Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
apilibx64.exe

Overview

General Information

Sample name:apilibx64.exe
Analysis ID:1570005
MD5:bca7e8cada42a299c99380fd96e5104f
SHA1:7d45496f1b23412425ec5c39ee5e0177a9269441
SHA256:6e6656ae6250e35281bc76ad996849ad047f2013b633c00d49e2ff07e590a1c1
Tags:exeuser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • apilibx64.exe (PID: 7152 cmdline: "C:\Users\user\Desktop\apilibx64.exe" MD5: BCA7E8CADA42A299C99380FD96E5104F)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1887309159.000002B45ADE0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: apilibx64.exe PID: 7152JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: apilibx64.exe PID: 7152JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.apilibx64.exe.2b45afa0000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.apilibx64.exe.2b45afa0000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-06T14:09:05.357434+010020494411A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-06T14:09:05.357434+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              2024-12-06T14:09:05.477481+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-06T14:09:05.357434+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              2024-12-06T14:09:05.477481+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 0.2.apilibx64.exe.2b45afa0000.0.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B011EA0 CryptUnprotectData,LocalFree,0_2_000002B45B011EA0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFD5EE0 CryptUnprotectData,LocalFree,0_2_000002B45AFD5EE0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0121C0 CryptProtectData,LocalFree,0_2_000002B45B0121C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B072090 CryptUnprotectData,0_2_000002B45B072090
              Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: apilibx64.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B059810 FindClose,FindFirstFileExW,GetLastError,0_2_000002B45B059810
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0598C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000002B45B0598C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0213B0 GetLogicalDriveStringsW,0_2_000002B45B0213B0
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: global trafficTCP traffic: 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
              Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
              Source: Joe Sandbox ViewIP Address: 45.130.145.152 45.130.145.152
              Source: Joe Sandbox ViewASN Name: ASBAXETNRU ASBAXETNRU
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownDNS query: name: api.ipify.org
              Source: unknownDNS query: name: api.ipify.org
              Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B01E9F0 recv,recv,closesocket,WSACleanup,0_2_000002B45B01E9F0
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: api.ipify.org
              Source: apilibx64.exe, 00000000.00000003.1886809285.000002B45BE24000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1886758525.000002B45BE20000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1886727297.000002B45BE20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
              Source: apilibx64.exe, 00000000.00000003.1702540903.000002B45BE11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/RegiU
              Source: apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: apilibx64.exe, 00000000.00000002.1887309159.000002B45ADE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
              Source: apilibx64.exe, 00000000.00000003.1703039193.000002B4594A1000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000002.1887143065.000002B459484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/A%
              Source: apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594BD000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
              Source: apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594BD000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: apilibx64.exe, 00000000.00000003.1705880403.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704940672.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703831234.000002B459525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: apilibx64.exe, 00000000.00000003.1705880403.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704940672.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703831234.000002B459525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: apilibx64.exe, 00000000.00000003.1705880403.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704940672.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703831234.000002B459525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
              Source: apilibx64.exe, 00000000.00000003.1709121696.000002B45C8BC000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2DC000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B280000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1C0000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1C8000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2D4000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C0FF000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707840209.000002B45AE88000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B288000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
              Source: apilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: apilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
              Source: apilibx64.exe, 00000000.00000003.1704800492.000002B45C0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: apilibx64.exe, 00000000.00000003.1704271513.000002B45C073000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C09C000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C083000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704509749.000002B45AE88000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: apilibx64.exe, 00000000.00000003.1704800492.000002B45C0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: apilibx64.exe, 00000000.00000003.1704271513.000002B45C073000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C09C000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C083000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704509749.000002B45AE88000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C0C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594BD000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
              Source: apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594BD000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
              Source: apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: apilibx64.exe, 00000000.00000003.1709121696.000002B45C8BC000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2DC000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B280000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1C0000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1C8000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2D4000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C0FF000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707840209.000002B45AE88000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B288000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: apilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: apilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: apilibx64.exe, 00000000.00000003.1708288496.000002B45B934000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C10F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1CF000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B28F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: apilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: apilibx64.exe, 00000000.00000003.1708288496.000002B45B934000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C10F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1CF000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B28F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B01FB30 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,0_2_000002B45B01FB30
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0726E0 NtAllocateVirtualMemory,0_2_000002B45B0726E0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B023CF0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,0_2_000002B45B023CF0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0243F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000002B45B0243F0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAA34C0 NtQueryVirtualMemory,NtProtectVirtualMemory,0_2_00007FF65DAA34C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0208200_2_000002B45B020820
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDB8200_2_000002B45AFDB820
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0216600_2_000002B45B021660
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B02C55A0_2_000002B45B02C55A
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B02662B0_2_000002B45B02662B
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B03749C0_2_000002B45B03749C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B028B700_2_000002B45B028B70
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B01FB300_2_000002B45B01FB30
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B05E9680_2_000002B45B05E968
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDC8C00_2_000002B45AFDC8C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFCF8B00_2_000002B45AFCF8B0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0598C00_2_000002B45B0598C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B018F600_2_000002B45B018F60
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B021FF00_2_000002B45B021FF0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDCF600_2_000002B45AFDCF60
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDACC00_2_000002B45AFDACC0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0013400_2_000002B45B001340
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFE22D00_2_000002B45AFE22D0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B04114C0_2_000002B45B04114C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B01F2000_2_000002B45B01F200
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFCF1C00_2_000002B45AFCF1C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0270B00_2_000002B45B0270B0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0247400_2_000002B45B024740
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0167600_2_000002B45B016760
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFE86D00_2_000002B45AFE86D0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFF66A00_2_000002B45AFF66A0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B03F7F40_2_000002B45B03F7F4
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0347FC0_2_000002B45B0347FC
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFEC8200_2_000002B45AFEC820
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B02B68A0_2_000002B45B02B68A
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0106A60_2_000002B45B0106A6
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B03E6F80_2_000002B45B03E6F8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0047100_2_000002B45B004710
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFC55200_2_000002B45AFC5520
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFC65100_2_000002B45AFC6510
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0345F80_2_000002B45B0345F8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00C6000_2_000002B45B00C600
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B04A4380_2_000002B45B04A438
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFA66100_2_000002B45AFA6610
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFF55B00_2_000002B45AFF55B0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0454E80_2_000002B45B0454E8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0205000_2_000002B45B020500
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFD7B8D0_2_000002B45AFD7B8D
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0089500_2_000002B45B008950
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0469840_2_000002B45B046984
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0419B80_2_000002B45B0419B8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0429F40_2_000002B45B0429F4
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B034A000_2_000002B45B034A00
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFF9A100_2_000002B45AFF9A10
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B03088C0_2_000002B45B03088C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0128C00_2_000002B45B0128C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0358D00_2_000002B45B0358D0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00C9300_2_000002B45B00C930
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00CF700_2_000002B45B00CF70
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFCFEE00_2_000002B45AFCFEE0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B01AE500_2_000002B45B01AE50
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B049EA00_2_000002B45B049EA0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFA6D200_2_000002B45AFA6D20
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B044D780_2_000002B45B044D78
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B030D980_2_000002B45B030D98
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00FDB00_2_000002B45B00FDB0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B03EE060_2_000002B45B03EE06
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B038C340_2_000002B45B038C34
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00CC500_2_000002B45B00CC50
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFA5DB00_2_000002B45AFA5DB0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B032CD00_2_000002B45B032CD0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFEE3200_2_000002B45AFEE320
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFD02E00_2_000002B45AFD02E0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0413C80_2_000002B45B0413C8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0243F00_2_000002B45B0243F0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFC83D00_2_000002B45AFC83D0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00D2A00_2_000002B45B00D2A0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B05E2CC0_2_000002B45B05E2CC
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00C3000_2_000002B45B00C300
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFD61300_2_000002B45AFD6130
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFEE1300_2_000002B45AFEE130
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFD90900_2_000002B45AFD9090
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0151E00_2_000002B45B0151E0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0101F00_2_000002B45B0101F0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0182300_2_000002B45B018230
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00F0400_2_000002B45B00F040
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0350440_2_000002B45B035044
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0370600_2_000002B45B037060
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDA1F00_2_000002B45AFDA1F0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFA61800_2_000002B45AFA6180
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAEFF2C0_2_00007FF65DAEFF2C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADCEB20_2_00007FF65DADCEB2
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DB03DA00_2_00007FF65DB03DA0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE41100_2_00007FF65DAE4110
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAC30B00_2_00007FF65DAC30B0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAF209C0_2_00007FF65DAF209C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADAF560_2_00007FF65DADAF56
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADCFA00_2_00007FF65DADCFA0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAD7F900_2_00007FF65DAD7F90
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAEFA900_2_00007FF65DAEFA90
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADF9F00_2_00007FF65DADF9F0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAB39E00_2_00007FF65DAB39E0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADCA200_2_00007FF65DADCA20
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE9CD80_2_00007FF65DAE9CD8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE6CD80_2_00007FF65DAE6CD8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADFBF40_2_00007FF65DADFBF4
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAD4C300_2_00007FF65DAD4C30
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAD8C300_2_00007FF65DAD8C30
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAD9C100_2_00007FF65DAD9C10
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAD2B970_2_00007FF65DAD2B97
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAB66E00_2_00007FF65DAB66E0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAB67300_2_00007FF65DAB6730
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADC5500_2_00007FF65DADC550
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAF28CC0_2_00007FF65DAF28CC
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE68440_2_00007FF65DAE6844
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAEC8B40_2_00007FF65DAEC8B4
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADF7EC0_2_00007FF65DADF7EC
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE87580_2_00007FF65DAE8758
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAC27B00_2_00007FF65DAC27B0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE07B40_2_00007FF65DAE07B4
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAD22E80_2_00007FF65DAD22E8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE02A80_2_00007FF65DAE02A8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAD81D00_2_00007FF65DAD81D0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADA1400_2_00007FF65DADA140
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAEA4480_2_00007FF65DAEA448
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE23EC0_2_00007FF65DAE23EC
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE73580_2_00007FF65DAE7358
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: String function: 00007FF65DAB51F0 appears 69 times
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: String function: 000002B45AFCB930 appears 32 times
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: String function: 000002B45AFE5330 appears 70 times
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: String function: 000002B45AFD4C00 appears 41 times
              Source: classification engineClassification label: mal92.troj.spyw.winEXE@1/0@1/2
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B025970 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_000002B45B025970
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B072008 AdjustTokenPrivileges,CredEnumerateA,0_2_000002B45B072008
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDC8C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_000002B45AFDC8C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B00F19A CoCreateInstance,0_2_000002B45B00F19A
              Source: C:\Users\user\Desktop\apilibx64.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69633E538B19
              Source: apilibx64.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\apilibx64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: apilibx64.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: apilibx64.exeStatic file information: File size 3341824 > 1048576
              Source: apilibx64.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2bd800
              Source: apilibx64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: apilibx64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: apilibx64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: apilibx64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: apilibx64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: apilibx64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: apilibx64.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: apilibx64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: apilibx64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: apilibx64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: apilibx64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: apilibx64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: apilibx64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDB820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000002B45AFDB820
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B01E874 push rbx; iretd 0_2_000002B45B01E875
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B01E89C push rbx; iretd 0_2_000002B45B01E89D
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADDB93 push rcx; iretd 0_2_00007FF65DADDB94
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADDB8C push rdi; ret 0_2_00007FF65DADDB90
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADD8A1 push rdi; ret 0_2_00007FF65DADD8A5
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DADD2C0 push rcx; iretd 0_2_00007FF65DADD2C1
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B016480 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,0_2_000002B45B016480
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B059810 FindClose,FindFirstFileExW,GetLastError,0_2_000002B45B059810
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0598C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000002B45B0598C0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0213B0 GetLogicalDriveStringsW,0_2_000002B45B0213B0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B037348 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_000002B45B037348
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
              Source: apilibx64.exe, 00000000.00000002.1887143065.000002B459484000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft-hyper-v-migration-replacement.manor.infW|Vj
              Source: apilibx64.exe, 00000000.00000003.1703039193.000002B4594A1000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000002.1887143065.000002B459484000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000002.1887309159.000002B45ADE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: C:\Users\user\Desktop\apilibx64.exeAPI call chain: ExitProcess graph end nodegraph_0-94417
              Source: C:\Users\user\Desktop\apilibx64.exeAPI call chain: ExitProcess graph end nodegraph_0-94422
              Source: C:\Users\user\Desktop\apilibx64.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0243F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_000002B45B0243F0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B05BB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000002B45B05BB14
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B05BB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_000002B45B05BB14
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45AFDB820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_000002B45AFDB820
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B047F00 GetProcessHeap,0_2_000002B45B047F00
              Source: C:\Users\user\Desktop\apilibx64.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B02F920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000002B45B02F920
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0722D8 SetUnhandledExceptionFilter,0_2_000002B45B0722D8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE1E68 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF65DAE1E68
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAF5AC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF65DAF5AC0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B0151E0 ShellExecuteW,0_2_000002B45B0151E0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_00007FF65DAE9AA0 cpuid 0_2_00007FF65DAE9AA0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_000002B45B047778
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,0_2_000002B45B047828
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,0_2_000002B45B047620
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_000002B45B059480
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_000002B45B04795C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_000002B45B046F14
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,0_2_000002B45B03BC68
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,0_2_000002B45B047340
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,0_2_000002B45B072398
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_000002B45B0473D8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,0_2_000002B45B047270
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,0_2_000002B45B03C1A8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,0_2_00007FF65DAE8E4C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF65DAECE44
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF65DAED6A8
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,0_2_00007FF65DAED550
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF65DAED88C
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,0_2_00007FF65DAED758
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF65DAED308
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,0_2_00007FF65DAED270
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: GetLocaleInfoW,0_2_00007FF65DAE91E0
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: EnumSystemLocalesW,0_2_00007FF65DAED1A0
              Source: C:\Users\user\Desktop\apilibx64.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B036718 GetSystemTimeAsFileTime,0_2_000002B45B036718
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B020110 GetUserNameW,0_2_000002B45B020110
              Source: C:\Users\user\Desktop\apilibx64.exeCode function: 0_2_000002B45B021660 GetTimeZoneInformation,GlobalMemoryStatusEx,wcsftime,GetModuleFileNameA,0_2_000002B45B021660

