaf
                                                                • Instruction ID: 05178dc246662e386b4b8a436ce59b4ec7ad4ae14ddd862f900cbe4573e2d0ea
                                                                • Opcode Fuzzy Hash: c91e9501240dbb047462beff57c3e24aa08f07d97696b8881faa54e688d9ffaf
                                                                • Instruction Fuzzy Hash: 75512022A09F8596EB498F3595503BC6360FB68F94F049275DF6D232A6DF38B0E9C304
                                                                Function 00007FFE13302894 Relevance: 12.1, APIs: 8, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Tuple_
                                                                • String ID:
                                                                • API String ID: 828192933-0
                                                                • Opcode ID: 5e62f5604a1117c70738b5e9d10e81d038eb8c1c9d08bc44558772b595a0c4de
                                                                • Instruction ID: 695367868a6d72fa1de4cec850fd78df970c02ab2b316c290722fce6fab288d0
                                                                • Opcode Fuzzy Hash: 5e62f5604a1117c70738b5e9d10e81d038eb8c1c9d08bc44558772b595a0c4de
                                                                • Instruction Fuzzy Hash: B141BF32A09F46CDEAA68F26A80467D63A0FF65BA5F080174DD6E26670DF3CE485C704
                                                                Function 00007FFE13301178 Relevance: 12.1, APIs: 8, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dict_$DeallocObject_$AttrCallContainsErr_ErrorItemMakeOccurredUpdateWith
                                                                • String ID:
                                                                • API String ID: 3953964043-0
                                                                • Opcode ID: 514ed9f4908b8c8283f0e0c27daf6479cf123024387674585ac24fe74f6d228d
                                                                • Instruction ID: bbf44c0f32c64eb9a319b6fa32edcd471b10676542714ead802b0720d1944c80
                                                                • Opcode Fuzzy Hash: 514ed9f4908b8c8283f0e0c27daf6479cf123024387674585ac24fe74f6d228d
                                                                • Instruction Fuzzy Hash: D1418C31F09F4389EA548B23A9402BD63A0EF25BB4F1852B4D96E267B5DF2CE0448308
                                                                Function 00007FFE13304D38 Relevance: 12.1, APIs: 8, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID:
                                                                • API String ID: 3617616757-0
                                                                • Opcode ID: 068abb66bbfb9b3a2a685b208f6aebfac36357060354af221ed5b1c6e4112d13
                                                                • Instruction ID: b4b1286f97a3c2aeae90510dc3aa665e9f1bd48d7682c45f56367a81f832ab03
                                                                • Opcode Fuzzy Hash: 068abb66bbfb9b3a2a685b208f6aebfac36357060354af221ed5b1c6e4112d13
                                                                • Instruction Fuzzy Hash: 4831F972E09E4289FF598F76885437C23A8AB75B38F1541B4CA3E650B6CF2DA6458708
                                                                Function 00007FFE1A4557C0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileHeader_local_unwind
                                                                • String ID: MOC$RCC$csm$csm
                                                                • API String ID: 2627209546-1441736206
                                                                • Opcode ID: 48d146a85fba6cc68383d4a357e19a92ddcb549a58e0a70336f33e234ca841ed
                                                                • Instruction ID: af3261410b8b57851e1c5ea53baac3f38bf4cde2f13c01307c8b3dcb3715ac65
                                                                • Opcode Fuzzy Hash: 48d146a85fba6cc68383d4a357e19a92ddcb549a58e0a70336f33e234ca841ed
                                                                • Instruction Fuzzy Hash: ED5163B2B09E1286EB60AB26904137D66A0FF44FB4F1410F3DA4D977A5DF3CE465C642
                                                                Function 00007FFE1A45E520 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: {for
                                                                • API String ID: 2943138195-864106941
                                                                • Opcode ID: 416ecf82abdc7693f83b664dab0e642ebc660969777f9551cf3e7d4c265d34da
                                                                • Instruction ID: 97ed77b46a60022236015673ed4870fce22d5ef1c1a3cbaa0c846a6da1d03f47
                                                                • Opcode Fuzzy Hash: 416ecf82abdc7693f83b664dab0e642ebc660969777f9551cf3e7d4c265d34da
                                                                • Instruction Fuzzy Hash: 2A514AB2B08A85A9E711EF26D4413F867A1EB44B98F8084F2EA5C47BA5DF7CD564C340
                                                                Function 00007FFE13302050 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Object_$Dealloc$AttrInstanceLookup
                                                                • String ID: wrong type
                                                                • API String ID: 1828014136-2191655096
                                                                • Opcode ID: 48019a5db2fa545bbb614ff61a29e7f0ff849fa01fd9e197cdd365b54569e53e
                                                                • Instruction ID: 2d28c106b54cd63f23ed4b08460839d1c37933373f2fab76b4c6d633f29ff0ae
                                                                • Opcode Fuzzy Hash: 48019a5db2fa545bbb614ff61a29e7f0ff849fa01fd9e197cdd365b54569e53e
                                                                • Instruction Fuzzy Hash: 63515D21B09F0289FE559B13DA5017D63A4AFA4BB0F1845B1D96EA77B2EF2CE441C348
                                                                Function 00007FFE1330BE84 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID: wrong type
                                                                • API String ID: 3617616757-2191655096
                                                                • Opcode ID: bdb23b902ebc4893c2a5809fa917940e2479e1e06ed5718a6fa12672c04d635d
                                                                • Instruction ID: d94ccf195dc7443e7e1a3f094ea0a8a849b71e2879d78c34eb07d645f22215b3
                                                                • Opcode Fuzzy Hash: bdb23b902ebc4893c2a5809fa917940e2479e1e06ed5718a6fa12672c04d635d
                                                                • Instruction Fuzzy Hash: 03512C21B19E4288FE589F53E95017D63A0AFA4BF0F4846B1DA2E677B5DF2CE441C708
                                                                Function 00007FFE13259CC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Bytes_FromSizeStringmemmove
                                                                • String ID: Unable to allocate output buffer.
                                                                • API String ID: 3327154725-2565006440
                                                                • Opcode ID: 9c30319a8999428dde325e815d48d283bad5c3e6560c2351fca3ed9412fd7cc3
                                                                • Instruction ID: d0b71c84646209c6cb8f335b5105d53de9307fdfe67e73c47ede88731da765cb
                                                                • Opcode Fuzzy Hash: 9c30319a8999428dde325e815d48d283bad5c3e6560c2351fca3ed9412fd7cc3
                                                                • Instruction Fuzzy Hash: 89413CB2B09E4289EB15AF17D4402A923A0FBA9FA4F544672DE0D67365EF3CD695C300
                                                                Function 00007FFE1A45DB00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: NameName::atol
                                                                • String ID: `template-parameter$void
                                                                • API String ID: 2130343216-4057429177
                                                                • Opcode ID: 7b7e14213947c3780e213c190a7c5fdcdd2a49ff05635447eaaef3bd9456bf2e
                                                                • Instruction ID: d799e140f4e2e25e6ee784e37a1a86591171988aadf1b5130a3f4c64bf3e4f20
                                                                • Opcode Fuzzy Hash: 7b7e14213947c3780e213c190a7c5fdcdd2a49ff05635447eaaef3bd9456bf2e
                                                                • Instruction Fuzzy Hash: EA417B62F08F4688FB00DB66D8512FC2371BF48BA8F5401B6DE5C67A68DF789465C340
                                                                Function 00007FFE1A458900 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+Replicator::operator[]
                                                                • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                • API String ID: 1405650943-2211150622
                                                                • Opcode ID: 463b429a368d480f938697e6d099cec3f907049628b5d1349ecbd199c78a6655
                                                                • Instruction ID: 4b7c24c9c4c32a3e6b0cc09325b764d7474eed1009fb21bd1135b9d4b64c048f
                                                                • Opcode Fuzzy Hash: 463b429a368d480f938697e6d099cec3f907049628b5d1349ecbd199c78a6655
                                                                • Instruction Fuzzy Hash: 114146A2F08F8699F7129B26D8402B877B0BB08B58F4445F6CA5C533A4DF7CA5A1D341
                                                                Function 00007FFE1A45A6E4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 80COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: char $int $long $short $unsigned
                                                                • API String ID: 2943138195-3894466517
                                                                • Opcode ID: 01c330b6d3460536b725c75710ede4031362a47bdaf6c5878ce89829e4b6ba2f
                                                                • Instruction ID: 2e23e24836c591e60cb760a3ae457d19dbb094d1e5b238fa4d6f5533e3d4cc64
                                                                • Opcode Fuzzy Hash: 01c330b6d3460536b725c75710ede4031362a47bdaf6c5878ce89829e4b6ba2f
                                                                • Instruction Fuzzy Hash: 88313AB2F18B4589F7019B2AC8583B827B1BB05B68F5481F2CA1C16AB8DF3CD564C750
                                                                Function 00007FFE130C1090 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983683177.00007FFE130C1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                • Associated: 00000001.00000002.2983665437.00007FFE130C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983719451.00007FFE130C5000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocModule_State
                                                                • String ID:
                                                                • API String ID: 1903735390-0
                                                                • Opcode ID: a7a767094c4d1de27d1ae5cfedc4f2a8987a46609b88e723d83c121dba346a55
                                                                • Instruction ID: c5c7d4f3a5147a7474569e3d5601aa67c7e3ee9c19d7022071730b64ea7bfeb0
                                                                • Opcode Fuzzy Hash: a7a767094c4d1de27d1ae5cfedc4f2a8987a46609b88e723d83c121dba346a55
                                                                • Instruction Fuzzy Hash: A8210A31D09E428CEF698F77985837823EAAF75B69FA440F0CA0E651A0CF6EA5448340
                                                                Function 00007FFE1330D8F8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_FormatNumber_OccurredSsize_tTupleUnpack
                                                                • String ID: byref$byref() argument must be a ctypes instance, not '%s'
                                                                • API String ID: 169608245-1446499295
                                                                • Opcode ID: 1c7a6bb527df66017d67d4d6c8e7051229e04b236d9d6aec440ba77389511a69
                                                                • Instruction ID: 297abcddb39d00ec55aae81602bb36d8784164352ab99f31eb59d957fe5a4618
                                                                • Opcode Fuzzy Hash: 1c7a6bb527df66017d67d4d6c8e7051229e04b236d9d6aec440ba77389511a69
                                                                • Instruction Fuzzy Hash: 3F212C25708F02CAEB108B52E45427DA3A0FBA8BB4F140675DABD573A5DF7DD544C344
                                                                Function 00007FFE1330B96C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyDict_GetItemWithError.PYTHON311(?,?,00000001,00007FFE133077AC), ref: 00007FFE1330B9AD
                                                                • PyErr_Occurred.PYTHON311(?,?,00000001,00007FFE133077AC), ref: 00007FFE1330B9BC
                                                                • PyErr_Format.PYTHON311(?,?,00000001,00007FFE133077AC), ref: 00007FFE1330B9ED
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Dict_ErrorFormatItemOccurredWith
                                                                • String ID: not enough arguments$required argument '%S' missing
                                                                • API String ID: 62204369-3448764933
                                                                • Opcode ID: 28da8afa7e9ef03481714140949b522f70dd2a78d8c2b5e7d138b51459312286
                                                                • Instruction ID: 8a79cd0251addf8000997ac1fb10cbf8ecb765523c604da1fdd2a57542ce476a
                                                                • Opcode Fuzzy Hash: 28da8afa7e9ef03481714140949b522f70dd2a78d8c2b5e7d138b51459312286
                                                                • Instruction Fuzzy Hash: 13114C61B19E82C9EE598F17E58413CA370EF64BE0F1494B1DA6E66779DF2CE841C308
                                                                Function 00007FFE1330EB34 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CharErr_FormatUnicode_Wide
                                                                • String ID: string too long (%zd, maximum length %zd)$unicode string expected instead of %s instance
                                                                • API String ID: 2195588020-2061977717
                                                                • Opcode ID: 3df54ba06c241b92dbf221aa78cdec5a2b91a3063c00f8d20a6361d5b8dc2ae5
                                                                • Instruction ID: 7d894be9cf6ccf22af00a023c41a163ff2e42ce1a49609a0f41420c5e5808808
                                                                • Opcode Fuzzy Hash: 3df54ba06c241b92dbf221aa78cdec5a2b91a3063c00f8d20a6361d5b8dc2ae5
                                                                • Instruction Fuzzy Hash: 5D118F20B0DF46C9EA808B17E984169A361BFA8FF4F145672DE7E63BB5CE2CD4458704
                                                                Function 00007FFE13206B98 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditFreeMem_ParseSizeSys_Tuple_
                                                                • String ID: et:gethostbyname$idna$socket.gethostbyname