              Stealing of Sensitive Information

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: apilibx64.exe PID: 7152, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.apilibx64.exe.2b45afa0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.apilibx64.exe.2b45afa0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1887309159.000002B45ADE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: apilibx64.exe PID: 7152, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\config8n=r
              Source: apilibx64.exe, 00000000.00000003.1728287450.000002B45EB67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K",
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallets
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreofileser
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallets
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreofileser
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsata\*
              Source: apilibx64.exe, 00000000.00000003.1711353095.000002B4594EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreofileser
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Users\user\Desktop\apilibx64.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\apilibx64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\apilibx64.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: apilibx64.exe PID: 7152, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.apilibx64.exe.2b45afa0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.apilibx64.exe.2b45afa0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1887309159.000002B45ADE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: apilibx64.exe PID: 7152, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Native API              		1
              DLL Side-Loading              		1
              Exploitation for Privilege Escalation              		1
              Access Token Manipulation              		1
              OS Credential Dumping              		12
              System Time Discovery              		Remote Services1
              Screen Capture              		21
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Access Token Manipulation              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory31
              Security Software Discovery              		Remote Desktop Protocol1
              Email Collection              		1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		2
              Obfuscated Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS1
              Account Discovery              		Distributed Component Object Model2
              Data from Local System              		2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
              System Owner/User Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
              System Network Configuration Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync3
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://ns.microsoft.t/RegiU0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              api.ipify.org
              		104.26.12.205
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://api.ipify.org/false
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://duckduckgo.com/chrome_newtabapilibx64.exe, 00000000.00000003.1705880403.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704940672.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703831234.000002B459525000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFapilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/ac/?q=apilibx64.exe, 00000000.00000003.1705880403.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704940672.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703831234.000002B459525000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgapilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoapilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=apilibx64.exe, 00000000.00000003.1705880403.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B459525000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704940672.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703831234.000002B459525000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaapilibx64.exe, 00000000.00000003.1711353095.000002B4594BD000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016apilibx64.exe, 00000000.00000003.1704800492.000002B45C0E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17apilibx64.exe, 00000000.00000003.1704800492.000002B45C0E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ecosia.org/newtab/apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brapilibx64.exe, 00000000.00000003.1707305814.000002B45B2E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://ac.ecosia.org/autocomplete?q=apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgapilibx64.exe, 00000000.00000003.1711353095.000002B4594BD000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiapilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://ns.microsoft.t/RegiUapilibx64.exe, 00000000.00000003.1702540903.000002B45BE11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installapilibx64.exe, 00000000.00000003.1704271513.000002B45C073000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C09C000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C083000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704509749.000002B45AE88000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C0C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.ipify.org/A%apilibx64.exe, 00000000.00000003.1703039193.000002B4594A1000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000002.1887143065.000002B459484000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchapilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.mozilla.orgapilibx64.exe, 00000000.00000003.1709121696.000002B45C8BC000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2DC000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B280000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1C0000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707697086.000002B45B1C8000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B2D4000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C0FF000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707840209.000002B45AE88000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707305814.000002B45B288000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1707570895.000002B45C107000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesapilibx64.exe, 00000000.00000003.1704271513.000002B45C073000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704601944.000002B45951F000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C09C000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C083000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704509749.000002B45AE88000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1704271513.000002B45C0C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ns.microsoft.t/Regiapilibx64.exe, 00000000.00000003.1886809285.000002B45BE24000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1886758525.000002B45BE20000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1886727297.000002B45BE20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=apilibx64.exe, 00000000.00000003.1704004636.000002B4594BE000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1703912498.000002B45AE6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94apilibx64.exe, 00000000.00000003.1711353095.000002B4594BD000.00000004.00000020.00020000.00000000.sdmp, apilibx64.exe, 00000000.00000003.1711298182.000002B45AEBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  104.26.12.205
                                                                  		api.ipify.orgUnited States
                                                                  		13335CLOUDFLARENETUSfalse
                                                                  45.130.145.152
                                                                  		unknownRussian Federation
                                                                  		49392ASBAXETNRUtrue

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1570005
                                                                  Start date and time:2024-12-06 14:08:08 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 4m 26s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:4
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:apilibx64.exe
                                                                  Detection:MAL
                                                                  Classification:mal92.troj.spyw.winEXE@1/0@1/2
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HCA Information:
                                                                  • Successful, ratio: 99%
                                                                  • Number of executed functions: 102
                                                                  • Number of non-executed functions: 140
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Stop behavior analysis, all processes terminated

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • VT rate limit hit for: apilibx64.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  No simulations

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  104.26.12.205xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                  • api.ipify.org/
                                                                  GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                                  • api.ipify.org/
                                                                  8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                                  • api.ipify.org/
                                                                  Simple2.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                                  • api.ipify.org/
                                                                  Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                  • api.ipify.org/
                                                                  6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                  • api.ipify.org/
                                                                  perfcc.elfGet hashmaliciousXmrigBrowse
                                                                  • api.ipify.org/
                                                                  SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                  • api.ipify.org/
                                                                  SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                  • api.ipify.org/
                                                                  45.130.145.152venomderek.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                    siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                      unique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                        siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                          chelentano.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                              HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                  bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                    brozer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      api.ipify.orgxKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.12.205
                                                                                      BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.13.205
                                                                                      lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.13.205
                                                                                      GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.12.205
                                                                                      8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                                                      • 104.26.12.205
                                                                                      Simple1.exeGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.74.152
                                                                                      Simple1.exeGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.13.205
                                                                                      Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.74.152
                                                                                      systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.74.152

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      CLOUDFLARENETUSFortexternal.exeGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.9.59
                                                                                      Software.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.165.166
                                                                                      Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 172.67.130.33
                                                                                      https://jet.cloudhostingworks.com/CetQr/Get hashmaliciousHTMLPhisherBrowse
                                                                                      • 104.21.112.1
                                                                                      Setup.msiGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.204.246
                                                                                      xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.12.205
                                                                                      BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.13.205
                                                                                      lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.13.205
                                                                                      GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                                                      • 104.26.12.205
                                                                                      8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                                                      • 104.26.12.205
                                                                                      ASBAXETNRUvenomderek.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152
                                                                                      botnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                      • 212.196.108.28
                                                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158
                                                                                      ppc.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158
                                                                                      hmips.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158
                                                                                      siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152
                                                                                      unique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152
                                                                                      siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 45.130.145.152
                                                                                      1732748284fd56a2da13edf4ae4b865c44fa6834581d27eb2edbfe3fc50ef131cb95db5639506.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                      • 45.135.232.38
                                                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                                                      • 212.192.15.158