                                                                • API String ID: 3195760359-1353326193
                                                                • Opcode ID: 558c1271e238177000cd76bc81e05b3b59b431a06bc453976089f167e60497e9
                                                                • Instruction ID: eafbec54fb4d2667096b736a86c48792811df1cda97e42fe234a45a13c3fee5e
                                                                • Opcode Fuzzy Hash: 558c1271e238177000cd76bc81e05b3b59b431a06bc453976089f167e60497e9
                                                                • Instruction Fuzzy Hash: 8B115461708F4299EA20BB23E85006E6760FFE8BF4F404171DA4E6B675DE3CE148CB00
                                                                Function 00007FFE132078B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                • String ID: expected int, %s found
                                                                • API String ID: 3347179618-1178442907
                                                                • Opcode ID: a3453a56261eb3c186c7b8bdd434c21c6932fca0058d9441addc655e6fad4964
                                                                • Instruction ID: a0648358acca7a232b4bdaac0b051ebac568ce864be5d081d7f583f0c0ae554d
                                                                • Opcode Fuzzy Hash: a3453a56261eb3c186c7b8bdd434c21c6932fca0058d9441addc655e6fad4964
                                                                • Instruction Fuzzy Hash: 23F0CD60E08F42CAEA54BB66A88417E27A0BFE9B65F140575D54E636B0DF7CE48CE300
                                                                Function 00007FFE13207238 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                • String ID: expected int, %s found
                                                                • API String ID: 3347179618-1178442907
                                                                • Opcode ID: 893823f66e6f6138382749383a10c6f8a354538b557eed5e75274922f4b27436
                                                                • Instruction ID: 88f6010061a2a9a8d4a49b142cf7890bfe2edf1a5d1604508544db5302d6dcc7
                                                                • Opcode Fuzzy Hash: 893823f66e6f6138382749383a10c6f8a354538b557eed5e75274922f4b27436
                                                                • Instruction Fuzzy Hash: D4F03160A08F428EEA54BB66E84417E27A0BFE9B61F1405B5D54E637B0DE7CE48CD300
                                                                Function 00007FFE1325C748 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth, xrefs: 00007FFE1325C768
                                                                • *** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac, xrefs: 00007FFE1325C78A
                                                                • 1.0.8, 13-Jul-2019, xrefs: 00007FFE1325C75B
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func$__stdio_common_vfprintfexit
                                                                • String ID: bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth$*** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac$1.0.8, 13-Jul-2019
                                                                • API String ID: 77255540-989448446
                                                                • Opcode ID: 39f94f7b81e53d96969a5455d7e6e9458db4137e20d4da26f7d9a91deb3b3694
                                                                • Instruction ID: a3dd0c0f8c24537363ac1e6fe736588bc7af99907da855cec0665bfb08d821fc
                                                                • Opcode Fuzzy Hash: 39f94f7b81e53d96969a5455d7e6e9458db4137e20d4da26f7d9a91deb3b3694
                                                                • Instruction Fuzzy Hash: 26E030D4A18D1659FB187BA2D4552F41255AFE4770F004779C50D276B1FD2C2745C342
                                                                Function 00007FFE13252CF8 Relevance: 9.1, APIs: 6, Instructions: 116threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocEval_Thread$Bytes_FromList_RestoreSaveSizeString
                                                                • String ID:
                                                                • API String ID: 722544280-0
                                                                • Opcode ID: ea514226ac897717a144e055f78113507add513ccc51a98260a4e0d553d29f9f
                                                                • Instruction ID: ef530663ff4ea3231b313dc094c590cf4657af391de522965b5f07a3d440b5e7
                                                                • Opcode Fuzzy Hash: ea514226ac897717a144e055f78113507add513ccc51a98260a4e0d553d29f9f
                                                                • Instruction Fuzzy Hash: 754189B2A09F428AEA646B2795441B923A0BBA9B70F140375DE5D637E0FF3CF651C740
                                                                Function 00007FFE1A456570 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                • String ID:
                                                                • API String ID: 3741236498-0
                                                                • Opcode ID: de3a4ec1d6e9946eef6b348e6d8a6ead344041b39e9dfd9c2ce66c677152b10d
                                                                • Instruction ID: 46bfee7169a7b774ce68bc71c4467136af0c612f772fbebac381b7c865fffa3f
                                                                • Opcode Fuzzy Hash: de3a4ec1d6e9946eef6b348e6d8a6ead344041b39e9dfd9c2ce66c677152b10d
                                                                • Instruction Fuzzy Hash: 1031B261B19B9591EB119B27B804579A3A4FF08FF4B5946B6DD2D433A0EE3DD462C300
                                                                Function 00007FFE1330C050 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_$CallErr_FormatFromItemLong_MakeObject_Unicode_Voidstrchr
                                                                • String ID:
                                                                • API String ID: 4054517332-0
                                                                • Opcode ID: 183dbe4e66a78b5f82bf9fcbdc5b815f8fe5dd19242b5949e3bcf8ed559180f2
                                                                • Instruction ID: 6e6983152fe162f7edae19bed832d06dfb7179501c9e172507c11c4f0ee885fe
                                                                • Opcode Fuzzy Hash: 183dbe4e66a78b5f82bf9fcbdc5b815f8fe5dd19242b5949e3bcf8ed559180f2
                                                                • Instruction Fuzzy Hash: 04312C21B09F0289EE589B67E95013DA2A1BF65FA4F0845B0DE2D6B7B5DF3CE4418308
                                                                Function 00007FFE132064F0 Relevance: 9.0, APIs: 6, Instructions: 33threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_LongThread$Err_ErrorLastLong_OccurredRestoreSaveclosesocket
                                                                • String ID:
                                                                • API String ID: 586723380-0
                                                                • Opcode ID: efd93951f5ba0042c1773d41bbcb51adbf44491de160b19c8b4e08a2f928464e
                                                                • Instruction ID: acad2310257a967c174ae27bd1b885af9843a291f474542a7dec11f085b8ed01
                                                                • Opcode Fuzzy Hash: efd93951f5ba0042c1773d41bbcb51adbf44491de160b19c8b4e08a2f928464e
                                                                • Instruction Fuzzy Hash: 3501E650A19E4689EE1477E7A58803E1B51EFF8BB1F5406B0D92E673F4DE7CA48CD210
                                                                Function 00007FFE133037B0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_StringSubtypeType_
                                                                • String ID: has no _stginfo_
                                                                • API String ID: 402260271-2912685656
                                                                • Opcode ID: 9230919844186ca5f41c7b1a63fcb82edb38cf4c596bbf94e99535158fbb2ad0
                                                                • Instruction ID: e70aed5830a43a21a44ab91e04f385ddbaaa7280e5015f980be7ad96df3f1f2d
                                                                • Opcode Fuzzy Hash: 9230919844186ca5f41c7b1a63fcb82edb38cf4c596bbf94e99535158fbb2ad0
                                                                • Instruction Fuzzy Hash: 29B19E72A09F898AEA64CF16E49023E73A4FB64BA4F014475DA6E67764DF3CE454C304
                                                                Function 00007FFE1A453AEC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abort$CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2889003569-2084237596
                                                                • Opcode ID: bc23f9d190e68b0d649da4772cf0aebac2cf99f7a7c8ea39b120ae49b64f19ea
                                                                • Instruction ID: 5c64eea22f5e13ad19ae8b0426fc0bbcd175eecf271101e4558b188fb0d97d02
                                                                • Opcode Fuzzy Hash: bc23f9d190e68b0d649da4772cf0aebac2cf99f7a7c8ea39b120ae49b64f19ea
                                                                • Instruction Fuzzy Hash: CA91B2B3B08B818AE711DB66E4502BD77B0F745B98F1041AAEB4D17765DF38E1A5CB00
                                                                Function 00007FFE1A45BF20 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                • API String ID: 2943138195-757766384
                                                                • Opcode ID: e51d893b916fd38dc1e020bc8963aa6f83aa847b46c3d095f24d6897074767ca
                                                                • Instruction ID: 29c53ade6ae3f4328f2829b6d4b15d187fcb185a19ff92ec2a2bb5f26bb3bcdb
                                                                • Opcode Fuzzy Hash: e51d893b916fd38dc1e020bc8963aa6f83aa847b46c3d095f24d6897074767ca
                                                                • Instruction Fuzzy Hash: 14716AB2F08E4294EB14AF6699400BC67A1BB05FA4F4446F6DA5D83A74DF3CE5B0CB40
                                                                Function 00007FFE1A4538D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abort$CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2889003569-2084237596
                                                                • Opcode ID: 227e5baf7e5e9155f58c31c3fecc157e2e687fbe3eaaf077a93d355b17988fc2
                                                                • Instruction ID: 4eb49792d1089a7686f51271e6a78c53ac0f7dc4092eaef492428ecd1f46ecac
                                                                • Opcode Fuzzy Hash: 227e5baf7e5e9155f58c31c3fecc157e2e687fbe3eaaf077a93d355b17988fc2
                                                                • Instruction Fuzzy Hash: 3C612BB2A08B458AEB109F66D4403BD77A0FB44B98F0442A6EE4D17BA9CF78E565C700
                                                                Function 00007FFE13253A90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: combined CRCs: stored = 0x%08x, computed = 0x%08x$ {0x%08x, 0x%08x}
                                                                • API String ID: 0-2474432645
                                                                • Opcode ID: 69a7ee2d0339cf96717ad35ba872c5bfcdb46555bf6c34d719e37fdf827b1516
                                                                • Instruction ID: da5b46a59abba5ec83b18eddc1a95fe1a5d779dee9d4ff26069906aa5fc887dd
                                                                • Opcode Fuzzy Hash: 69a7ee2d0339cf96717ad35ba872c5bfcdb46555bf6c34d719e37fdf827b1516
                                                                • Instruction Fuzzy Hash: 364154B1A0CD42CEEB20AF2694446F83390EBA4B64F146375D70D676A5EF38AA45CB10
                                                                Function 00007FFE133024A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyMem_Malloc.PYTHON311(?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00007FFE13303784), ref: 00007FFE133024ED
                                                                • PyMem_Free.PYTHON311(?,?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00007FFE13303784), ref: 00007FFE133025DB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Mem_$FreeMalloc
                                                                • String ID: %zd)$%zd,
                                                                • API String ID: 3308143561-2233965340
                                                                • Opcode ID: 97bbcc1d359357e3c252192984d3b0109526b27b564f2bbea6cf16545a3b7b27
                                                                • Instruction ID: 85a815f5b7591ab0f4b6670a2649be0d46e464dd115ab405f476dcba61e431b1
                                                                • Opcode Fuzzy Hash: 97bbcc1d359357e3c252192984d3b0109526b27b564f2bbea6cf16545a3b7b27
                                                                • Instruction Fuzzy Hash: D141B322B09B8589EF158F16A4103BDA7A0FB65BE4F880171DE6DA77A1DF3CE445C318
                                                                Function 00007FFE1330A3C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$FormatInstanceObject_String
                                                                • String ID: Pointer does not support item deletion$expected %s instead of %s
                                                                • API String ID: 341772743-2046472288
                                                                • Opcode ID: 56d4fabad618d8a5c8e6f1fde8dcb41e7996936431b442245916351dcbdf5c73
                                                                • Instruction ID: 47abd7299ad805528777a5884072f69e0f3386aafe52104caf32f375d84ae755
                                                                • Opcode Fuzzy Hash: 56d4fabad618d8a5c8e6f1fde8dcb41e7996936431b442245916351dcbdf5c73
                                                                • Instruction Fuzzy Hash: C5212F65A08E42C9FA449B67E8401BD6360FF65BB4F1446B2DE2DA73B6DE3CD4868304
                                                                Function 00007FFE1330DB58 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Arg_FromLongLong_ParseTuple
                                                                • String ID: OO:CopyComPointer
                                                                • API String ID: 1908940310-822416302
                                                                • Opcode ID: a50de67720cd425b58803957e1784c7b340943145018a53cdb6de08dc5e3c1c0
                                                                • Instruction ID: a8e3023e3e39d7956c23584ca757278953e7785a0e783f7b6c631099458e8b57
                                                                • Opcode Fuzzy Hash: a50de67720cd425b58803957e1784c7b340943145018a53cdb6de08dc5e3c1c0
                                                                • Instruction Fuzzy Hash: FF213036B08E4289EB558F7698441BC63B1BB64BB8F084675DA2D676A5CE3CE0458308
                                                                Function 00007FFE133057CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dict_Err_NextString
                                                                • String ID: args not a tuple?$too many initializers