                                                                                      JA3 Fingerprints

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      37f463bf4616ecd445d4a1937da06e19Fortexternal.exeGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      Setup.msiGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      Document_PDF.vbsGet hashmaliciousFormBookBrowse
                                                                                      • 104.26.12.205
                                                                                      Pr9cqW75nY.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      G3vWD786PN.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      hTXtTJXdLt.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      fqufh5EOJr.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      NGVW0QXQSn.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      EU2Yvx0L9q.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205
                                                                                      0XyV1vWJn6.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 104.26.12.205

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      No created / dropped files found

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Entropy (8bit):4.217119721003012
                                                                                      TrID:
                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:apilibx64.exe
                                                                                      File size:3'341'824 bytes
                                                                                      MD5:bca7e8cada42a299c99380fd96e5104f
                                                                                      SHA1:7d45496f1b23412425ec5c39ee5e0177a9269441
                                                                                      SHA256:6e6656ae6250e35281bc76ad996849ad047f2013b633c00d49e2ff07e590a1c1
                                                                                      SHA512:e62a2c0c26fecbbf550621c7410dd141a1ef549b01446a4d3d6d2f16a5e31ee696392cbb00b382a8c32358fb018fa04dc85ad78bf7e5725333dfd7e63269920f
                                                                                      SSDEEP:24576:S/frmzI7lsX7Rh7lmXh0lhSMXlWusIIiDCVQ9owotOgbZr37SIes:KfrmzI7OXBGuDIiHitOgpLS
                                                                                      TLSH:04F5AD67EA9064F3D874C13488A3076BBA767481C37183875798672A5F52BE43F3AF84
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N..f...5...5...5.x.4...5.x.4...5.x.4V..5A..4...5A..4...5A..4...52|.4$..52|.4...5By.4...5A..4...5...5...5Ay.4...5AyH5...5Ay.4...

                                                                                      File Icon

                                                                                      Icon Hash:90cececece8e8eb0

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x140055a30
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x140000000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x67451F50 [Tue Nov 26 01:07:28 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:6
                                                                                      OS Version Minor:0
                                                                                      File Version Major:6
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:6
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:de1751741e7d5e07ce98493d3f0130fc

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      dec eax
                                                                                      sub esp, 28h
                                                                                      call 00007FD5F91DE9BCh
                                                                                      dec eax
                                                                                      add esp, 28h
                                                                                      jmp 00007FD5F91DDD3Fh
                                                                                      int3
                                                                                      int3
                                                                                      dec eax
                                                                                      sub esp, 28h
                                                                                      dec ebp
                                                                                      mov eax, dword ptr [ecx+38h]
                                                                                      dec eax
                                                                                      mov ecx, edx
                                                                                      dec ecx
                                                                                      mov edx, ecx
                                                                                      call 00007FD5F91DDED2h
                                                                                      mov eax, 00000001h
                                                                                      dec eax
                                                                                      add esp, 28h
                                                                                      ret
                                                                                      int3
                                                                                      int3
                                                                                      int3
                                                                                      inc eax
                                                                                      push ebx
                                                                                      inc ebp
                                                                                      mov ebx, dword ptr [eax]
                                                                                      dec eax
                                                                                      mov ebx, edx
                                                                                      inc ecx
                                                                                      and ebx, FFFFFFF8h
                                                                                      dec esp
                                                                                      mov ecx, ecx
                                                                                      inc ecx
                                                                                      test byte ptr [eax], 00000004h
                                                                                      dec esp
                                                                                      mov edx, ecx
                                                                                      je 00007FD5F91DDED5h
                                                                                      inc ecx
                                                                                      mov eax, dword ptr [eax+08h]
                                                                                      dec ebp
                                                                                      arpl word ptr [eax+04h], dx
                                                                                      neg eax
                                                                                      dec esp
                                                                                      add edx, ecx
                                                                                      dec eax
                                                                                      arpl ax, cx
                                                                                      dec esp
                                                                                      and edx, ecx
                                                                                      dec ecx
                                                                                      arpl bx, ax
                                                                                      dec edx
                                                                                      mov edx, dword ptr [eax+edx]
                                                                                      dec eax
                                                                                      mov eax, dword ptr [ebx+10h]
                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                      dec eax
                                                                                      mov eax, dword ptr [ebx+08h]
                                                                                      test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                      je 00007FD5F91DDECDh
                                                                                      movzx eax, byte ptr [ecx+eax+03h]
                                                                                      and eax, FFFFFFF0h
                                                                                      dec esp
                                                                                      add ecx, eax
                                                                                      dec esp
                                                                                      xor ecx, edx
                                                                                      dec ecx
                                                                                      mov ecx, ecx
                                                                                      pop ebx
                                                                                      jmp 00007FD5F91DD906h
                                                                                      int3
                                                                                      inc eax
                                                                                      push ebx
                                                                                      dec eax
                                                                                      sub esp, 20h
                                                                                      dec eax
                                                                                      mov ebx, ecx
                                                                                      xor ecx, ecx
                                                                                      call dword ptr [0001563Fh]
                                                                                      dec eax
                                                                                      mov ecx, ebx
                                                                                      call dword ptr [0001562Eh]
                                                                                      call dword ptr [000155B0h]
                                                                                      dec eax
                                                                                      mov ecx, eax
                                                                                      mov edx, C0000409h
                                                                                      dec eax
                                                                                      add esp, 20h
                                                                                      pop ebx
                                                                                      dec eax
                                                                                      jmp dword ptr [00015624h]
                                                                                      dec eax
                                                                                      mov dword ptr [esp+00h], ecx

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x327b9c0x64.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3320000x1e0.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x32c0000x57e4.pdata
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x3330000x1d38.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x320ef00x38.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x3211000x28.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x320db00x140.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x6b0000x330.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x692f00x69400201d673c76ad9fae647f8cd6a278e333False0.4342200489904988data6.181155425260236IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x6b0000x2bd6960x2bd8005f98071d1dca5045e2419fee0cd6b127unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x3290000x2f1c0x16008e0cf2168d43982c322bc34eed94de2bFalse0.18980823863636365data3.2059756111359152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .pdata0x32c0000x57e40x58004c0d14150dd6a4ac35b35408d7a8233dFalse0.47767223011363635data5.711183919097264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x3320000x1e00x2000c1ab865bc43ec75ebd479502575ccefFalse0.525390625data4.700456763479242IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x3330000x1d380x1e003d9cd06dc9d02c11c130514ad02ec0c5False0.6712239583333334data6.471011674882192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_MANIFEST0x3320600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                      Imports

                                                                                      DLLImport
                                                                                      ntdll.dllRtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
                                                                                      KERNEL32.dllGetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, FindNextFileW, FindFirstFileExW, FindClose, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, ReadFile, WriteFile, CreateFileW, CloseHandle, GetProcAddress, GetCurrentProcess, VirtualQuery, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, MultiByteToWideChar, ExitProcess, WideCharToMultiByte, GetLastError, DeleteCriticalSection, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, GetCurrentThreadId, GetStdHandle, GetFileType, FreeEnvironmentStringsW, RaiseException, HeapReAlloc, HeapSize, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, FreeLibrary, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, EnumSystemLocalesW, GetCPInfo, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetModuleHandleExW, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, GetProcessHeap, SetStdHandle, ReadConsoleW, FlushFileBuffers, WriteConsoleW, QueryPerformanceCounter, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetUserDefaultLCID, InitializeCriticalSectionEx, DecodePointer, LCMapStringEx
                                                                                      USER32.dllLoadAcceleratorsA, LoadAcceleratorsW
                                                                                      ADVAPI32.dllGetTokenInformation, OpenProcessToken

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-12-06T14:09:05.357434+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-06T14:09:05.357434+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-06T14:09:05.357434+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-06T14:09:05.477481+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                                                                      2024-12-06T14:09:05.477481+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 6, 2024 14:09:00.314306974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:00.434163094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:00.435638905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:00.642592907 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:00.642627954 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:00.642699957 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:00.651736021 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:00.651748896 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:01.915719032 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:01.915868998 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:02.170137882 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:02.170167923 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:02.170536995 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:02.170598030 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:02.171569109 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:02.215339899 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:02.502363920 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:02.502427101 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:02.502433062 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:02.502474070 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:02.502732038 CET49731443192.168.2.4104.26.12.205
                                                                                      Dec 6, 2024 14:09:02.502748013 CET44349731104.26.12.205192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.357434034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.477385044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477401972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477411985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477421999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477437019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477480888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.477494955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477576971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.477626085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477679014 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.477719069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477874041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477922916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.477925062 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.481647968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.597353935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.597364902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.597409964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.597424030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.597498894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.597553968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.597575903 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.597630024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.606712103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.609822035 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.717745066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.717818975 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.717962980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.718051910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.718077898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.718106031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.718142986 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.718168974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.718173027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.718203068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.718228102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.718256950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.729700089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.729841948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.729909897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730007887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730148077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730214119 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730288982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730375051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730385065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730429888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730460882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730503082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730511904 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730565071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730602026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730631113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730654001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730690002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730752945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730801105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730839968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730849981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730870008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.730895996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.730947018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.837703943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.837721109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.837802887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.837948084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.837996960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838059902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838064909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838125944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838135958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838164091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838207006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838228941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838248014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838284016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838293076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838301897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838331938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838331938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838392973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838406086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838433981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838485956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838499069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838506937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838551998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838567972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838620901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838635921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838645935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838660955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838685036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838706017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838715076 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838792086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838800907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838869095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.838893890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838901997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.838956118 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.849839926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.849904060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.849982977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850027084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850044966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850101948 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850150108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850172043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850241899 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850356102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850366116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850403070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850415945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850445032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850459099 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850488901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850512028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850522041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850574017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850611925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850629091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850688934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850709915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850748062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850815058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850832939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850845098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850867987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850877047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850894928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850928068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.850941896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850958109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.850995064 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851030111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851062059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851073027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851083040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851129055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851151943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851193905 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851202011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851202965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851248026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851295948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851305962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851353884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851433039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851442099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851450920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851461887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851480007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851491928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851495028 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851516008 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851545095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.851571083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851581097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851600885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.851643085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.957626104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.957644939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.957696915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.957734108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.957743883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.957772017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.957832098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.957927942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.957937956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.957971096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958008051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958009958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958044052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958064079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958070993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958074093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958131075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958132982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958153009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958184958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958203077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958309889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958318949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958359957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958368063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958419085 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958439112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958452940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958484888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958493948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958501101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958501101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958540916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958549976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958555937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958591938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958595037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958617926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958648920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958678961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958739996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958750010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958755016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958765030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958767891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958784103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.958807945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.958833933 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.959219933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959228992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959233046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959237099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959244967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959254026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959261894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959270954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959279060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959292889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959300995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959301949 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.959309101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959322929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959333897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959342003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.959343910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959356070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959364891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.959368944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.959412098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.969723940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.969742060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.969784975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.969801903 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.969818115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.969888926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.969975948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.969985962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970016003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970041037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970071077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970072985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970101118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970109940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970119953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970163107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970195055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970204115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970222950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970247984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970257044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970283031 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970288992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970307112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970340967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970341921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970351934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970396996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970427990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970438004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970463991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970475912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970484972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970519066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970540047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970551968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970572948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970609903 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970629930 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970633984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970657110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970679045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970706940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970797062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970805883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970837116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970845938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970856905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970895052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.970922947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970942974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970968008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.970977068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971014023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971018076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971029043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971055031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971064091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971076012 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971121073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971155882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971165895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971216917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971223116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971225977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971257925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971271038 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971277952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971307039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971337080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971338034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971364021 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971390963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971395016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971443892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971446037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971456051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971513987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971576929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971585989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971594095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971599102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971615076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971657991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971667051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971674919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971724987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971770048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971779108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971793890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971802950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971846104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971890926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971899986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971909046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971935987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.971949100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971962929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.971983910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972002029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972069025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972125053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972126961 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972137928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972198009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972210884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972219944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972238064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972259045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972266912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972286940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972306013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972332001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972341061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972388029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972404957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972414017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972465038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972480059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972487926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972542048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972548008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972558975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:05.972594023 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:05.972628117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.077691078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.077714920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.077756882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.077805996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.077907085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.077917099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.077919006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.077964067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.077965021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.077977896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078044891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078066111 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078075886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078115940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078136921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078164101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078196049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078229904 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078258991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078268051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078278065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078315020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078315973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078332901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078375101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078380108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078389883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078437090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078444004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078454971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078478098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078496933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078520060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078546047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078571081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078597069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078617096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078628063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078644037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078658104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078671932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078702927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078758001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078763962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078773975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078799963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078840971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078856945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078866959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078911066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078919888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078919888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.078953028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078963041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.078973055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079011917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079055071 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079118967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079128027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079135895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079186916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079205990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079225063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079235077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079251051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079258919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079283953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079301119 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079334974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079386950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079449892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079524040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079535007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079544067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079552889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079560995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079570055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079585075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079595089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079603910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079612970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079618931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079636097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079637051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079672098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079689980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079690933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079700947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079755068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079785109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079818010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079873085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079880953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079881907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079890966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.079952002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.079967976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080014944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080024004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080091953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080136061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080144882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080148935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080188990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080214024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080243111 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080251932 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080255032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080272913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080286980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080319881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080348015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080404043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080415964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080465078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080466986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080477953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080482960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080497026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080533028 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080559969 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080573082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080581903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080625057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080629110 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080670118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080701113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080727100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080734015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080741882 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080785036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080794096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080804110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080857038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.080915928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080924988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080929041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.080988884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.081027985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.081037045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.081039906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.081047058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.081057072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.081091881 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.081110001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.089879036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.089888096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.089890957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.089895010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.089904070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.089912891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.089977026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.089994907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090007067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090007067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090015888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090024948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090034962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090049982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090061903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090086937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090090990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090115070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090142012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090147972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090151072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090199947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090203047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090209961 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090261936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090262890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090315104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090325117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090369940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090406895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090416908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090462923 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090465069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090496063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090524912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090550900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090558052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090583086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090603113 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090626001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090642929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090651989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090673923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090682030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090713024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090734005 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090740919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090783119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090791941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090799093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090801001 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090837955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090852022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.090938091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090948105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090951920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.090955019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091016054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091165066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091175079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091182947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091191053 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091200113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091208935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091228962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091269016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091285944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091295004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091301918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091316938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091327906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091335058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091342926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091345072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091367960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091382027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091396093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091424942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091562033 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091572046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091574907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091582060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091589928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091638088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091645956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091650963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091653109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091665030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091675043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091701031 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091733932 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091736078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091743946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091753006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091762066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091793060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091813087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091821909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091821909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091830015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091876030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091897011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.091945887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091954947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091959000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.091991901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092000008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092008114 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092022896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092047930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092052937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092066050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092080116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092096090 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092120886 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092129946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092139006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092196941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092216969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092226028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092273951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092288017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092298031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092349052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092354059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092363119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092371941 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092427015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092458010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092468023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092521906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092571020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092581034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092588902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092597008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092638016 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092659950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092672110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092681885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092689991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092698097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092729092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092752934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092781067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092791080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092797995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092807055 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092837095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092869997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.092904091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092914104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092921019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092928886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092937946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.092979908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093014956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093024969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093029022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093033075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093048096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093056917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093095064 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093120098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093161106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093194008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093225002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093228102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093238115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093247890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093278885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093285084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093288898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093302965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093318939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093343973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093368053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093380928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093389988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093425035 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093432903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093447924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093478918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093478918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093496084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093534946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093544006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093549967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093599081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093684912 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093693972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093700886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093709946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093749046 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093754053 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093764067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093765020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093774080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093782902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093846083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093868017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093877077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093924046 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.093950987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.093961000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094011068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094050884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094060898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094082117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094089985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094115973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094137907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094150066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094158888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094197989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094207048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094208956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094254017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094268084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094289064 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094316006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094335079 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094409943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094419956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094465971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094470978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094475031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094523907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094623089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094631910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094639063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094646931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.094682932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.094703913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.197685957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.197704077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.197753906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.197796106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.197845936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.197853088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.197873116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.197911978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.197941065 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.197953939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.197963953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198029995 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198061943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198102951 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198128939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198156118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198164940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198215961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198220968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198280096 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198282957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198337078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198400974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198456049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198465109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198512077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198530912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198574066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198651075 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198668003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198709011 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198724985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198729992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198786020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198786974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198849916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198863983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198926926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.198956966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.198966980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199021101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199038982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199093103 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199120045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199150085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199187040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199214935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199249983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199306965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199307919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199346066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199369907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199418068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199441910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199506044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199506998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199573994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199599981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199655056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199665070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199724913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199795961 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199805021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199877024 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.199949980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.199959993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200000048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200020075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200051069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200056076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200110912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200124979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200184107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200326920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200383902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200407982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200459003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200465918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200527906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200572014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200628042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200628996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200690985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200702906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200711966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200767040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200799942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200855017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200879097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200936079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.200936079 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.200953960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201010942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201091051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201143980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201149940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201262951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201270103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201287031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201334953 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201375961 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201431036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201432943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201491117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201544046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201600075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201631069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201687098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201689005 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201725960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201745987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201782942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201785088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201829910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201842070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201889038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.201909065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.201961040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202054977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202070951 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202114105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202152967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202184916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202208042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202250957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202280998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202320099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202337980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202372074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202383041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202434063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202447891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202476978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202500105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202542067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202579975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202589989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202645063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202661037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202686071 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202714920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202737093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202756882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202792883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202816010 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202850103 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202883005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202934980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202938080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.202975035 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.202991009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203010082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203032017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203072071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203084946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203144073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203149080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203217983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203233957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203280926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203283072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203290939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203351021 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203373909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203408003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203429937 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203464031 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203474998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203526974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203552008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203613043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203632116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203641891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203700066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203708887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203783989 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203799963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203859091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203881979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203898907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203941107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203942060 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.203978062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.203996897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.204031944 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.209832907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.209917068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210160971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210211992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210217953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210274935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210418940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210475922 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210488081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210536957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210561991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210572004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210643053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210702896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210743904 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210777998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210824013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210824966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210881948 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210886955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.210953951 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.210988045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211040974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211097002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211168051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211186886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211236954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211294889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211338997 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211353064 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211390018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211419106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211441040 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211471081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211491108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211503029 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211529970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211564064 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211590052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211632013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211641073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211699009 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211704016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211756945 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211786985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211803913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211843967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211857080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211906910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.211909056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.211976051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212043047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212052107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212116003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212249994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212259054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212321997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212423086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212481022 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212557077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212564945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212616920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212618113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212641001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212676048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212685108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212707996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212732077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212771893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212781906 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212826967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212862015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212869883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212918997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.212948084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.212997913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213000059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213027954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213051081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213072062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213089943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213115931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213126898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213166952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213185072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213217020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213244915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213304043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213346004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213356972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213363886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213404894 