                                                                • API String ID: 1977209248-2791065560
                                                                • Opcode ID: f4fd08385035d02860af40dbb96f0e851c8c10ea306c559d0ae5fa500cb6d0af
                                                                • Instruction ID: c2181fe455845b03f2ce6df355ed2c7ed345d7a5e31f6708746841be87694879
                                                                • Opcode Fuzzy Hash: f4fd08385035d02860af40dbb96f0e851c8c10ea306c559d0ae5fa500cb6d0af
                                                                • Instruction Fuzzy Hash: 3E216061A08F41C5E6508B26E44037EA360FB64BF4F1456B2E97D626F5CF6CD485CB04
                                                                Function 00007FFE13252354 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_$CheckErr_KeywordsLong_OccurredPositional
                                                                • String ID: BZ2Compressor
                                                                • API String ID: 1699739194-1096114097
                                                                • Opcode ID: 428fb968040cf0367ecb5975a9571f17589fde077a9351a0a9a78da93643c136
                                                                • Instruction ID: c3a25468668f038ffccb3717a2e1c631e101818d17bbe8a48d15bcca10091453
                                                                • Opcode Fuzzy Hash: 428fb968040cf0367ecb5975a9571f17589fde077a9351a0a9a78da93643c136
                                                                • Instruction Fuzzy Hash: B81157B1B0CF429AEA107B1394401B96250EFF5BA0F544271E55DA76F5EF2CE685C640
                                                                Function 00007FFE1330E008 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                                                • String ID: ctypes.set_errno
                                                                • API String ID: 928689845-1564666054
                                                                • Opcode ID: 59a8a5489d63178a80b732e192b127fc94092e90c4c175c04c3ca01ed042f338
                                                                • Instruction ID: 0bad0ba39468f1b434599743e5ca40f36dce97c60b43df41b7eb988d2f4eb284
                                                                • Opcode Fuzzy Hash: 59a8a5489d63178a80b732e192b127fc94092e90c4c175c04c3ca01ed042f338
                                                                • Instruction Fuzzy Hash: A711E9A1F18E42CAEF544B63E84407D63A0EF687A0F485071DE3D56371DE2CE589C718
                                                                Function 00007FFE1330E0B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                                                • String ID: ctypes.set_last_error
                                                                • API String ID: 928689845-913187751
                                                                • Opcode ID: f23f19bccc13864e0ba767f98ec326220a154fbbf3424597505e894eb8dd0003
                                                                • Instruction ID: 553701f721bcf15de9ced731ec928aebd92e0edfb4ff2bb4c9e4bef2748858a1
                                                                • Opcode Fuzzy Hash: f23f19bccc13864e0ba767f98ec326220a154fbbf3424597505e894eb8dd0003
                                                                • Instruction Fuzzy Hash: B811E9A1F18E02CAFF544B63E8840BD6360DF697A0F085071DE2D56371DE2CE589C714
                                                                Function 00007FFE1330B8B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_FormatSubtypeType_Unicode_strchr
                                                                • String ID: 'out' parameter %d must be a pointer type, not %s$PzZ
                                                                • API String ID: 3500358371-2360062653
                                                                • Opcode ID: fceb702919c06022e64addd7c9aaba2d34447d85d2b2cb0159e7ba4236f850e0
                                                                • Instruction ID: 72a245404170f5e0abeec0d673e6aae872e867dc389692f392f006190f99f02d
                                                                • Opcode Fuzzy Hash: fceb702919c06022e64addd7c9aaba2d34447d85d2b2cb0159e7ba4236f850e0
                                                                • Instruction Fuzzy Hash: A4112E21B08E4388EB449F17D44027D6360EFA5FA8F4450B2DDAD67275DF2CE845C308
                                                                Function 00007FFE1330C174 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_FormatSubtypeType_Unicode_strchr
                                                                • String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
                                                                • API String ID: 3500358371-1038790478
                                                                • Opcode ID: 00c494f3386268376c83a7897981a44eeb5e2169e225d7a55c5354403a66d736
                                                                • Instruction ID: 93ab4f353f731806750853fc58ea5c9d2c6e132036f87ccf5ebaba044bebfbda
                                                                • Opcode Fuzzy Hash: 00c494f3386268376c83a7897981a44eeb5e2169e225d7a55c5354403a66d736
                                                                • Instruction Fuzzy Hash: 2B110D61B08F4288FE589B57D85427D2360AFB5BA4F4840B5CD2DAB671DF2CE845C308
                                                                Function 00007FFE132523CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_StringThread_allocate_lockThread_free_lockmemset
                                                                • String ID: Unable to allocate lock$compresslevel must be between 1 and 9
                                                                • API String ID: 681419693-2500606449
                                                                • Opcode ID: 60b2f2588c32191dab62882afd88846cf50051bc512abb92ff4babc415602f46
                                                                • Instruction ID: e05c894386cb1268a22ac05e3d76a199a6c07cd44817d3eeff2b0f1821cde9cc
                                                                • Opcode Fuzzy Hash: 60b2f2588c32191dab62882afd88846cf50051bc512abb92ff4babc415602f46
                                                                • Instruction Fuzzy Hash: 141133B1A18E0299EB00AB26E4803FC23A4FFE4B65F5042B5D50D962B5FF3CD685C790
                                                                Function 00007FFE13205D1C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Buffer_ErrorLastRelease$Arg_CheckErr_FromLong_ParseSignalsSizeSsize_tTuple_
                                                                • String ID: y*|i:send
                                                                • API String ID: 3302300731-3140140677
                                                                • Opcode ID: 65f0f47cc3e35a20b7a47ff68169340699073e0cd887fd1f95b4273f027bc594
                                                                • Instruction ID: acfdb8c8906eab61d4a76555816e61df900aa9839d3c3d7895476f5f3321a980
                                                                • Opcode Fuzzy Hash: 65f0f47cc3e35a20b7a47ff68169340699073e0cd887fd1f95b4273f027bc594
                                                                • Instruction Fuzzy Hash: 22113672608F46CAEB10AF62E8443AE77A0FB98794F500176DA8C93764DF7DD448CB40
                                                                Function 00007FFE13304F94 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_GetAttrString.PYTHON311(?,?,?,00007FFE13304F7C), ref: 00007FFE13304FA8
                                                                • PyDict_New.PYTHON311(?,?,?,00007FFE13304F7C), ref: 00007FFE13304FBC
                                                                • PyErr_NewException.PYTHON311(?,?,?,00007FFE13304F7C), ref: 00007FFE13304FDA
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330504E
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305065
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330507D
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133050A0
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133050C6
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133050EC
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305112
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305138
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE1330515E
                                                                  • Part of subcall function 00007FFE13305028: PyType_Ready.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305181
                                                                  • Part of subcall function 00007FFE13305028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133051A7
                                                                  • Part of subcall function 00007FFE13305028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133051CD
                                                                  • Part of subcall function 00007FFE13305028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE133051F3
                                                                  • Part of subcall function 00007FFE13305028: PyModule_AddType.PYTHON311(?,?,00000000,00007FFE13304FF4,?,?,?,00007FFE13304F7C), ref: 00007FFE13305219
                                                                  • Part of subcall function 00007FFE13305304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330532F
                                                                  • Part of subcall function 00007FFE13305304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305366
                                                                  • Part of subcall function 00007FFE13305304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330538B
                                                                  • Part of subcall function 00007FFE13305304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133053AA
                                                                  • Part of subcall function 00007FFE13305304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133053CC
                                                                  • Part of subcall function 00007FFE13305304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE133053EB
                                                                  • Part of subcall function 00007FFE13305304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330540D
                                                                  • Part of subcall function 00007FFE13305304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE1330542C
                                                                  • Part of subcall function 00007FFE13305304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305451
                                                                  • Part of subcall function 00007FFE13305304: PyModule_AddObjectRef.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305470
                                                                  • Part of subcall function 00007FFE13305304: PyLong_FromLong.PYTHON311(?,?,00000000,00007FFE1330500E,?,?,?,00007FFE13304F7C), ref: 00007FFE13305495
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Module_ReadyType_$Object$FromLongLong_$Type$AttrDict_Err_ExceptionObject_String
                                                                • String ID: _unpickle$ctypes.ArgumentError
                                                                • API String ID: 4217053054-165408235
                                                                • Opcode ID: 32827969c832a808a66d5017e69f26ea533dafa79bf6c295bc1895e8a6d04efa
                                                                • Instruction ID: 7eaa80491fb7b417d1fd7c75e2a0ad19a901a4c951569a391692f6279624f78e
                                                                • Opcode Fuzzy Hash: 32827969c832a808a66d5017e69f26ea533dafa79bf6c295bc1895e8a6d04efa
                                                                • Instruction Fuzzy Hash: 3F012924B1DF03CAFA419B6BAA901396294BF687B0F4445B4D96C653B6EF3CE055C248
                                                                Function 00007FFE13305820 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Dict_Err_ItemUnraisableWrite
                                                                • String ID: on calling _ctypes.DictRemover
                                                                • API String ID: 2766432985-2232269487
                                                                • Opcode ID: 256ea331e05c61a4a808f1e36cd886345c9bade03a7633d5d0aea444e30aedf2
                                                                • Instruction ID: 438fdb558c23933d6390f3ce56a3165f77d6072a7e0a873ee55eb763e4ff5b48
                                                                • Opcode Fuzzy Hash: 256ea331e05c61a4a808f1e36cd886345c9bade03a7633d5d0aea444e30aedf2
                                                                • Instruction Fuzzy Hash: 5C011B61F0AE0AC9FE598B26989833D6360EF74B65F1805B0CD2E251F0CF2CD4518344
                                                                Function 00007FFE1330B368 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FormatFromUnicode_$Dealloc
                                                                • String ID: %s(%R)$<%s object at %p>
                                                                • API String ID: 1714529502-296555854
                                                                • Opcode ID: 7e64ef3b32a657b11c2f44244a8f51ce1e0c9cec8aec46fab4d60a3fe1e5b4e0
                                                                • Instruction ID: 11b1e626b4afb5b060e27d5598a9eb817fa255984962545c6681cc8ee4e9fb24
                                                                • Opcode Fuzzy Hash: 7e64ef3b32a657b11c2f44244a8f51ce1e0c9cec8aec46fab4d60a3fe1e5b4e0
                                                                • Instruction Fuzzy Hash: 8B011E61A09E42C9DE049F27D88016DA360FF68FE4B1451B2CE2D673B5DE7CD895C304
                                                                Function 00007FFE1330C938 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_File_ObjectPrintS_vsnprintfStringSys_Write
                                                                • String ID: stderr
                                                                • API String ID: 1103062482-1769798200
                                                                • Opcode ID: 9a0837009893c9ce3f6b921fad968050c61bacc10e62fde9b4fb5cee5af4f5c7
                                                                • Instruction ID: e5dced5fcd548be4f593450a33104139378b02fd1c4645dfea3e90a298066380
                                                                • Opcode Fuzzy Hash: 9a0837009893c9ce3f6b921fad968050c61bacc10e62fde9b4fb5cee5af4f5c7
                                                                • Instruction Fuzzy Hash: 23012162A18F81D5FA208B12F4993A9B360FBA8B50F440076D99D17375DF3CE554CB48
                                                                Function 00007FFE1330F4E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_Format$memcpy
                                                                • String ID: bytes too long (%zd, maximum length %zd)$expected bytes, %s found