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213428974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213434935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213485003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213531017 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213540077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213547945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213587999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213599920 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213607073 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213615894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213624954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213664055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213679075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213685036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213742018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213815928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213830948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213840008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213859081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.213876963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213895082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213921070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.213953018 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214004993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214009047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214060068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214185953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214195013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214198112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214207888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214257002 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214286089 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214302063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214335918 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214359999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214458942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214468956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214513063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214514971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214524984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214544058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214553118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214576006 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214605093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214615107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214684010 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214684963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214694977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214721918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214739084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214776993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214782953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214793921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214837074 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214875937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214884996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214941025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.214972973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.214982986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215033054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215054989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215065002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215114117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215116978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215126991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215188026 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215229034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215238094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215275049 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215301991 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215318918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215328932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215363979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215368986 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215374947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215419054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215456963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215466022 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215470076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215476990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215519905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215605974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215615988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215620041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215627909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215636969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215673923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215675116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215699911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215724945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215738058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215753078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215785027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215786934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215822935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215843916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215868950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215871096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215890884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215924025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215941906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.215950012 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215970039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.215998888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216015100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216064930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216115952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216151953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216162920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216166019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216176987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216185093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216217995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216223955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216262102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216273069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216320038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216340065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216348886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216396093 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216423988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216433048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216486931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216495037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216504097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216528893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216536999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216552019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216578007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216587067 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216589928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216633081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216682911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216691971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216728926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216737986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216738939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216792107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216804028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216813087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216845036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216851950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216857910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216892958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216897964 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216933966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.216942072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.216991901 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217048883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217057943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217082977 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217092991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217113018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217149019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217176914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217192888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217226982 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217243910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217256069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217264891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217308998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217346907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217355967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217387915 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217407942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217437029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217484951 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217494965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217534065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217542887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217542887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217554092 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217591047 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217619896 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217628002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217638969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217672110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217674017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217708111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217721939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217734098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217767954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217782021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217787981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217819929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217834949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217837095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217881918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217889071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217936993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.217951059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.217966080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218000889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218015909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218034983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218060970 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218087912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218105078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218131065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218139887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218143940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218152046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218195915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218277931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218293905 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218307972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218317986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218338966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218365908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218394995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218405008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218449116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218452930 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218458891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218499899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218504906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218535900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218559980 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218585014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218589067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218605042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218642950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218656063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218664885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218713045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218713999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218723059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218770027 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218849897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218859911 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218905926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.218928099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218938112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.218986988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219012976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219022989 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219041109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219069958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219098091 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219144106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219153881 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219156981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219206095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219285965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219295025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219321966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219340086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219346046 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219377041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219388962 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219461918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219471931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219520092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219521999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219532013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219574928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219578028 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219584942 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219620943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219629049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219680071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219708920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219717979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219752073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219767094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219791889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219801903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219813108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219851017 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219876051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219886065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219893932 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219897985 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219952106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.219965935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.219969034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220011950 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220056057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220065117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220098019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220107079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220117092 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220158100 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220194101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220202923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220254898 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220257998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220268011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220300913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220309019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220319033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220339060 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220355034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220366955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220387936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220407009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220415115 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220474005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220484972 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220541954 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220571995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220587969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220594883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220603943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220640898 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220660925 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220691919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220700979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220705032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220711946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220715046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220765114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220810890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220819950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220829010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220837116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.220861912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.220885992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.317718983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.317754030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.317801952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.317843914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.317869902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.317890882 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.317922115 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.318011999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318044901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318058968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.318088055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.318260908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318314075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.318321943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318370104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.318430901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318479061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318480015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.318523884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.318816900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318831921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.318880081 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319070101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319117069 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319117069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319169998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319169998 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319202900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319220066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319256067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319354057 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319363117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319407940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319433928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319478989 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319506884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319557905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319618940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319673061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319725990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319777966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319834948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319884062 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.319885969 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.319930077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.320053101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.320067883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.320116997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.320699930 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.320749044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.320760965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.320811033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.321244001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.321300030 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.321315050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.321362972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.321846008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.321896076 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.321929932 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.321979046 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.322443008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.322489977 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.322520971 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.322582960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.322833061 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.322841883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.322887897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.323198080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.323250055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.323256016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.323317051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.323519945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.323574066 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.323620081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.323668957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.323863983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.323915958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.323921919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.323971987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324105978 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324151039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324153900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324202061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324352980 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324392080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324403048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324446917 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324618101 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324665070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324724913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324733973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324779034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324860096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324875116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324902058 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.324908972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324933052 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.324955940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.325130939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325139999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325186014 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.325227976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325253010 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325278997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.325294971 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.325445890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325480938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325495958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.325531960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.325691938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325700998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325747013 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.325906992 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325917006 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.325963020 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326070070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326077938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326124907 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326252937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326303005 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326318979 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326374054 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326543093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326581001 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326592922 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326631069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326839924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326857090 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.326889992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326906919 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.326997995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327008009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327058077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.327198982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327208042 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327254057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.327444077 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327487946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327495098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.327543974 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.327677011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327694893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327725887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.327743053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.327846050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327853918 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.327923059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.328011990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328044891 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328061104 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.328102112 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.328208923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328373909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328419924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.328432083 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328493118 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328537941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.328717947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328727007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328772068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.328967094 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.328975916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329025984 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.329086065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329135895 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329178095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.329298019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329308987 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329351902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.329540968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329552889 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329598904 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.329761982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.329974890 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.330028057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.330161095 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.330318928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.330368996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.330581903 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.330679893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.330729961 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.330919981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.330929041 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.330972910 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.331335068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.331372976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.331428051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.331545115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.331593990 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.331643105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.331855059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.331864119 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.331909895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.332253933 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.333100080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.333158970 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.333841085 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.333857059 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.333914042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.334208965 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.334225893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.334284067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.334657907 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.334672928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.334764004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.335073948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.335133076 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.335190058 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.335585117 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.335669994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.335731983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.336035013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336049080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336101055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.336261988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336340904 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336393118 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.336560011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336594105 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336647987 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.336879969 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336889982 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.336972952 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.337074995 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.337162018 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.337297916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.337424994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.337528944 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.337584019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.337755919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.337793112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.337810040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.337843895 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.338063002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.338112116 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.338140965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.338157892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.338382959 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.338433981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.338450909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.338668108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.338675976 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.338732004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.338872910 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.338920116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.338937998 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339109898 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339126110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339162111 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.339181900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.339382887 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339428902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339485884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.339632988 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339648962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339698076 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.339839935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339931011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.339983940 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.340205908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340214014 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340257883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.340394020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340403080 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340450048 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.340578079 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340589046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340645075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.340825081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340833902 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.340878963 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.341083050 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341092110 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341136932 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.341165066 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341206074 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341253996 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.341356993 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341373920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341428995 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.341569901 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341579914 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.341623068 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.342222929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342294931 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342353106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.342540026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342556953 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342617035 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.342686892 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342717886 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342775106 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.342931986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342941046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.342988014 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.343117952 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343131065 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343175888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.343287945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343297005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343343973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.343446016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343456030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343504906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.343590975 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343599081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343645096 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.343826056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343833923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.343879938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.343986034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344002008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344037056 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.344065905 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.344177008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344186068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344237089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.344362974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344372034 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344436884 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.344513893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344543934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344602108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.344703913 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344712973 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344779015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.344945908 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.344954967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.345000029 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.345148087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.345297098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.345351934 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.345380068 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.345396996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.345443010 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.345750093 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.345788956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.345838070 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.345994949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346065044 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346108913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.346201897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346210957 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346261978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.346501112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346515894 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346561909 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.346698999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346709013 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.346751928 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.348042011 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.348081112 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.348150015 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.348503113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.348512888 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.348562956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.348721981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.348838091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.348886967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.349067926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.349076986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.349113941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.349252939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.349364996 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.349426031 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.349464893 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.349488020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.349539042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.349636078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.349695921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.349857092 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.350003958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.350061893 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.350131035 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.350302935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.350361109 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.350467920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.350661039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.350724936 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.350953102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.351224899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.351286888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.351324081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.351389885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.351449966 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.351552963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.351703882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.351759911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.351836920 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.352044106 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.352114916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.352199078 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.352353096 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.352411985 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.352479935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.352689028 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.352750063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.352833986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.352963924 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.353018045 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.353133917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.353271008 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.353327036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.353434086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.353596926 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.353632927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.353816032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.353873968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.353971004 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.354140043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.354201078 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.354341984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.354549885 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.354605913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.354695082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.354902983 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.354969978 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.355052948 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.355185032 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.355240107 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.355319023 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.355658054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.355720997 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.355896950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.355979919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.356038094 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.356101036 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.356349945 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.356405973 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.356617928 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.356730938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.356781960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.356981039 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.357178926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.357223988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.357403994 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.357588053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.357604027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.357707024 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.357760906 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.357824087 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.358011007 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.358064890 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.358161926 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.358366966 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.358439922 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.358536005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.358814955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.358875990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.359067917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.359241009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.359291077 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.359468937 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.359529018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.359627962 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.359718084 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.359754086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.359956026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.360008955 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.360109091 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.360275984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.360327005 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.360461950 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.360702991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.360750914 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.360951900 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.361213923 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.361263990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.361474991 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.361534119 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.361684084 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.361737967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.362010956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.362062931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.362278938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.362328053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.362514019 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.362566948 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.362803936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.362854004 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.363032103 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.363085032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.363212109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.363262892 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.363440037 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.363490105 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.363712072 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.363759041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.363872051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.363920927 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.364125967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.364172935 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.364326000 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.364378929 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.364511967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.364571095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.364707947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.364757061 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.364877939 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.364927053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.365118027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.365168095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.365386963 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.365437984 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.365566015 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.365617037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.365807056 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.365859032 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.366070986 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.366131067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.366291046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.366341114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.366414070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.366470098 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.366563082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.366615057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.366774082 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.366821051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.366935968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.366986990 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.367182016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.367229939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.367430925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.367485046 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.367633104 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.367683887 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.367778063 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.367826939 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.367929935 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.367980957 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.368076086 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.368123055 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.368387938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.368436098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.368458033 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.368479967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.368688107 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.368746042 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.368815899 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.368865967 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.368948936 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.368999958 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.369195938 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.369246960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.373214960 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.373267889 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.373737097 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.373801947 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.374255896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.374316931 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.374869108 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.374918938 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.375303984 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.375375986 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.375679016 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.375852108 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.375973940 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.376025915 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.376434088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.376526117 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.376595020 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.376833916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.377012968 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.377054930 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.377075911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.377192974 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.377239943 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.377320051 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.377538919 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.377585888 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.377787113 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.378009081 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.378057003 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.378225088 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.378391981 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.378443956 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.378617048 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.378684044 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.378835917 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.378972054 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.379021883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.379159927 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.379417896 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.379463911 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.379657030 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.379971027 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.380026102 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.380121946 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.380358934 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.380408049 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.380637884 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.381181002 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.381230116 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.381372929 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.381633043 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.381690025 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.384902954 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.385678053 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.387238026 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.387725115 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.387773037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.388142109 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.388195038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.389704943 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.389714003 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.389816999 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.389854908 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.389918089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.389939070 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.389991999 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.390079021 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.390256882 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.390309095 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.390487909 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.390661955 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.390721083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.390831947 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.390974045 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.391035080 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.391110897 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.391275883 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.391324043 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.391552925 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.391675949 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.391727924 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.391818047 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.391932964 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.391990900 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.392071009 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.392204046 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.392251968 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.392458916 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.392601967 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.392652988 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.392735958 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.392805099 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.392857075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.392857075 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.437361956 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.437805891 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.437905073 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.437975883 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.438040018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.438055992 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.465987921 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.470218897 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470309019 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470356941 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470427036 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470484972 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470535994 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470583916 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470638037 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470699072 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470767975 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470812082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470870018 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470921993 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.470976114 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.471019983 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.471076965 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.471132040 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.471219063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.471271038 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.471338034 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.471375942 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.509977102 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.510173082 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.557305098 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.557560921 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.557694912 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.557774067 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.557856083 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.557923079 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.558003902 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.558078051 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.558176041 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.558247089 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.558326960 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.558377981 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.590137005 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.590485096 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.590629101 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.590702057 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.590774059 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.590853930 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.590923071 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.591005087 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.591093063 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.591157913 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.591217995 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.618628025 CET156664973045.130.145.152192.168.2.4
                                                                                      Dec 6, 2024 14:09:06.618941069 CET4973015666192.168.2.445.130.145.152
                                                                                      Dec 6, 2024 14:09:06.619072914 CET4973015666192.168.2.445.130.145.152

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Dec 6, 2024 14:09:00.491707087 CET192.168.2.41.1.1.10x6b97Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Dec 6, 2024 14:09:00.634769917 CET1.1.1.1192.168.2.40x6b97No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                      Dec 6, 2024 14:09:00.634769917 CET1.1.1.1192.168.2.40x6b97No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                      Dec 6, 2024 14:09:00.634769917 CET1.1.1.1192.168.2.40x6b97No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.449731104.26.12.2054437152C:\Users\user\Desktop\apilibx64.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-06 13:09:02 UTC100OUTGET / HTTP/1.1
                                                                                      Accept: text/html; text/plain; */*
                                                                                      Host: api.ipify.org
                                                                                      Cache-Control: no-cache
                                                                                      2024-12-06 13:09:02 UTC426INHTTP/1.1 200 OK
                                                                                      Date: Fri, 06 Dec 2024 13:09:02 GMT
                                                                                      Content-Type: text/plain
                                                                                      Content-Length: 12
                                                                                      Connection: close
                                                                                      Vary: Origin
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8edc821199370f6d-EWR
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=14419&min_rtt=1651&rtt_var=8323&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1768625&cwnd=252&unsent_bytes=0&cid=2647e8bca21e1866&ts=604&x=0"
                                                                                      2024-12-06 13:09:02 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                                      Data Ascii: 8.46.123.228