                                                                • API String ID: 437140070-1985973764
                                                                • Opcode ID: d9cd41fcd4a9d7115470baacfbcd2da228f5ee59300fb10d52ed7cf167236025
                                                                • Instruction ID: 0f6dfa96e4d24c1403cce99bc0bb72b258135c0a711c0d4f4f54b9ef37c12310
                                                                • Opcode Fuzzy Hash: d9cd41fcd4a9d7115470baacfbcd2da228f5ee59300fb10d52ed7cf167236025
                                                                • Instruction Fuzzy Hash: 8901E1A1E08E46CDEA509B97D4802B86360BB65B74F6052B2D53D672B5CE2CE4598308
                                                                Function 00007FFE130C1120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983683177.00007FFE130C1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                • Associated: 00000001.00000002.2983665437.00007FFE130C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983719451.00007FFE130C5000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Module_$FromInternObjectStateStringUnicode_
                                                                • String ID: close$error
                                                                • API String ID: 4029360594-371397155
                                                                • Opcode ID: d1d56f56bfa3555b9ef12796d8bede51d7c66017a5d4b22be61f28461ee977ed
                                                                • Instruction ID: 56f27c8f8f3edc93603da42c9ab807af5cac6d64684d4ffb6717e49b79c089ef
                                                                • Opcode Fuzzy Hash: d1d56f56bfa3555b9ef12796d8bede51d7c66017a5d4b22be61f28461ee977ed
                                                                • Instruction Fuzzy Hash: 01F03031A29E4799EE048B6AF4540A923E1FF19BA4B8441F5DD1D563B0DF3CD1588300
                                                                Function 00007FFE1330D770 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AuditErr_StringSubtypeSys_Type_
                                                                • String ID: (O)$ctypes.addressof$invalid type
                                                                • API String ID: 288810468-3457326693
                                                                • Opcode ID: 1ed79e3af6a29a22ef0b12f793c3d6b77dfb8862b8c0b7dc43e2b4ad75ba5f26
                                                                • Instruction ID: cb8e89c5e2a9cb4de224f05e36033eec6effe10817ae21ab5eb6a5c536110048
                                                                • Opcode Fuzzy Hash: 1ed79e3af6a29a22ef0b12f793c3d6b77dfb8862b8c0b7dc43e2b4ad75ba5f26
                                                                • Instruction Fuzzy Hash: 09F01251B08D07C5FF459B67E89507963A0BFA4BB8F0454B1C93DA6172EE2CE1D59308
                                                                Function 00007FFE13201000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Capsule_Pointer
                                                                • String ID: _socket.CAPI
                                                                • API String ID: 2597503022-3774308389
                                                                • Opcode ID: 2ec5b829a4a7df79f3a2774a172ac27ce3b012500a101fcb8e3879bc7c06c298
                                                                • Instruction ID: 87aedd18cfbe895835e6baa82de868140caf429716072e48cbeb45f4427c5ebb
                                                                • Opcode Fuzzy Hash: 2ec5b829a4a7df79f3a2774a172ac27ce3b012500a101fcb8e3879bc7c06c298
                                                                • Instruction Fuzzy Hash: B2F0B735D48D42CEE7596B6BD99803D2761ABE4B64B2840B0CA5E26270CE7DB85DC310
                                                                Function 00007FFE1330D264 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditParseSys_Tuple
                                                                • String ID: (O)$O&:PyObj_FromPtr$ctypes.PyObj_FromPtr
                                                                • API String ID: 3491098224-1450318991
                                                                • Opcode ID: 2bb121435f85e257f9b1056af5b6aad70d99910b320661e3d929a3a09f6eb257
                                                                • Instruction ID: 0eb9ae3ba5965d63ecf89db3d066214b29068407bf1f858a28f244179c8d4aa9
                                                                • Opcode Fuzzy Hash: 2bb121435f85e257f9b1056af5b6aad70d99910b320661e3d929a3a09f6eb257
                                                                • Instruction Fuzzy Hash: 50F08561B0CE87C9EA049B13E8800AD63B0FB60BB8F8000B2D62D63275DE6CE546D348
                                                                Function 00007FFE13204088 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                • String ID: (is)$host not found
                                                                • API String ID: 3413694139-3306034047
                                                                • Opcode ID: 6a53d895d2facd3bd2467535f0768359fb6939f11af5027f1c80c0e72059fe2d
                                                                • Instruction ID: 922b3e1fdf7fc4d23d2f44479dd62e9055f9ce41b3949268590139691d856a66
                                                                • Opcode Fuzzy Hash: 6a53d895d2facd3bd2467535f0768359fb6939f11af5027f1c80c0e72059fe2d
                                                                • Instruction Fuzzy Hash: 60E0ED60E19E0389EF19AB73A84507A27A1AFE8770B0444B5C80E6B270EE3CE54DC300
                                                                Function 00007FFE1320403C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                • String ID: (is)$getaddrinfo failed
                                                                • API String ID: 3413694139-582941868
                                                                • Opcode ID: 9cf4b89af8fc84022e11251e8872f527d159937c4b888d4879492c9bab817e05
                                                                • Instruction ID: f0dcc70a18234714227188bf8e72573c5cd3731ba483d294aa96515b99e24c6f
                                                                • Opcode Fuzzy Hash: 9cf4b89af8fc84022e11251e8872f527d159937c4b888d4879492c9bab817e05
                                                                • Instruction Fuzzy Hash: A3E0ED60E19F0389EF197BB3A84407927916FF8B70B4440B5C80E6A271DE3CE48DC301
                                                                Function 00007FFE1A45A340 Relevance: 7.6, APIs: 5, Instructions: 93COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: NameName::$Name::operator+
                                                                • String ID:
                                                                • API String ID: 826178784-0
                                                                • Opcode ID: bce8ca39c1d4cdf7971423a01a1e8e868c385637c9e3d3eec5322708e8c4e6dd
                                                                • Instruction ID: b029dc21146869ec79ed8f9616f236c7ab6478d00e32a27ae3c843548e7260f5
                                                                • Opcode Fuzzy Hash: bce8ca39c1d4cdf7971423a01a1e8e868c385637c9e3d3eec5322708e8c4e6dd
                                                                • Instruction Fuzzy Hash: 1A415AA2B08F9694EB10EB62D8940B82774BB15FA8F6444F3DA5D533A5DF38E465C300
                                                                Function 00007FFE13303F0C Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_Item
                                                                • String ID:
                                                                • API String ID: 1953171116-0
                                                                • Opcode ID: 3e79e8a0ec8c6a2242c0b13afb3047cb975f84468eaa628f38e07b0f45846962
                                                                • Instruction ID: 2769eaea4a5e3d2cbcf8e29b43c84fe386429c2b3145075519d102dbac1c5abe
                                                                • Opcode Fuzzy Hash: 3e79e8a0ec8c6a2242c0b13afb3047cb975f84468eaa628f38e07b0f45846962
                                                                • Instruction Fuzzy Hash: 77213361E0DE42C9EE548B27A95413DA6B0AF65BF0B1846B0DA2E677B5DF2CE4418308
                                                                Function 00007FFE130C2724 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983683177.00007FFE130C1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE130C0000, based on PE: true
                                                                • Associated: 00000001.00000002.2983665437.00007FFE130C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983700891.00007FFE130C3000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983719451.00007FFE130C5000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983737529.00007FFE130C6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe130c0000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: List_$DeallocItem
                                                                • String ID:
                                                                • API String ID: 1559017468-0
                                                                • Opcode ID: ca1c250aef14b2cb80a943dd37ef050920af6dc516bc50837cea6f6d33c8ee49
                                                                • Instruction ID: 013ea0315c5ff0a0e3fcedd47edaf32f74724485b0bfea0b9926e54ed8ffcafe
                                                                • Opcode Fuzzy Hash: ca1c250aef14b2cb80a943dd37ef050920af6dc516bc50837cea6f6d33c8ee49
                                                                • Instruction Fuzzy Hash: 83218B32A18F028AEA108F17A5442AA73F6FB28BA0F9445F5CB4D53B60DF3DE1568340
                                                                Function 00007FFE13301DD8 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dict_$DeallocObject_$AttrCallContainsErr_ErrorItemMakeOccurredUpdateWith
                                                                • String ID:
                                                                • API String ID: 3953964043-0
                                                                • Opcode ID: 83de81b2cdb9a0b5f02c82c61faec42d8a7f4e94c71193b3e965a821689d7666
                                                                • Instruction ID: e4f1e8ab8719c844a7eb32259bc4cd9069502bd2f6471fefd2bc680d19e1741a
                                                                • Opcode Fuzzy Hash: 83de81b2cdb9a0b5f02c82c61faec42d8a7f4e94c71193b3e965a821689d7666
                                                                • Instruction Fuzzy Hash: 9B215A31A09F4289EA448B27A9401BD63A0EF64BB4F4851B5E96D277B5DF3CE485C308
                                                                Function 00007FFE13304C60 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID:
                                                                • API String ID: 3617616757-0
                                                                • Opcode ID: abd2609812ce25a27d1ac097890b043a0477b61f164c4d0ec192c4a938d68858
                                                                • Instruction ID: 5bbbccd729d693dd713ed6bbc7b99d608927d67cb430ff9176f8319e730da629
                                                                • Opcode Fuzzy Hash: abd2609812ce25a27d1ac097890b043a0477b61f164c4d0ec192c4a938d68858
                                                                • Instruction Fuzzy Hash: 65214A71A09E0299FF94CF72980437C22A8EB31B38F1440B4CA6EB91B5CF2D66458718
                                                                Function 00007FFE13259FA8 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Module_$FromModuleSpecTypeType_$State
                                                                • String ID:
                                                                • API String ID: 1138651315-0
                                                                • Opcode ID: 61a4d07700435b38e5979996beba01b9920bec42d73c56830fb738b2919386a3
                                                                • Instruction ID: 4ef4e86e13d485892fad9af9ad8b056baff597ac39f2d0bda86fabe6e8c7a268
                                                                • Opcode Fuzzy Hash: 61a4d07700435b38e5979996beba01b9920bec42d73c56830fb738b2919386a3
                                                                • Instruction Fuzzy Hash: 8B0180A1B2DF4286FB10AF23A55437A63A0AF98FE0B548271CD5D56764EE3CE245C700
                                                                Function 00007FFE132063D0 Relevance: 7.5, APIs: 5, Instructions: 39threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_DuplicateParseRestoreSaveSizeSocketTuple_
                                                                • String ID:
                                                                • API String ID: 3898289384-0
                                                                • Opcode ID: 30e3d47e4dfef95f6ca91981072f17e0fb37058b27de1da86756e3aef9c53be1
                                                                • Instruction ID: 4d63f499fb24528093aa90896dcce042780744bfaf6360377e99bf0d6ab17583
                                                                • Opcode Fuzzy Hash: 30e3d47e4dfef95f6ca91981072f17e0fb37058b27de1da86756e3aef9c53be1
                                                                • Instruction Fuzzy Hash: C2111261A18F8285EA20AB62E4583AE7350FFE8BB0F500571D95D23765DF7CE14DC600
                                                                Function 00007FFE1330DE38 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CallObject_$DeallocDict_Err_ErrorItemOccurredWith
                                                                • String ID:
                                                                • API String ID: 4058657591-0
                                                                • Opcode ID: 1a35c4ab6dce3baf8b5148636fef7374f6697dae909102b08545470e9d818853
                                                                • Instruction ID: 90c169d406e46118a6dc6c0fd1c30c922ec19f740f529cf48df46a05d5f4d042
                                                                • Opcode Fuzzy Hash: 1a35c4ab6dce3baf8b5148636fef7374f6697dae909102b08545470e9d818853
                                                                • Instruction Fuzzy Hash: 46012161B09E02C9EF545B27A94813D92D1AF78FE0B144075D92E17775DE3CF440C304
                                                                Function 00007FFE1320647C Relevance: 7.5, APIs: 5, Instructions: 34threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_Long_OccurredRestoreSaveshutdown
                                                                • String ID:
                                                                • API String ID: 24305128-0
                                                                • Opcode ID: 8ed085b80c573facd8b5490791f9e95c22dfd687bf32148a1c5aff15e421c6a6
                                                                • Instruction ID: 91dc248762e28f274706e37c6de6be12bb95625122c9b0b8f9e68ecaac890292
                                                                • Opcode Fuzzy Hash: 8ed085b80c573facd8b5490791f9e95c22dfd687bf32148a1c5aff15e421c6a6