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:08:08:59
                                                                                      Start date:06/12/2024
                                                                                      Path:C:\Users\user\Desktop\apilibx64.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\Desktop\apilibx64.exe"
                                                                                      Imagebase:0x7ff65daa0000
                                                                                      File size:3'341'824 bytes
                                                                                      MD5 hash:BCA7E8CADA42A299C99380FD96E5104F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1887309159.000002B45ADE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:6.5%
                                                                                        Dynamic/Decrypted Code Coverage:89.7%
                                                                                        Signature Coverage:17.8%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:110
                                                                                        execution_graph 92750 2b45b026bb7 92751 2b45b026bc1 92750->92751 92756 2b45b0270b0 92751->92756 92755 2b45b026f13 92757 2b45b0270ef 92756->92757 92760 2b45b026bd0 92756->92760 92758 2b45b027368 92757->92758 92765 2b45b0272ed Concurrency::cancel_current_task 92757->92765 92778 2b45afe0dc0 92757->92778 92783 2b45aff9930 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 92758->92783 92771 2b45b04cb70 92760->92771 92761 2b45b027389 92784 2b45b0288e0 37 API calls 92761->92784 92763 2b45b02739f 92785 2b45afe4740 92763->92785 92765->92760 92796 2b45b0289c0 37 API calls 92765->92796 92767 2b45b0273ea 92768 2b45afe4740 37 API calls 92767->92768 92769 2b45b0273fd Concurrency::cancel_current_task 92768->92769 92772 2b45b04cb79 92771->92772 92773 2b45b04cb84 92772->92773 92774 2b45b04cf4c IsProcessorFeaturePresent 92772->92774 92773->92755 92775 2b45b04cf64 92774->92775 92896 2b45b04d144 RtlCaptureContext RtlLookupFunctionEntry capture_previous_context 92775->92896 92777 2b45b04cf77 92777->92755 92779 2b45afe0e22 92778->92779 92780 2b45afe0de3 _Yarn 92778->92780 92797 2b45afe5cb0 92779->92797 92780->92757 92782 2b45afe0e3b 92782->92757 92783->92761 92784->92763 92786 2b45afe4797 92785->92786 92817 2b45afceaa0 92786->92817 92788 2b45afe47d5 92839 2b45afe9c80 92788->92839 92790 2b45afe47e9 _Receive_impl 92793 2b45afe49a4 92790->92793 92849 2b45b04ea50 92790->92849 92792 2b45afe4924 _Receive_impl 92792->92793 92794 2b45b04cb70 _Strcoll 3 API calls 92792->92794 92795 2b45afe4996 92794->92795 92795->92765 92796->92767 92798 2b45afe5e26 92797->92798 92803 2b45afe5ce8 92797->92803 92814 2b45afcb870 37 API calls 92798->92814 92799 2b45afe5d4d 92809 2b45b04cb98 92799->92809 92801 2b45afe5e2b 92815 2b45afcb7b0 37 API calls 2 library calls 92801->92815 92803->92799 92805 2b45afe5d40 92803->92805 92806 2b45afe5d7c 92803->92806 92808 2b45afe5d33 _Yarn _Receive_impl 92803->92808 92805->92799 92805->92801 92807 2b45b04cb98 std::_Facet_Register 37 API calls 92806->92807 92807->92808 92808->92782 92811 2b45b04cba3 Concurrency::cancel_current_task std::_Facet_Register 92809->92811 92810 2b45b04cbbc 92810->92808 92811->92810 92816 2b45afcb7b0 37 API calls 2 library calls 92811->92816 92813 2b45b04cbd3 92815->92808 92816->92813 92818 2b45afceadb 92817->92818 92819 2b45afcebd1 92818->92819 92855 2b45afe51e0 92818->92855 92821 2b45afe0dc0 37 API calls 92819->92821 92822 2b45afcebea 92821->92822 92823 2b45afe0dc0 37 API calls 92822->92823 92825 2b45afcec03 92823->92825 92824 2b45afcec10 92827 2b45afe0dc0 37 API calls 92824->92827 92825->92824 92875 2b45afe5990 92825->92875 92828 2b45afcec5a 92827->92828 92829 2b45afe0dc0 37 API calls 92828->92829 92830 2b45afcec6f 92829->92830 92831 2b45afcecb3 _Receive_impl 92830->92831 92833 2b45afcecec 92830->92833 92832 2b45b04cb70 _Strcoll 3 API calls 92831->92832 92834 2b45afcecd8 92832->92834 92887 2b45b04eae0 7 API calls __std_exception_destroy 92833->92887 92834->92788 92836 2b45afced35 92888 2b45b04eae0 7 API calls __std_exception_destroy 92836->92888 92838 2b45afced42 _Receive_impl 92838->92788 92840 2b45afe9ce4 92839->92840 92841 2b45afe9cd8 92839->92841 92843 2b45afe0dc0 37 API calls 92840->92843 92842 2b45afe51e0 37 API calls 92841->92842 92842->92840 92844 2b45afe9d01 92843->92844 92845 2b45afe0dc0 37 API calls 92844->92845 92846 2b45afe9d1a 92845->92846 92847 2b45afe0dc0 37 API calls 92846->92847 92848 2b45afe9d33 92847->92848 92848->92790 92850 2b45b04eabb 92849->92850 92851 2b45b04ea71 92849->92851 92850->92792 92851->92850 92852 2b45b04eaa6 92851->92852 92894 2b45b036fc0 36 API calls 2 library calls 92851->92894 92895 2b45b02efd8 7 API calls 3 library calls 92852->92895 92856 2b45afe531a 92855->92856 92860 2b45afe5209 92855->92860 92889 2b45afcb870 37 API calls 92856->92889 92858 2b45afe526e 92861 2b45b04cb98 std::_Facet_Register 37 API calls 92858->92861 92859 2b45afe531f 92890 2b45afcb7b0 37 API calls 2 library calls 92859->92890 92860->92858 92862 2b45afe5261 92860->92862 92863 2b45afe529d 92860->92863 92868 2b45afe5254 _Yarn 92860->92868 92861->92868 92862->92858 92862->92859 92865 2b45b04cb98 std::_Facet_Register 37 API calls 92863->92865 92865->92868 92866 2b45afe52e7 _Yarn _Receive_impl 92866->92819 92867 2b45afe538c 92869 2b45b04cb98 std::_Facet_Register 37 API calls 92867->92869 92868->92866 92868->92867 92870 2b45afe53da 92868->92870 92871 2b45afe53e5 92868->92871 92869->92866 92870->92867 92872 2b45afe541f 92870->92872 92873 2b45b04cb98 std::_Facet_Register 37 API calls 92871->92873 92891 2b45afcb7b0 37 API calls 2 library calls 92872->92891 92873->92866 92876 2b45afe5ae5 92875->92876 92881 2b45afe59bf 92875->92881 92892 2b45afcb870 37 API calls 92876->92892 92878 2b45afe5a24 92880 2b45b04cb98 std::_Facet_Register 37 API calls 92878->92880 92879 2b45afe5aea 92893 2b45afcb7b0 37 API calls 2 library calls 92879->92893 92886 2b45afe5a0a _Yarn _Receive_impl 92880->92886 92881->92878 92883 2b45afe5a53 92881->92883 92884 2b45afe5a17 92881->92884 92881->92886 92885 2b45b04cb98 std::_Facet_Register 37 API calls 92883->92885 92884->92878 92884->92879 92885->92886 92886->92824 92887->92836 92888->92838 92890->92868 92891->92866 92893->92886 92894->92852 92895->92850 92896->92777 92897 2b45afd4750 92898 2b45afd4798 92897->92898 92911 2b45afd4b0c _Receive_impl 92898->92911 92914 2b45afe28a0 92898->92914 92899 2b45b04cb70 _Strcoll 3 API calls 92900 2b45afd4bbc 92899->92900 92902 2b45afd47e8 _Receive_impl 92910 2b45afd4be2 92902->92910 92929 2b45afcd490 37 API calls 92902->92929 92904 2b45afd4846 92930 2b45afcd220 92904->92930 92906 2b45afd4853 _Receive_impl 92906->92910 92943 2b45afcd390 92906->92943 92909 2b45afcd220 38 API calls 92913 2b45afd48c2 _Strcoll _Receive_impl 92909->92913 92911->92899 92911->92910 92912 2b45b02de34 39 API calls 92912->92913 92913->92910 92913->92911 92913->92912 92915 2b45afe2920 _Receive_impl 92914->92915 92920 2b45afe2a6d 92915->92920 92927 2b45afe2bcd 92915->92927 92947 2b45afea050 92915->92947 92965 2b45afdfe50 92915->92965 92916 2b45afe2bde 92979 2b45afe15a0 37 API calls 92916->92979 92919 2b45afe2be4 92920->92916 92926 2b45afe2ac1 _Receive_impl 92920->92926 92977 2b45aff0070 37 API calls 92920->92977 92924 2b45afe2b8e _Receive_impl 92925 2b45b04cb70 _Strcoll 3 API calls 92924->92925 92928 2b45afe2bb2 92925->92928 92926->92919 92926->92924 92926->92927 92978 2b45afe15a0 37 API calls 92927->92978 92928->92902 92929->92904 92931 2b45afcd250 92930->92931 92986 2b45b059570 92931->92986 92933 2b45afcd2ea 92933->92906 92934 2b45afcd339 92998 2b45afcc010 37 API calls 2 library calls 92934->92998 92936 2b45afcd25c __std_fs_convert_wide_to_narrow 92936->92933 92936->92934 92937 2b45afcd33f 92936->92937 92991 2b45afdfc80 92936->92991 92999 2b45afcc3e0 37 API calls Concurrency::cancel_current_task 92937->92999 92941 2b45afcd2c0 __std_fs_convert_wide_to_narrow 92941->92933 92997 2b45afcc3e0 37 API calls Concurrency::cancel_current_task 92941->92997 92946 2b45afcd3b9 92943->92946 92945 2b45afcd44a 92945->92909 93056 2b45afd4c00 92946->93056 92948 2b45afea1fd 92947->92948 92952 2b45afea092 92947->92952 92983 2b45afde8f0 37 API calls 92948->92983 92949 2b45afea1f8 92982 2b45afcb7b0 37 API calls 2 library calls 92949->92982 92952->92949 92953 2b45afea0ef 92952->92953 92954 2b45afea118 92952->92954 92960 2b45afea0dd 92952->92960 92953->92949 92956 2b45afea0fc 92953->92956 92958 2b45b04cb98 std::_Facet_Register 37 API calls 92954->92958 92955 2b45afdfe50 37 API calls 92962 2b45afea14e 92955->92962 92959 2b45b04cb98 std::_Facet_Register 37 API calls 92956->92959 92957 2b45afea189 _Receive_impl 92957->92915 92958->92960 92959->92960 92960->92955 92960->92957 92961 2b45afea15f 92981 2b45afefea0 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 92961->92981 92962->92961 92980 2b45afefea0 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 92962->92980 92968 2b45afdfe7e 92965->92968 92966 2b45afdff5d 92985 2b45afcb870 37 API calls 92966->92985 92968->92966 92970 2b45afdfe9a _Yarn 92968->92970 92972 2b45afdff22 92968->92972 92973 2b45afdfeca 92968->92973 92970->92915 92971 2b45b04cb98 std::_Facet_Register 37 API calls 92974 2b45afdfee0 92971->92974 92975 2b45b04cb98 std::_Facet_Register 37 API calls 92972->92975 92973->92971 92973->92974 92974->92970 92984 2b45afcb7b0 37 API calls 2 library calls 92974->92984 92975->92970 92980->92961 92981->92957 92982->92948 92984->92966 93000 2b45b044cb4 92986->93000 92989 2b45b059582 AreFileApisANSI 92990 2b45b05958f 92989->92990 92990->92936 92992 2b45afdfc8d 92991->92992 92993 2b45afdfca4 92991->92993 92992->92941 92996 2b45afdfcbe memcpy_s 92993->92996 93042 2b45afe5b00 92993->93042 92995 2b45afdfd0c 92995->92941 92996->92941 92998->92937 93005 2b45b0381fc 93000->93005 93006 2b45b038211 __std_fs_get_current_path 93005->93006 93007 2b45b03823d FlsSetValue 93006->93007 93008 2b45b038220 FlsGetValue 93006->93008 93010 2b45b03824f 93007->93010 93026 2b45b03822d 93007->93026 93009 2b45b038237 93008->93009 93008->93026 93009->93007 93032 2b45b03bbb8 6 API calls 3 library calls 93010->93032 93011 2b45b0382a9 SetLastError 93013 2b45b0382b6 93011->93013 93014 2b45b0382c9 93011->93014 93028 2b45b03a488 93013->93028 93039 2b45b037bc4 36 API calls __std_fs_directory_iterator_open 93014->93039 93015 2b45b03825e 93017 2b45b03827c FlsSetValue 93015->93017 93018 2b45b03826c FlsSetValue 93015->93018 93021 2b45b03829a 93017->93021 93022 2b45b038288 FlsSetValue 93017->93022 93020 2b45b038275 93018->93020 93033 2b45b03b550 93020->93033 93038 2b45b037fac 6 API calls _Strcoll 93021->93038 93022->93020 93025 2b45b0382a2 93027 2b45b03b550 __free_lconv_mon 6 API calls 93025->93027 93026->93011 93027->93011 93029 2b45b03a49d 93028->93029 93030 2b45b03a4b0 93028->93030 93029->93030 93041 