                                                                • Instruction Fuzzy Hash: 5D01FF25A08F428AEA34ABA3B48403F67A0EFE8BB4B140570DA5E53774CF7CE449D210
                                                                Function 00007FFE1325243C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d$ final combined CRC = 0x%08x
                                                                • API String ID: 711238415-3357347091
                                                                • Opcode ID: 943b634fa9d07ff961db70dbb74d68f24273f83e3e6fcba7a578889a90a7400e
                                                                • Instruction ID: 83064ce48fb4d802104b79ec05dec937da7fdfa180d156d2ba4fa3803bbc870b
                                                                • Opcode Fuzzy Hash: 943b634fa9d07ff961db70dbb74d68f24273f83e3e6fcba7a578889a90a7400e
                                                                • Instruction Fuzzy Hash: 6861D576705B428AE710BF1794092ED3760BBD6BD4F445274DE092B3A6EE3CE646CB00
                                                                Function 00007FFE1A454288 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4569C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4525CE), ref: 00007FFE1A4569CE
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A454407
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abort
                                                                • String ID: $csm$csm
                                                                • API String ID: 4206212132-1512788406
                                                                • Opcode ID: 0334d4e6c50ab9b6f685e521b3ae1a91d89b048a29f68cf2dce9c00bf400fe87
                                                                • Instruction ID: 1f72a46c834549d45eb11ed1d147bc08c03d31bb0ee9ea56f6e0bc8d4b14b8c4
                                                                • Opcode Fuzzy Hash: 0334d4e6c50ab9b6f685e521b3ae1a91d89b048a29f68cf2dce9c00bf400fe87
                                                                • Instruction Fuzzy Hash: 8F71B4B2708A9186D7209F26D44067D7BA1FB05FA8F1481B6DB4D0BAA6CF3CD571C701
                                                                Function 00007FFE1A45F050 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind
                                                                • String ID: csm$f
                                                                • API String ID: 451473138-629598281
                                                                • Opcode ID: 94627d9c7195f9c36ee16ac86650ab8a4e652cd15aa300a0b5f08846187e0d97
                                                                • Instruction ID: 7e831c63e7f39ba5bea0feed3d577344677cbe944ed3091fee3527b0d662808e
                                                                • Opcode Fuzzy Hash: 94627d9c7195f9c36ee16ac86650ab8a4e652cd15aa300a0b5f08846187e0d97
                                                                • Instruction Fuzzy Hash: FF51D1B6F09A0286DB14EB16E444A3937A5FB44FA8F1081F2EA1E43758DF39ED51C701
                                                                Function 00007FFE1A454060 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4569C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4525CE), ref: 00007FFE1A4569CE
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A454157
                                                                • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE1A454167
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                • String ID: csm$csm
                                                                • API String ID: 4108983575-3733052814
                                                                • Opcode ID: d96c539858820a31a9c1340fe1861477bc26c032fcc487563b75466d3052f7d1
                                                                • Instruction ID: 58992b9c435c5bbc932f50acbf3265273fe226f0ae3696863c92f27f8a329ed3
                                                                • Opcode Fuzzy Hash: d96c539858820a31a9c1340fe1861477bc26c032fcc487563b75466d3052f7d1
                                                                • Instruction Fuzzy Hash: 995174B6B08B4286EB649B12944427877A1FB55FA4F1441F7DA9D4BBA6CF3CE470CB00
                                                                Function 00007FFE1A45AAD8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: NameName::
                                                                • String ID: %lf
                                                                • API String ID: 1333004437-2891890143
                                                                • Opcode ID: ce39b8ddb33b1742c1c733f8d1258caa8bc8f3cdabe38b30e72aebe8897d44a3
                                                                • Instruction ID: ce0494d6ca2f1158f8dd5910f0907ff8ce922109df9029a0d76a768f3fce7af2
                                                                • Opcode Fuzzy Hash: ce39b8ddb33b1742c1c733f8d1258caa8bc8f3cdabe38b30e72aebe8897d44a3
                                                                • Instruction Fuzzy Hash: C431D3A1B08F8685E621EB13A8510B9B360BF45FA0F4481F7EA6E57771DF3CE1658740
                                                                Function 00007FFE1330A8D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_Stringmemcpy
                                                                • String ID: abstract class
                                                                • API String ID: 4155950771-1623945838
                                                                • Opcode ID: 39caa09f7d9a9fa5dd63c26db85cad3ebfb1af8ff0279c48b353af220d1a1222
                                                                • Instruction ID: 21070fe0ff8c37ed22a7a2237564bcd9f9c7fb15a6091991e4ee7adaad1a0efe
                                                                • Opcode Fuzzy Hash: 39caa09f7d9a9fa5dd63c26db85cad3ebfb1af8ff0279c48b353af220d1a1222
                                                                • Instruction Fuzzy Hash: 17216B32B09F058AEB548F23E44016D73A0FB68FA4F195275DEAD27765CF38E4628348
                                                                Function 00007FFE13301904 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Object_$Err_InstanceStringSubclass
                                                                • String ID: abstract class
                                                                • API String ID: 1122563627-1623945838
                                                                • Opcode ID: 6c7db8fb0eb44c7424908bf4032845ff0e9bfd72eafbca4c076b0be6399d20a6
                                                                • Instruction ID: 2ede6729e722538e4cf431f8315359a00693b3213e4fef264cd5a3369b6f1f5e
                                                                • Opcode Fuzzy Hash: 6c7db8fb0eb44c7424908bf4032845ff0e9bfd72eafbca4c076b0be6399d20a6
                                                                • Instruction Fuzzy Hash: F6214525F0CE0789FA509B27A85007E1364EF64BB4F1855B1D96E622BADE2CE4419308
                                                                Function 00007FFE1330402C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE13303A00: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE13303A4B
                                                                • PyUnicode_FromStringAndSize.PYTHON311 ref: 00007FFE13304090
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FromSizeStringUnicode___stdio_common_vsprintf
                                                                • String ID: :%x$ctypes object structure too deep
                                                                • API String ID: 1484205955-3091822184
                                                                • Opcode ID: 2459c21495d6783b8173aaa301187f361a2d8e91fe46e9680da2c72f9c63c0db
                                                                • Instruction ID: bfa2412f46e5dab1cb3f41fa86ec0b69e8130577af3877114fb2a2458a07a9f5
                                                                • Opcode Fuzzy Hash: 2459c21495d6783b8173aaa301187f361a2d8e91fe46e9680da2c72f9c63c0db
                                                                • Instruction Fuzzy Hash: CD215131718E86C9EA20CB16E4502AEA3A0FB9C7A0F444171DA9D67775DF3CE645CB04
                                                                Function 00007FFE1330A840 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AuditErr_StringSys_
                                                                • String ID: abstract class$ctypes.cdata
                                                                • API String ID: 1384585920-3531133667
                                                                • Opcode ID: 9146581257e5cd249a8ce15bd5017c0ced05df42edf8eab21e35891fecd2194b
                                                                • Instruction ID: b995d63405e3f9f8152c6920bac1cef69bd62394504935c032f090540a39df60
                                                                • Opcode Fuzzy Hash: 9146581257e5cd249a8ce15bd5017c0ced05df42edf8eab21e35891fecd2194b
                                                                • Instruction Fuzzy Hash: 0A013561B18F42C5EB448B13F8801797BA0FBA8BA4F0885B5DA6DA7725DF28E052C304
                                                                Function 00007FFE13303E98 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • bytes or integer address expected instead of %s instance, xrefs: 00007FFE13308AEB
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Long$Bytes_Long_MaskStringUnsigned
                                                                • String ID: bytes or integer address expected instead of %s instance
                                                                • API String ID: 3464282214-706233300
                                                                • Opcode ID: c48ceac9eea2b1fa827f2cbb00a6abdd9340ea2753a13b5f87d6d5264b647cc5
                                                                • Instruction ID: f9fa89a6e96eddb4dad69d3459f755f94f18d5eb6949a1ba0fa31e06b060cc45
                                                                • Opcode Fuzzy Hash: c48ceac9eea2b1fa827f2cbb00a6abdd9340ea2753a13b5f87d6d5264b647cc5
                                                                • Instruction Fuzzy Hash: 61011B76B19E46C9EA408B17E88027CA360FB68BB4F509572DA6E56375CE3CD495C308
                                                                Function 00007FFE1330DD4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AuditDeallocFromLongLong_Sys_
                                                                • String ID: ctypes.get_errno
                                                                • API String ID: 2276389247-2892954555
                                                                • Opcode ID: c6ace954750aef6584acdef0dbafe0f2db3ad2dcd629e74672a8309c43f57945
                                                                • Instruction ID: dfa52343045c0910aa22aa0f1fca3dea3b9941271af3182674d321315614a50b
                                                                • Opcode Fuzzy Hash: c6ace954750aef6584acdef0dbafe0f2db3ad2dcd629e74672a8309c43f57945
                                                                • Instruction Fuzzy Hash: 2FF0F921B19E42C9EB449B27E84807DA2E0EFA47E0F440070D93E53774DF3CD0818704
                                                                Function 00007FFE1330DDCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AuditDeallocFromLongLong_Sys_
                                                                • String ID: ctypes.get_last_error
                                                                • API String ID: 2276389247-1232113872
                                                                • Opcode ID: 853979658a44e765c27009c70b8a62aa63505b1bac88553f7faa954c15010c56
                                                                • Instruction ID: 0cbf4427ffadded666e7a9026c59c75f27d6ea9e02689df542c916bc2fe406c7
                                                                • Opcode Fuzzy Hash: 853979658a44e765c27009c70b8a62aa63505b1bac88553f7faa954c15010c56
                                                                • Instruction Fuzzy Hash: 45F0A921F19E42C9EB449B37E94817DA2E1EFA87E0F480074D92E52775DF2CD1918704
                                                                Function 00007FFE13304F04 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_MaskStringUnicode_Unsigned
                                                                • String ID: function name must be string, bytes object or integer
                                                                • API String ID: 2115587880-3177123413
                                                                • Opcode ID: 81ea3209a1b354214586730592f4c670ad1da60d41d4e62eb4eacb33d520f56b
                                                                • Instruction ID: a456cc585a94c077344d0a6bcfaf46ef16b0b91fa1b11111497923e726ae6b61
                                                                • Opcode Fuzzy Hash: 81ea3209a1b354214586730592f4c670ad1da60d41d4e62eb4eacb33d520f56b
                                                                • Instruction Fuzzy Hash: 5601A422B19E02C9FB254F67E89427C6291AFA8B64F4480B1C46DA7671EE3CA4458708
                                                                Function 00007FFE1330D9D4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditCallObject_ParseSys_Tuplememset
                                                                • String ID: O&O!$ctypes.call_function
                                                                • API String ID: 886791329-313584727
                                                                • Opcode ID: 17adec98670e9f6cdebf84fa662457cca95efbc4de64805adf32e68e07ce2538
                                                                • Instruction ID: 6e50364ab7b6fe08d3baba63fad5f2e7b8f2352b744fc5f10e2938f021d85b75
                                                                • Opcode Fuzzy Hash: 17adec98670e9f6cdebf84fa662457cca95efbc4de64805adf32e68e07ce2538
                                                                • Instruction Fuzzy Hash: F1014072A1CF46CAEB008F12E4487AE67A0FB587A4F401176E95D63675DF3CE145CB48
                                                                Function 00007FFE1330DA68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditCallObject_ParseSys_Tuplememset
                                                                • String ID: O&O!$ctypes.call_function
                                                                • API String ID: 886791329-313584727
                                                                • Opcode ID: 956f25cfe963604cb9d4e30e000f0088442d622793c0436951a4906829bed983
                                                                • Instruction ID: 5588578002ceab599fbd2a80ba7ee183950dbd2efa492fa2bc14ac8310871c90
                                                                • Opcode Fuzzy Hash: 956f25cfe963604cb9d4e30e000f0088442d622793c0436951a4906829bed983
                                                                • Instruction Fuzzy Hash: 9E018072A1CF46C6EB008F12E4487AD63A0FB687A4F4001B6E95C66634DF7CE145CB08
                                                                Function 00007FFE13302F60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_String
                                                                • String ID: _type_ must be a type$_type_ must have storage info
                                                                • API String ID: 1259552197-214983684
                                                                • Opcode ID: f9c93959e9af95d6c9b4c14054f54ac853c0c588ad50044a4a2a3fec31618313
                                                                • Instruction ID: c8544afe0cd9ca70127636c16f892ff2901c877aef9b545ea69731a3a5a36db2
                                                                • Opcode Fuzzy Hash: f9c93959e9af95d6c9b4c14054f54ac853c0c588ad50044a4a2a3fec31618313
                                                                • Instruction Fuzzy Hash: 250112B5E09E42CDFA54DB57D44017C6360AF69BF0F5446B1D93D722B1DF2CA4848309
                                                                Function 00007FFE1330E7AC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: cannot be converted to pointer
                                                                • API String ID: 1450464846-3065012988
                                                                • Opcode ID: ba69f6be1e03f64db6319ffa1c479f40c92e1bf7f208d3a0c57e532b4c3c8d90
                                                                • Instruction ID: 2b699347727947e80e033a2222af2c54f3570ae1727d913cf5d96e395a75ceff
                                                                • Opcode Fuzzy Hash: ba69f6be1e03f64db6319ffa1c479f40c92e1bf7f208d3a0c57e532b4c3c8d90
                                                                • Instruction Fuzzy Hash: 43016261F08E46C9FA448B17E48033863A0FB68FA4F1490B1E92D17375DE3CE4848708
                                                                Function 00007FFE1330B1F8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Callable_CheckDeallocErr_String
                                                                • String ID: the errcheck attribute must be callable
                                                                • API String ID: 3907376375-3049503998
                                                                • Opcode ID: 40a5e4c9387a9eacadc56f8a50b5cb35d6fcf5bb7bd3e5eec0ef331718cf67ff
                                                                • Instruction ID: 4273922177a2f75e729cf79e7eaf60765076a7f2ad482bc031b1c5e4081abf90
                                                                • Opcode Fuzzy Hash: 40a5e4c9387a9eacadc56f8a50b5cb35d6fcf5bb7bd3e5eec0ef331718cf67ff
                                                                • Instruction Fuzzy Hash: 51F04461B08E42C5EE988F67E95413C6364BFA8FB4F548171CA7D96171DF3CD4958308
                                                                Function 00007FFE1A452630 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4569C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4525CE), ref: 00007FFE1A4569CE
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A45266E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abortterminate
                                                                • String ID: MOC$RCC$csm
                                                                • API String ID: 661698970-2671469338
                                                                • Opcode ID: e63037d86fd6ed08c01758bd2d278b6a49b1453d2f75febe4acf0c3d16fc865e
                                                                • Instruction ID: 1406a3691859c820e7c6b7b2eb8b42ec6b3705f1f4027804d61b479fb79fc8c7
                                                                • Opcode Fuzzy Hash: e63037d86fd6ed08c01758bd2d278b6a49b1453d2f75febe4acf0c3d16fc865e
                                                                • Instruction Fuzzy Hash: 5FF03CB2A18A0682E7506B66A18117877A4EF48F64F0951F3DB4806266CF3CD4B0CA41
                                                                Function 00007FFE13309A20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Long_OccurredStringVoid
                                                                • String ID: integer expected
                                                                • API String ID: 1621529885-2140524511
                                                                • Opcode ID: 7b49f154c6c6e067b1201768131b658a8a7bf5851dad34e5bb971b0d47541ff1
                                                                • Instruction ID: 31730defe8ccb4b5b7cd74c48fe946866f0c34651bc413c27b94d4cf061af3fe
                                                                • Opcode Fuzzy Hash: 7b49f154c6c6e067b1201768131b658a8a7bf5851dad34e5bb971b0d47541ff1
                                                                • Instruction Fuzzy Hash: 5BF03021B08E46C9EE448B17E984279A360AF69FF0F0490B1E92E27775DE2CD4848704
                                                                Function 00007FFE13205CC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • no printf formatter to display the socket descriptor in decimal, xrefs: 00007FFE13205D07
                                                                • <socket object, fd=%ld, family=%d, type=%d, proto=%d>, xrefs: 00007FFE13205CE1
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_FormatFromStringUnicode_
                                                                • String ID: <socket object, fd=%ld, family=%d, type=%d, proto=%d>$no printf formatter to display the socket descriptor in decimal
                                                                • API String ID: 1884982852-285600062
                                                                • Opcode ID: 21ded50ad9b951d9327c489c5827ede9c202102ff5d17ea57af7a995111f4177
                                                                • Instruction ID: c06d14e8acaf5b8331cef5d296545f38fa9a40d8bcabb9abccddadae2671263b
                                                                • Opcode Fuzzy Hash: 21ded50ad9b951d9327c489c5827ede9c202102ff5d17ea57af7a995111f4177
                                                                • Instruction Fuzzy Hash: 08F0D0B5A08D42CADA10AB26D45042D2761FBA5B78F604771D93D676F4DE6DE40EC700
                                                                Function 00007FFE13308162 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • second item in _fields_ tuple (index %zd) must be a C type, xrefs: 00007FFE1330817E
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_FormatFreeMem_
                                                                • String ID: second item in _fields_ tuple (index %zd) must be a C type
                                                                • API String ID: 3237669406-2717732800
                                                                • Opcode ID: 6c5e0c61733740b2a0fd8058cc8b9152b4a417e0ab55625c6ded04eac5423bae
                                                                • Instruction ID: 694d4c7d201d88a50ddb992f721ddc0f242199d7690b8a5be6c013ae679ee300
                                                                • Opcode Fuzzy Hash: 6c5e0c61733740b2a0fd8058cc8b9152b4a417e0ab55625c6ded04eac5423bae
                                                                • Instruction Fuzzy Hash: E5E06264B0CE43CAFA549B67D854078A320BFA5FB5B5012B1D83F726B1CE7CA54A920D
                                                                Function 00007FFE1A45A058 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: 648336d396e82ff845145f22116d02ab074a94aa94e21a1e761fb2f6b175ab31
                                                                • Instruction ID: 7cffc8259f363674fcbccbc7fddc10bcbe89d4e6fa2fc52a99d6043b0db07be4
                                                                • Opcode Fuzzy Hash: 648336d396e82ff845145f22116d02ab074a94aa94e21a1e761fb2f6b175ab31
                                                                • Instruction Fuzzy Hash: AD9159A2F08B9289FB119B62D8453BC27B1BB04B28F5480F7DA4D576A5DF3CA865C340
                                                                Function 00007FFE1A45A814 Relevance: 6.1, APIs: 4, Instructions: 133COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$NameName::
                                                                • String ID:
                                                                • API String ID: 168861036-0
                                                                • Opcode ID: 98efd56155e24b1ceec94087ea0ccb087ffd731ce7e45ec66b02000ff67e82c1
                                                                • Instruction ID: a1e437d170aa1544db8bc42d17c7c28063bf885a19cfb1ec2374dab86c07ae47
                                                                • Opcode Fuzzy Hash: 98efd56155e24b1ceec94087ea0ccb087ffd731ce7e45ec66b02000ff67e82c1
                                                                • Instruction Fuzzy Hash: 055179B2B18F6689E711DF22D8443BC37A0BB44F64F1448B2DA1D477A5DF38A460C740
                                                                Function 00007FFE1A45CC48 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                • String ID:
                                                                • API String ID: 3863519203-0
                                                                • Opcode ID: 59a8e1a8bea4fa0d3053ac7b282f3cf586ef513a0d49dabd13085b0ba4a6c699
                                                                • Instruction ID: 808aaa399ed648a811891340229277dda68c3743c18f443813332c5838aa8627
                                                                • Opcode Fuzzy Hash: 59a8e1a8bea4fa0d3053ac7b282f3cf586ef513a0d49dabd13085b0ba4a6c699
                                                                • Instruction Fuzzy Hash: FE4164B2B08B8589EB01DF65D8403BC3BB0BB45B68F5481B6DA4D97769DF3C9861C740
                                                                Function 00007FFE1330B42C Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Mem_$DeallocFreeMallocmemcpy
                                                                • String ID:
                                                                • API String ID: 1346496523-0
                                                                • Opcode ID: 8c08fdf6c3f6743b583b35e04fc598e2fc29906b9b2b5698a8cb90300fdd1926
                                                                • Instruction ID: eb00d8fe03a1d59cd8f5563b2d1a30825129f8e37c3e53e6dbdee4d041285fc7
                                                                • Opcode Fuzzy Hash: 8c08fdf6c3f6743b583b35e04fc598e2fc29906b9b2b5698a8cb90300fdd1926
                                                                • Instruction Fuzzy Hash: 24215B62A19F4286EB588F12E84013D63A0FB68FA4B0445B5DA6D27765EF3CD5A18348
                                                                Function 00007FFE133049BC Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Descr_Dict_ItemString
                                                                • String ID:
                                                                • API String ID: 975051370-0
                                                                • Opcode ID: cbfa8e76cbb37faade4b4752a761ba53e7deef88f0e4638b9d9c9114bc06fd37
                                                                • Instruction ID: debf139e2faca90dfe7640d4f5d717a03a03805816b28b7c197cf834c1d0c133
                                                                • Opcode Fuzzy Hash: cbfa8e76cbb37faade4b4752a761ba53e7deef88f0e4638b9d9c9114bc06fd37
                                                                • Instruction Fuzzy Hash: AA115121B0DE4289EE548B13A91033DA260EFA9BE0F084170DE6E73B65DF3CD5918608
                                                                Function 00007FFE133015F4 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE133022B0: _PyObject_MakeTpCall.PYTHON311 ref: 00007FFE13302301
                                                                • PyWeakref_NewProxy.PYTHON311(?,?,00000000,00007FFE1330156A), ref: 00007FFE1330163E
                                                                • PyDict_SetItem.PYTHON311(?,?,00000000,00007FFE1330156A), ref: 00007FFE1330165F
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330156A), ref: 00007FFE13306A71
                                                                • _Py_Dealloc.PYTHON311(?,?,00000000,00007FFE1330156A), ref: 00007FFE13306A80
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$CallDict_ItemMakeObject_ProxyWeakref_
                                                                • String ID:
                                                                • API String ID: 1512266493-0
                                                                • Opcode ID: edfa2a0c717579e9911386e870fa1321e468c4d2dd0d8facd930d0c933b2ac38
                                                                • Instruction ID: a19739b311063cb60d8e38f8d68bc97a2158e69526d61699ab49a834eaf750fe
                                                                • Opcode Fuzzy Hash: edfa2a0c717579e9911386e870fa1321e468c4d2dd0d8facd930d0c933b2ac38
                                                                • Instruction Fuzzy Hash: 17114F25A09E42C9EA545F27AC4007DA3A4FF69BE0B1C4571DE6E277B5CF3CE4518348
                                                                Function 00007FFE13259B99 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocFreeMem_Thread_free_lock
                                                                • String ID:
                                                                • API String ID: 2783890233-0
                                                                • Opcode ID: 5aeb15387b95166676224402c5d5f2316a130d4eb9e2bcf5365a9fe41ac904a5
                                                                • Instruction ID: 415150c8d89a325c2b92e93c6053300fe84716d7ec1545133ba1bff8aacfe8e5
                                                                • Opcode Fuzzy Hash: 5aeb15387b95166676224402c5d5f2316a130d4eb9e2bcf5365a9fe41ac904a5
                                                                • Instruction Fuzzy Hash: 24116D72B0DA4289EB05AF3698503BC3360EBE6F55F0842B1CA4E575A2EF2CDA55C300
                                                                Function 00007FFE13204CA4 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                                                • String ID:
                                                                • API String ID: 772546412-0
                                                                • Opcode ID: 1577330f62de6ded43e8dddc616ca128f006a8c56b02915f3c7181489a52fc15
                                                                • Instruction ID: bc23449bb6e36fd98040c5fbc8efe77a0b9a6d9526676be9b80bc6d722fdd2ba
                                                                • Opcode Fuzzy Hash: 1577330f62de6ded43e8dddc616ca128f006a8c56b02915f3c7181489a52fc15
                                                                • Instruction Fuzzy Hash: 50111221618F8286EA30AB53F4403AFA361FFD4794F404172D68D27A55DE7CE149CB00
                                                                Function 00007FFE13204BE4 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                                                • String ID:
                                                                • API String ID: 1387529023-0
                                                                • Opcode ID: 1c7e6d5011a2135e8c06ff2d843152878263a225684895c46d3c4021394f55f9
                                                                • Instruction ID: 96fc3b711b16f22da2ea708826ab1154a8b7aaccb4655fcc9f1dca1c613ec3b5
                                                                • Opcode Fuzzy Hash: 1c7e6d5011a2135e8c06ff2d843152878263a225684895c46d3c4021394f55f9
                                                                • Instruction Fuzzy Hash: 5411F161618F8286EA70AB52F4403AFA361FFD8794F404172DA8D67A69DF7CE149CB40
                                                                Function 00007FFE1330C458 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_Track
                                                                • String ID:
                                                                • API String ID: 887704541-0
                                                                • Opcode ID: 3d42f6f96641afa8e40a9b95133215a649903610cae807ab0b9964238f53290f
                                                                • Instruction ID: 868375dd7e3232b7a61920fca3ee9e89a7fb844db6649e34a65dcd920af290c9
                                                                • Opcode Fuzzy Hash: 3d42f6f96641afa8e40a9b95133215a649903610cae807ab0b9964238f53290f
                                                                • Instruction Fuzzy Hash: 4E01EC35E0AF02C8FE9A8F77989413C63A0FF64F35B1801B0C96E16671CE2DA4818348
                                                                Function 00007FFE13204864 Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                                                • String ID:
                                                                • API String ID: 1624953543-0
                                                                • Opcode ID: 1179f49cef2614599ac27385311664bb38b10ace598ec30c3f873f2a9e03a6a8
                                                                • Instruction ID: 977882a311b48df4cdab43bcd5f66d74c06635a86121abe0dd098ba35ab968b6
                                                                • Opcode Fuzzy Hash: 1179f49cef2614599ac27385311664bb38b10ace598ec30c3f873f2a9e03a6a8
                                                                • Instruction Fuzzy Hash: 71F0FF21A18F918AE6146B56B88407D77A0EB98BB1B144770DA7A237F4CF7CD449C640
                                                                Function 00007FFE1330C8D4 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: State_$EnsureInitializeInitializedRelease
                                                                • String ID:
                                                                • API String ID: 2621580956-0
                                                                • Opcode ID: 228736a826a5a1ff67be1b297f58c8bae0a48c2954096bea5476443be523e544
                                                                • Instruction ID: 13026b6d2111fe9cfb5dac086220bcc430d23360fc0d2bccb92844b270536fc8
                                                                • Opcode Fuzzy Hash: 228736a826a5a1ff67be1b297f58c8bae0a48c2954096bea5476443be523e544
                                                                • Instruction Fuzzy Hash: 91F03021B08F81CAEB405B63B88402DA260AB68FE0F585075EA5D67726DE3CD4818B04
                                                                Function 00007FFE13207310 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DecodeDefaultErr_ErrnoFromLongLong_Unicode_Unsignedif_indextoname
                                                                • String ID:
                                                                • API String ID: 1147600871-0
                                                                • Opcode ID: 90c782a69252593657e351c54f1b06e3e0398504c2af1d4c3f456dd59c26aa3c
                                                                • Instruction ID: 9286fb64499978a3d42c93117c7164924d35e0356cebbfa436444ac7cb2d0da0
                                                                • Opcode Fuzzy Hash: 90c782a69252593657e351c54f1b06e3e0398504c2af1d4c3f456dd59c26aa3c
                                                                • Instruction Fuzzy Hash: 76F01221B18E4289FA64B736E45437E27A0BFE8764F844571D95E926B4DE3CE10DC600
                                                                Function 00007FFE1A4549B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: abort$CreateFrameInfo
                                                                • String ID: csm
                                                                • API String ID: 2697087660-1018135373
                                                                • Opcode ID: 5e4671b1cbff3658d511699c3cf653202505efa909c7ec854f7fa1af4338784c
                                                                • Instruction ID: ddd726ff11c4f69a2b64972a1da2433f4786721e8ed4bd159520cc3cc2a0e7ae
                                                                • Opcode Fuzzy Hash: 5e4671b1cbff3658d511699c3cf653202505efa909c7ec854f7fa1af4338784c
                                                                • Instruction Fuzzy Hash: 20511CB6718B4186E660AB16E44027E77B4F788FA0F1405B6DB8D07B66DF3CE465CB40
                                                                Function 00007FFE1A459F44 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: void$void
                                                                • API String ID: 2943138195-3746155364
                                                                • Opcode ID: 7dcf970a61f58172c3a4f39e178d28c376ed2dbead67cac1058dce2bd18ce07b
                                                                • Instruction ID: 875731d20529edb4b255745a62000598e67eb6746bd7be3a9cadca225dcbe56d
                                                                • Opcode Fuzzy Hash: 7dcf970a61f58172c3a4f39e178d28c376ed2dbead67cac1058dce2bd18ce07b
                                                                • Instruction Fuzzy Hash: 223146A2F18B5598FB01DFA1E8410FC37B0BB48B58B4405B6EA4EA3B69DF3C9164C750
                                                                Function 00007FFE132040D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE13207AE8: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE13207B2C
                                                                • PyErr_SetString.PYTHON311(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE13203635), ref: 00007FFE132041AF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_String__stdio_common_vsscanf
                                                                • String ID: %X:%X:%X:%X:%X:%X%c$bad bluetooth address
                                                                • API String ID: 3283897942-3956635471
                                                                • Opcode ID: 2a7f0246533caa97d69931e1c2b3aab3f1e9f99ef436862b711c96c1fe23d8e7
                                                                • Instruction ID: 3829c7717e1cf446e44c90a0d05b2361ca9fbce6cf19d0d51852f4103f8c4e8e
                                                                • Opcode Fuzzy Hash: 2a7f0246533caa97d69931e1c2b3aab3f1e9f99ef436862b711c96c1fe23d8e7
                                                                • Instruction Fuzzy Hash: 9421AC72718F9186DB10CB12E8880AD73A2F7947E0F418136EAAC57BA8DF3DD858C710
                                                                Function 00007FFE1A4562EF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FileHeader$ExceptionRaise
                                                                • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                • API String ID: 3685223789-3176238549
                                                                • Opcode ID: 7bbd72394c3e749fc10370465baa4d9a755cb91736d17097c685b3404c0deaff
                                                                • Instruction ID: e172b658535d01e83bd57d5162ab50a7ca66e582ba5a7e9cdacb51fc8cdf2ccc
                                                                • Opcode Fuzzy Hash: 7bbd72394c3e749fc10370465baa4d9a755cb91736d17097c685b3404c0deaff
                                                                • Instruction Fuzzy Hash: F0015EA1B29E8691EE40AB16F450178A321FF40FA4F4850F3E65E07675EF6CE564C700
                                                                Function 00007FFE1330EDAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_FormatLongLong_
                                                                • String ID: one character bytes, bytearray or integer expected
                                                                • API String ID: 832222675-2748977362
                                                                • Opcode ID: 4171aea13ba1fa0aee4d8e851ffe7b5e382af772fa60775af7b968a914772540
                                                                • Instruction ID: 5bdc3f168d210f0190978de3135da1124fe8d56fe57de5593bfd29414e5d1a74
                                                                • Opcode Fuzzy Hash: 4171aea13ba1fa0aee4d8e851ffe7b5e382af772fa60775af7b968a914772540
                                                                • Instruction Fuzzy Hash: 29116032B08F86CDEB558F2AD48427C67A0EF65BA4F1850B1CA6D67375CE2CD494C318
                                                                Function 00007FFE13302DC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_String
                                                                • String ID: abstract class
                                                                • API String ID: 1259552197-1623945838
                                                                • Opcode ID: 889cc83bd7e42d210c141f1a36b7b4f58b9fb1ebab554f935c723b1e3cc6fbc7
                                                                • Instruction ID: 00190adee1b8d167be7e8c0d94366f719e6bf973401adca962d3e5ddb5a0aa0b
                                                                • Opcode Fuzzy Hash: 889cc83bd7e42d210c141f1a36b7b4f58b9fb1ebab554f935c723b1e3cc6fbc7
                                                                • Instruction Fuzzy Hash: 76115E22B08F068AEA559B27E45877D63A0EFADBB5F1451B4C92D663B1DF3CE444C308
                                                                Function 00007FFE1A456690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 51a2530866bc70b3fa6e7487cc130fe87b9602d28e5a22477376607ad08b6180
                                                                • Instruction ID: 7bc0cbed7bf8ecaba938c7922a3b33647ad9e37d51fd8fc8727a111cf8f43bc5
                                                                • Opcode Fuzzy Hash: 51a2530866bc70b3fa6e7487cc130fe87b9602d28e5a22477376607ad08b6180
                                                                • Instruction Fuzzy Hash: 52113D72608F8182EB108F16F440269B7A5FB88F94F1842B6DF8C07B68DF3DD5658700
                                                                Function 00007FFE1330A15C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyErr_SetString.PYTHON311 ref: 00007FFE1330A185
                                                                  • Part of subcall function 00007FFE1330AA7C: PyErr_SetString.PYTHON311(?,?,?,?,00007FFE1330947D,?), ref: 00007FFE1330AABD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: NULL pointer access$Pointer does not support item deletion
                                                                • API String ID: 1450464846-1262937747
                                                                • Opcode ID: cc63e7bd2d2a3bc22265ebdaaeb10ee6e24a6e51b4ebc2f3b89706aefd929760
                                                                • Instruction ID: 0982293c90c9d122a81ffc6548d29fca6db1da8d64c50279ba6d1c82be943abb
                                                                • Opcode Fuzzy Hash: cc63e7bd2d2a3bc22265ebdaaeb10ee6e24a6e51b4ebc2f3b89706aefd929760
                                                                • Instruction Fuzzy Hash: 1E01AD61B08F4685EA48CB47F8804BD7324BBAABE4B104272DD6D677B6CF3CD5418348
                                                                Function 00007FFE132048D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE13203588: PyErr_Format.PYTHON311 ref: 00007FFE132037DF
                                                                • PySys_Audit.PYTHON311 ref: 00007FFE1320492C
                                                                  • Part of subcall function 00007FFE13203A8C: PyEval_SaveThread.PYTHON311 ref: 00007FFE13203AAA
                                                                  • Part of subcall function 00007FFE13203A8C: connect.WS2_32 ref: 00007FFE13203ABD
                                                                  • Part of subcall function 00007FFE13203A8C: PyEval_RestoreThread.PYTHON311 ref: 00007FFE13203AC8
                                                                  • Part of subcall function 00007FFE13203A8C: WSAGetLastError.WS2_32 ref: 00007FFE13203AD6
                                                                  • Part of subcall function 00007FFE13203A8C: WSAGetLastError.WS2_32 ref: 00007FFE13203AE2
                                                                  • Part of subcall function 00007FFE13203A8C: PyErr_CheckSignals.PYTHON311 ref: 00007FFE13203AEF
                                                                  • Part of subcall function 00007FFE13203A8C: WSASetLastError.WS2_32 ref: 00007FFE13203B2C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                • String ID: connect$socket.connect
                                                                • API String ID: 2206401578-326844852
                                                                • Opcode ID: bb7157e97fb890ddb199d144b1d46a56a8d34667c59f5b315390c2e9786cec5b
                                                                • Instruction ID: 285cd923aa889735be36bb2086a59c08498174d4bdf6f4dd450be2249f9479a3
                                                                • Opcode Fuzzy Hash: bb7157e97fb890ddb199d144b1d46a56a8d34667c59f5b315390c2e9786cec5b
                                                                • Instruction Fuzzy Hash: 37113321708F4685EA20AB52F4507AA6360FBD4BE0F444172DE9D67769DE2DD148CB40
                                                                Function 00007FFE1330E98C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1330EA24: PyType_IsSubtype.PYTHON311(?,?,?,?,00007FFE1330E889), ref: 00007FFE1330EA31
                                                                • PyErr_SetString.PYTHON311 ref: 00007FFE1330E9C8
                                                                  • Part of subcall function 00007FFE1330AA7C: PyErr_SetString.PYTHON311(?,?,?,?,00007FFE1330947D,?), ref: 00007FFE1330AABD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_String$SubtypeType_
                                                                • String ID: can't delete attribute$not a ctype instance
                                                                • API String ID: 3320257282-2740123057
                                                                • Opcode ID: 18fbc3005ffdff5a035a76096331e82b7bdea77d6c35e831de142f80868fa9ec
                                                                • Instruction ID: 098673337a91c68d1f76fc4d3a60f7cbf80dc43a61fa3789ccc72ae4adb34567
                                                                • Opcode Fuzzy Hash: 18fbc3005ffdff5a035a76096331e82b7bdea77d6c35e831de142f80868fa9ec
                                                                • Instruction Fuzzy Hash: F0113961B08F41C5EB50CF17E94006D63A0FB68BF4B104272EEAD63BA9DF2CD5518708
                                                                Function 00007FFE13309638 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_ItemSequence_String
                                                                • String ID: args not a tuple?
                                                                • API String ID: 138718260-274370407
                                                                • Opcode ID: f981f7e703dfeb18ac4443360c7dfc39ae4566ed3aa42caf66e0419349738e14
                                                                • Instruction ID: 1e5d6ac4923d52b6b25c76f45f34765b8eb40bbfcaf6493bbde6c5f06d446db1
                                                                • Opcode Fuzzy Hash: f981f7e703dfeb18ac4443360c7dfc39ae4566ed3aa42caf66e0419349738e14
                                                                • Instruction Fuzzy Hash: DE018C61B08F42C9E6408B16E44006DA360FB54FB0F589671EABD677B5CF28D491C704
                                                                Function 00007FFE13309414 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: Array does not support item deletion$invalid index
                                                                • API String ID: 1450464846-799983634
                                                                • Opcode ID: 67e0225e1662b2c6de7c64aa0e1a7725335fd733c618b52c26417df970fd658a
                                                                • Instruction ID: 55fbb53215aa8878f92f8483c6c6ffc38d83be3fa6695e10f8b54b1097b7562c
                                                                • Opcode Fuzzy Hash: 67e0225e1662b2c6de7c64aa0e1a7725335fd733c618b52c26417df970fd658a
                                                                • Instruction Fuzzy Hash: 70015AB1E08F46C9EA00DB47E85087D2364FBA4BE0B4152B2D96E673B1DF2CE1948308
                                                                Function 00007FFE13304680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyErr_SetString.PYTHON311(?,?,?,00007FFE13301959), ref: 00007FFE13308EE9
                                                                  • Part of subcall function 00007FFE13303DC0: _PyObject_New.PYTHON311(?,?,?,?,00007FFE133046A2,?,?,?,00007FFE13301959), ref: 00007FFE13303DCB
                                                                • _Py_Dealloc.PYTHON311(?,?,?,00007FFE13301959), ref: 00007FFE13308EF4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_Object_String
                                                                • String ID: expected CData instance
                                                                • API String ID: 3982460303-1581534645
                                                                • Opcode ID: cb84d01ecd15a1eda4d8d1b175decd3e5ebb0d94a1c0848139c17e093e1ac344
                                                                • Instruction ID: ed6a2c41dd6652ffd2ff4ba294b98cea131a0745f0a20e874986b915086f4317
                                                                • Opcode Fuzzy Hash: cb84d01ecd15a1eda4d8d1b175decd3e5ebb0d94a1c0848139c17e093e1ac344
                                                                • Instruction Fuzzy Hash: F2014B61B08F07C8EA148B27D84003D63A0AF68BB4F1404B1C93E6A772DF3DE155C319
                                                                Function 00007FFE1330B4F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AttrEqualGenericObject_StringUnicode_
                                                                • String ID: _fields_
                                                                • API String ID: 947992268-3196300388
                                                                • Opcode ID: c6dedb99678c499afd6badd1b017026620a4ab54dad84f9f25f416736ac5017a
                                                                • Instruction ID: 72c1cc51bf2717eca87ea831c3a9efbfc50c5f61b96e2ef3037bf9dfeaff5c51
                                                                • Opcode Fuzzy Hash: c6dedb99678c499afd6badd1b017026620a4ab54dad84f9f25f416736ac5017a
                                                                • Instruction Fuzzy Hash: 9CF04421B1CB4289E7548F67A44026E5260AF65BE0F5895B0E92E526A5DE2CD4918708
                                                                Function 00007FFE1330B2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Dict_Err_ItemString
                                                                • String ID: abstract class
                                                                • API String ID: 960913676-1623945838
                                                                • Opcode ID: 152bc656983328e65481e0599e2526a4dd7c8e873d35052210cfab64f93eb631
                                                                • Instruction ID: cf6b3fee704b71a7289d7edeee20ac8ddec0a975cdee6a636f292fd426ac2689
                                                                • Opcode Fuzzy Hash: 152bc656983328e65481e0599e2526a4dd7c8e873d35052210cfab64f93eb631
                                                                • Instruction Fuzzy Hash: 6EF06850B18E07C8FA589F67F88407C5360AF69BF0F145271D93E667B6DE2CD4958308
                                                                Function 00007FFE13253858 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983986729.00007FFE13251000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13250000, based on PE: true
                                                                • Associated: 00000001.00000002.2983967997.00007FFE13250000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984007302.00007FFE1325D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984025780.00007FFE13261000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984043492.00007FFE13262000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13250000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Arg_$KeywordsPositional
                                                                • String ID: BZ2Decompressor
                                                                • API String ID: 1300771297-1337346095
                                                                • Opcode ID: 358a44a62b11731d470d0bbb96af668936168ddb6404ce11f0731b6ca31f1a24
                                                                • Instruction ID: 1d80f8048721ab67d4abed883b5d3f7997fd3137da0192ca6071e6f0d6ae31b3
                                                                • Opcode Fuzzy Hash: 358a44a62b11731d470d0bbb96af668936168ddb6404ce11f0731b6ca31f1a24
                                                                • Instruction Fuzzy Hash: 0AF062A0F08E4245FA58AB27B5482B56261AFA4BF0F5453B0EA2D97AB5FF1CD641C700
                                                                Function 00007FFE1330C398 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AuditCharFromSys_Unicode_Wide
                                                                • String ID: ctypes.wstring_at
                                                                • API String ID: 614261396-2169766756
                                                                • Opcode ID: c82b687e7251797f6e5b90717e26ccc800462a1ff5413f444b11774fb9a74885
                                                                • Instruction ID: b1c1a081cf80604021e7cd1b249d49000866044780aa015e4dd1a9cb2671bedf
                                                                • Opcode Fuzzy Hash: c82b687e7251797f6e5b90717e26ccc800462a1ff5413f444b11774fb9a74885
                                                                • Instruction Fuzzy Hash: CAF08951B18E42D9EE544B73F9900BD5250AF28BF4F4453B1D93EDA1F1DD6CD5548308
                                                                Function 00007FFE1330C33C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: AuditBytes_FromSizeStringSys_
                                                                • String ID: ctypes.string_at
                                                                • API String ID: 1783689829-1910480597
                                                                • Opcode ID: ad0ccf7f71804dd0e038b4a23bae58c0fa799e11b1e17efbe4fa3c6d44ce38ba
                                                                • Instruction ID: 4c17467b8ddb0be2434de266ac3f933a2c7be5b402336b6eff615164287f4e15
                                                                • Opcode Fuzzy Hash: ad0ccf7f71804dd0e038b4a23bae58c0fa799e11b1e17efbe4fa3c6d44ce38ba
                                                                • Instruction Fuzzy Hash: 3DF03091B18F4389EF604B37A98017D6651AF64BF4F1493B1D93E965F5DE1C90849208
                                                                Function 00007FFE13203864 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2983774222.00007FFE13201000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE13200000, based on PE: true
                                                                • Associated: 00000001.00000002.2983755967.00007FFE13200000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983792906.00007FFE13208000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983812090.00007FFE13210000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000001.00000002.2983830090.00007FFE13212000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13200000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: getsockaddrlen: bad family$getsockaddrlen: unknown BT protocol
                                                                • API String ID: 1450464846-3381576205
                                                                • Opcode ID: cbb85a40afec8d8469eadcacea966656172139c73b3414318d60d7fc7aec7ced
                                                                • Instruction ID: 0f3d502339f0bcf230f4bc3d8d3068864c654bdfd6a00a16aedc3941d2211f77
                                                                • Opcode Fuzzy Hash: cbb85a40afec8d8469eadcacea966656172139c73b3414318d60d7fc7aec7ced
                                                                • Instruction Fuzzy Hash: 41F0FFB1908D02C9F7246F0AE88427E22A1ABE4760FA044F1C60DA62B0CFBCE48DD741
                                                                Function 00007FFE13302470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FromLong_Ssize_t
                                                                • String ID: this type has no size
                                                                • API String ID: 168540982-982649334
                                                                • Opcode ID: 6f14cdcc885872a6a1df23694bcedff85d145f2805944da9bd946685c2c050ae
                                                                • Instruction ID: 16c317b2751862e0d6d57e8eac9b714ae5fbc169d0e0f6883e019296ed7a163f
                                                                • Opcode Fuzzy Hash: 6f14cdcc885872a6a1df23694bcedff85d145f2805944da9bd946685c2c050ae
                                                                • Instruction Fuzzy Hash: 2EF0C050B18D03C9FE599B63D95503D6364AFA8FB4F1414B1DD2EA6272DE2CE484835C
                                                                Function 00007FFE1A45EE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A45F050: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE1A45F110
                                                                  • Part of subcall function 00007FFE1A45F050: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FFE1A45EE15), ref: 00007FFE1A45F15F
                                                                  • Part of subcall function 00007FFE1A4569C0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4525CE), ref: 00007FFE1A4569CE
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A45EE3A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwindabortterminate
                                                                • String ID: csm$f
                                                                • API String ID: 4189928240-629598281
                                                                • Opcode ID: 41dc89b1ce5f079b65ce2aaee024a8a434243f0f20765bf48ba2e403aae6c5bc
                                                                • Instruction ID: 439b4ab186a30d8487f58195f1504811de730e969a15e9b3a06dd8e9fb9fa11c
                                                                • Opcode Fuzzy Hash: 41dc89b1ce5f079b65ce2aaee024a8a434243f0f20765bf48ba2e403aae6c5bc
                                                                • Instruction Fuzzy Hash: 99E065F1E18B4281EB607B63B58517D67A4AF05F74F1C80F6DA8807666CF3DD8B08641
                                                                Function 00007FFE1330DDFC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: PrintableUnicode_
                                                                • String ID: '$\
                                                                • API String ID: 1291510985-1366717710
                                                                • Opcode ID: 8f056e593a683e8d15de34f78a6f47cb157d5505191b12e7d535d23602ebe9e6
                                                                • Instruction ID: aaf9ceb52ef53e7658d27218692c79a66aa6bddb75665610f2313d72dffe1ff3
                                                                • Opcode Fuzzy Hash: 8f056e593a683e8d15de34f78a6f47cb157d5505191b12e7d535d23602ebe9e6
                                                                • Instruction Fuzzy Hash: 16E04F31F18E058AFB641727A88827D13D25BA5370E4D1171DA6D152F9CD2CD8819708
                                                                Function 00007FFE1330E940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: FormatFromUnicode_
                                                                • String ID: <Field type=%s, ofs=%zd, size=%zd>$<Field type=%s, ofs=%zd:%zd, bits=%zd>
                                                                • API String ID: 3889672380-2914491812
                                                                • Opcode ID: 08e4dafb61acecda0dd77ce9d4e7f7947246ca23280beaed436fd91f997484e9
                                                                • Instruction ID: 54860d05508b55a4d794971cbaaa3334239b08cb3908d86df124ffd2279b4478
                                                                • Opcode Fuzzy Hash: 08e4dafb61acecda0dd77ce9d4e7f7947246ca23280beaed436fd91f997484e9
                                                                • Instruction Fuzzy Hash: 99E01A76B04E45C5DB548B0ED8404697720FB65F68BA101A6CEAC23375CF3CD5ABD748
                                                                Function 00007FFE13303DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Err_$OccurredString
                                                                • String ID: PyObject is NULL
                                                                • API String ID: 114435612-3221357749
                                                                • Opcode ID: 2e5002b93a88984c719b4076089918ef8885b05004490f6185a51e22d0327163
                                                                • Instruction ID: b6175d3ba9257dfda5e03c78a1974b71d8285d3f3e8487ddea6c174be1275722
                                                                • Opcode Fuzzy Hash: 2e5002b93a88984c719b4076089918ef8885b05004490f6185a51e22d0327163
                                                                • Instruction Fuzzy Hash: 2CE0BF21B09E03D8EE455B17D84013867A0AF68B75F5455B5C52E6A371DE2CE0859704
                                                                Function 00007FFE1330F3B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Capsule_FreeMem_Pointer
                                                                • String ID: _ctypes/cfield.c pymem
                                                                • API String ID: 1268649101-2578739719
                                                                • Opcode ID: 13f5c1952ace5f4f8c9f181e4b2ebf5f0c2b934a391285e14cb501e27f568ab5
                                                                • Instruction ID: 341ea4783d907054730c83bcae0b95236d1d242313524834173ea2fc307eb3e2
                                                                • Opcode Fuzzy Hash: 13f5c1952ace5f4f8c9f181e4b2ebf5f0c2b934a391285e14cb501e27f568ab5
                                                                • Instruction Fuzzy Hash: CDC01210F0EE02CAED49AB63A88413813606F28B34F8804B4C02D25236EE6CA49A8308
                                                                Function 00007FFE1330DEB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984157337.00007FFE13301000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000001.00000002.2984137935.00007FFE13300000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984177976.00007FFE13310000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984197194.00007FFE13317000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984217707.00007FFE1331B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe13300000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: Capsule_FreeMem_Pointer
                                                                • String ID: _ctypes pymem
                                                                • API String ID: 1268649101-201515578
                                                                • Opcode ID: 62ef90d10503a54e82f353289ff9a1ab72bad7d0f7bb64e3368930f79f513158
                                                                • Instruction ID: de52e28e0ed93d449f7ddcd4e5c9c278e7a2688f32474b9dc8ebb0cdf2821f4e
                                                                • Opcode Fuzzy Hash: 62ef90d10503a54e82f353289ff9a1ab72bad7d0f7bb64e3368930f79f513158
                                                                • Instruction Fuzzy Hash: 0CC08050F0AF43C6ED486B13EC4403413607F34B15F8404B4C52D25335DE2C6055C308
                                                                Function 00007FFE1A4569DC Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00007FFE1A456859,?,?,?,?,00007FFE1A45FF42,?,?,?,?,?), ref: 00007FFE1A4569FB
                                                                • SetLastError.KERNEL32(?,?,?,00007FFE1A456859,?,?,?,?,00007FFE1A45FF42,?,?,?,?,?), ref: 00007FFE1A456A84
                                                                Memory Dump Source
                                                                • Source File: 00000001.00000002.2984256147.00007FFE1A451000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                • Associated: 00000001.00000002.2984237068.00007FFE1A450000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984279636.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984300789.00007FFE1A466000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000001.00000002.2984319263.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_1_2_7ffe1a450000_uOsIQqfgiT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast
                                                                • String ID:
                                                                • API String ID: 1452528299-0
                                                                • Opcode ID: bbe9895d534b658101cce7e74ca5bd95b80ee12bf15f37732e53d0ee5c009e2b
                                                                • Instruction ID: c537d69b825f7dc53fcf8138677aa6a089e144648b5cfd350e592b649c7ac000
                                                                • Opcode Fuzzy Hash: bbe9895d534b658101cce7e74ca5bd95b80ee12bf15f37732e53d0ee5c009e2b
                                                                • Instruction Fuzzy Hash: 46112160F0DA4242FA14AB27B844134B2A16F49FF4F1C86F6D96E077F5DF2CE8619640