2b45b043f24 36 API calls 2 library calls 93029->93041 93030->92989 93030->92990 93032->93015 93034 2b45b03b586 93033->93034 93035 2b45b03b555 HeapFree 93033->93035 93034->93026 93035->93034 93036 2b45b03b570 __free_lconv_mon __std_fs_get_current_path 93035->93036 93040 2b45b0340cc 6 API calls _Strcoll 93036->93040 93038->93025 93040->93034 93041->93030 93043 2b45afe5c8f 93042->93043 93048 2b45afe5b2f 93042->93048 93054 2b45afcb870 37 API calls 93043->93054 93045 2b45afe5b99 93047 2b45b04cb98 std::_Facet_Register 37 API calls 93045->93047 93046 2b45afe5c94 93055 2b45afcb7b0 37 API calls 2 library calls 93046->93055 93053 2b45afe5b7f _Yarn memcpy_s _Receive_impl 93047->93053 93048->93045 93049 2b45afe5b8c 93048->93049 93050 2b45afe5bc8 93048->93050 93048->93053 93049->93045 93049->93046 93052 2b45b04cb98 std::_Facet_Register 37 API calls 93050->93052 93052->93053 93053->92995 93055->93053 93059 2b45afd4c26 93056->93059 93065 2b45afd4d24 93056->93065 93058 2b45afd4c31 _Yarn 93058->92945 93059->93058 93060 2b45afd4d1f 93059->93060 93062 2b45afd4ce2 93059->93062 93063 2b45afd4c8a 93059->93063 93068 2b45afcb7b0 37 API calls 2 library calls 93060->93068 93064 2b45b04cb98 std::_Facet_Register 37 API calls 93062->93064 93063->93060 93066 2b45afd4c97 93063->93066 93064->93058 93069 2b45afcb870 37 API calls 93065->93069 93067 2b45b04cb98 std::_Facet_Register 37 API calls 93066->93067 93067->93058 93068->93065 93070 2b45afd58f3 93076 2b45afcd8f0 93070->93076 93072 2b45afd5926 FindNextFileW 93073 2b45afd5944 93072->93073 93074 2b45b04cb70 _Strcoll 3 API calls 93073->93074 93075 2b45afd596b 93074->93075 93077 2b45afcd908 _Receive_impl 93076->93077 93077->93072 93078 2b45b020ddb RegOpenKeyExA 93079 2b45b020e05 RegQueryValueExA 93078->93079 93085 2b45b020e44 _Receive_impl 93078->93085 93079->93085 93080 2b45b020ed4 RegCloseKey 93081 2b45b020eda 93080->93081 93083 2b45b04cb70 _Strcoll 3 API calls 93081->93083 93084 2b45b020eed 93083->93084 93085->93080 93085->93081 93086 2b45b037db8 93097 2b45b037c1c 93086->93097 93088 2b45b037e18 93090 2b45b037ddf 93088->93090 93092 2b45b037e59 93088->93092 93115 2b45b03c8f0 36 API calls 2 library calls 93088->93115 93103 2b45b037c44 93092->93103 93095 2b45b037e4d 93095->93092 93116 2b45b03cfdc 6 API calls 2 library calls 93095->93116 93098 2b45b037c25 93097->93098 93102 2b45b037c35 93097->93102 93117 2b45b0340cc 6 API calls _Strcoll 93098->93117 93100 2b45b037c2a 93118 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93100->93118 93102->93088 93102->93090 93114 2b45b037d3c 36 API calls _invalid_parameter_noinfo 93102->93114 93104 2b45b037c1c _fread_nolock 36 API calls 93103->93104 93105 2b45b037c69 93104->93105 93106 2b45b037d0a 93105->93106 93107 2b45b037c79 93105->93107 93128 2b45b03b128 36 API calls _invalid_parameter_noinfo 93106->93128 93109 2b45b037c97 93107->93109 93110 2b45b037cb5 93107->93110 93127 2b45b03b128 36 API calls _invalid_parameter_noinfo 93109->93127 93112 2b45b037ca5 93110->93112 93119 2b45b03dc0c 93110->93119 93112->93090 93114->93088 93115->93095 93116->93092 93117->93100 93118->93102 93120 2b45b03dc3c 93119->93120 93129 2b45b03da40 93120->93129 93122 2b45b03dc55 93125 2b45b03dc7b 93122->93125 93136 2b45b02db64 36 API calls 3 library calls 93122->93136 93124 2b45b03dc90 93124->93112 93125->93124 93137 2b45b02db64 36 API calls 3 library calls 93125->93137 93127->93112 93128->93112 93130 2b45b03da97 93129->93130 93135 2b45b03da69 93129->93135 93131 2b45b03dab0 93130->93131 93133 2b45b03db07 93130->93133 93143 2b45b02fb20 36 API calls 2 library calls 93131->93143 93133->93135 93138 2b45b03db60 93133->93138 93135->93122 93136->93125 93137->93124 93144 2b45b043b78 93138->93144 93141 2b45b03db9e SetFilePointerEx 93142 2b45b03db8d __std_fs_get_current_path _fread_nolock 93141->93142 93142->93135 93143->93135 93145 2b45b043b96 93144->93145 93146 2b45b043b81 93144->93146 93153 2b45b03db87 93145->93153 93158 2b45b0340ac 6 API calls _Strcoll 93145->93158 93156 2b45b0340ac 6 API calls _Strcoll 93146->93156 93149 2b45b043b86 93157 2b45b0340cc 6 API calls _Strcoll 93149->93157 93150 2b45b043bd1 93159 2b45b0340cc 6 API calls _Strcoll 93150->93159 93153->93141 93153->93142 93154 2b45b043bd9 93160 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93154->93160 93156->93149 93157->93153 93158->93150 93159->93154 93160->93153 93161 2b45b0431a1 93173 2b45b04a234 93161->93173 93174 2b45b0381fc _Getctype 36 API calls 93173->93174 93176 2b45b04a23d __crtLCMapStringW 93174->93176 93178 2b45b037bc4 36 API calls __std_fs_directory_iterator_open 93176->93178 93179 2b45b03749c 93180 2b45b0374cd 93179->93180 93181 2b45b0374b2 93179->93181 93180->93181 93182 2b45b0374e6 93180->93182 93208 2b45b0340cc 6 API calls _Strcoll 93181->93208 93184 2b45b0374ec 93182->93184 93187 2b45b037509 93182->93187 93210 2b45b0340cc 6 API calls _Strcoll 93184->93210 93185 2b45b0374b7 93209 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93185->93209 93203 2b45b0416e0 93187->93203 93193 2b45b037783 93198 2b45b037566 93202 2b45b0374c3 93198->93202 93229 2b45b041724 36 API calls _isindst 93198->93229 93199 2b45b0375c6 93199->93202 93230 2b45b041724 36 API calls _isindst 93199->93230 93204 2b45b03750e 93203->93204 93205 2b45b0416ef 93203->93205 93211 2b45b0407f8 93204->93211 93206 2b45b041708 93205->93206 93231 2b45b041550 93205->93231 93208->93185 93209->93202 93210->93202 93212 2b45b040801 93211->93212 93214 2b45b037523 93211->93214 93315 2b45b0340cc 6 API calls _Strcoll 93212->93315 93214->93193 93217 2b45b040828 93214->93217 93215 2b45b040806 93316 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93215->93316 93218 2b45b037534 93217->93218 93219 2b45b040831 93217->93219 93218->93193 93223 2b45b040858 93218->93223 93317 2b45b0340cc 6 API calls _Strcoll 93219->93317 93221 2b45b040836 93318 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93221->93318 93224 2b45b037545 93223->93224 93225 2b45b040861 93223->93225 93224->93193 93224->93198 93224->93199 93319 2b45b0340cc 6 API calls _Strcoll 93225->93319 93227 2b45b040866 93320 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93227->93320 93229->93202 93230->93202 93253 2b45b049d94 93231->93253 93233 2b45b0415a7 93234 2b45b0415bc 93233->93234 93252 2b45b0415ab 93233->93252 93302 2b45b03dedc 93233->93302 93262 2b45b0413c8 93234->93262 93235 2b45b041650 93306 2b45b04114c 44 API calls 6 library calls 93235->93306 93240 2b45b0415c4 93244 2b45b03b550 __free_lconv_mon 6 API calls 93240->93244 93241 2b45b041658 93241->93240 93242 2b45b041606 93245 2b45b03b550 __free_lconv_mon 6 API calls 93242->93245 93243 2b45b049d94 wcsftime 41 API calls 93246 2b45b041628 93243->93246 93247 2b45b0415cc 93244->93247 93245->93234 93246->93242 93248 2b45b041631 93246->93248 93249 2b45b04cb70 _Strcoll 3 API calls 93247->93249 93250 2b45b03b550 __free_lconv_mon 6 API calls 93248->93250 93251 2b45b0415dc 93249->93251 93250->93252 93251->93206 93252->93234 93252->93235 93261 2b45b049c9c 93253->93261 93254 2b45b049cd3 93307 2b45b0340cc 6 API calls _Strcoll 93254->93307 93256 2b45b049cd8 93308 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93256->93308 93259 2b45b049ce4 93259->93233 93261->93253 93261->93254 93261->93259 93309 2b45b049c04 41 API calls wcsftime 93261->93309 93310 2b45b0462e8 36 API calls 2 library calls 93261->93310 93263 2b45b0413dc wcsftime 93262->93263 93264 2b45b040858 _get_daylight 36 API calls 93263->93264 93265 2b45b0413fb 93264->93265 93266 2b45b0407f8 _get_daylight 36 API calls 93265->93266 93268 2b45b04153b 93265->93268 93267 2b45b04140c 93266->93267 93267->93268 93270 2b45b040828 _get_daylight 36 API calls 93267->93270 93269 2b45b049d94 wcsftime 41 API calls 93268->93269 93271 2b45b0415a7 93269->93271 93272 2b45b04141d 93270->93272 93277 2b45b03dedc wcsftime 6 API calls 93271->93277 93289 2b45b0415bc 93271->93289 93295 2b45b0415ab 93271->93295 93272->93268 93273 2b45b041425 93272->93273 93274 2b45b03b550 __free_lconv_mon 6 API calls 93273->93274 93275 2b45b041431 GetTimeZoneInformation 93274->93275 93291 2b45b041510 wcsftime 93275->93291 93296 2b45b04144e memcpy_s 93275->93296 93276 2b45b041650 93313 2b45b04114c 44 API calls 6 library calls 93276->93313 93280 2b45b0415fe 93277->93280 93278 2b45b0413c8 wcsftime 43 API calls 93281 2b45b0415c4 93278->93281 93283 2b45b041606 93280->93283 93284 2b45b049d94 wcsftime 41 API calls 93280->93284 93285 2b45b03b550 __free_lconv_mon 6 API calls 93281->93285 93282 2b45b041658 93282->93281 93286 2b45b03b550 __free_lconv_mon 6 API calls 93283->93286 93287 2b45b041628 93284->93287 93288 2b45b0415cc 93285->93288 93286->93289 93287->93283 93290 2b45b041631 93287->93290 93292 2b45b04cb70 _Strcoll 3 API calls 93288->93292 93289->93278 93293 2b45b03b550 __free_lconv_mon 6 API calls 93290->93293 93291->93240 93294 2b45b0415dc 93292->93294 93293->93295 93294->93240 93295->93276 93295->93289 93297 2b45b044cb4 _Getctype 36 API calls 93296->93297 93298 2b45b0414e2 93297->93298 93311 2b45b041660 44 API calls wcsftime 93298->93311 93300 2b45b0414f9 93312 2b45b041660 44 API calls wcsftime 93300->93312 93305 2b45b03deeb std::_Facet_Register wcsftime 93302->93305 93304 2b45b03df25 93304->93242 93304->93243 93305->93304 93314 2b45b0340cc 6 API calls _Strcoll 93305->93314 93306->93241 93307->93256 93308->93259 93309->93261 93310->93261 93311->93300 93312->93291 93313->93282 93314->93304 93315->93215 93316->93214 93317->93221 93318->93218 93319->93227 93320->93224 93321 2b45b001340 93376 2b45afce9a0 93321->93376 93324 2b45afce9a0 43 API calls 93325 2b45b001c14 93324->93325 93326 2b45afcd390 37 API calls 93325->93326 93336 2b45b002036 _Receive_impl 93325->93336 93329 2b45b001c4a 93326->93329 93327 2b45b04cb70 _Strcoll 3 API calls 93328 2b45b002061 93327->93328 93330 2b45afcd220 38 API calls 93329->93330 93331 2b45b001c58 93330->93331 93382 2b45b004150 93331->93382 93335 2b45b001d1d 93335->93336 93337 2b45b00207d 93335->93337 93336->93327 93393 2b45afe4670 93337->93393 93340 2b45afe4740 37 API calls 93341 2b45b0020ba Concurrency::cancel_current_task 93340->93341 93401 2b45afce080 93341->93401 93377 2b45afce9d1 93376->93377 93405 2b45b0598c0 93377->93405 93380 2b45b04cb70 _Strcoll 3 API calls 93381 2b45afcea72 93380->93381 93381->93324 93383 2b45b004176 93382->93383 93442 2b45b005760 93383->93442 93385 2b45b001c6b 93386 2b45b019830 93385->93386 93448 2b45b018f60 93386->93448 93390 2b45b01988a 93391 2b45b04cb70 _Strcoll 3 API calls 93390->93391 93392 2b45b01990d 93391->93392 93392->93335 93394 2b45afe46c0 93393->93394 93395 2b45afe46ee 93394->93395 93396 2b45afe51e0 37 API calls 93394->93396 93397 2b45afe0dc0 37 API calls 93395->93397 93396->93395 93398 2b45afe470a 93397->93398 93399 2b45afe0dc0 37 API calls 93398->93399 93400 2b45afe4724 93399->93400 93400->93340 93402 2b45afce099 93401->93402 94012 2b45afcda20 38 API calls _Receive_impl 93402->94012 93404 2b45afce0d0 Concurrency::cancel_current_task 93409 2b45b059902 93405->93409 93406 2b45b05990b __std_fs_get_current_path 93407 2b45b04cb70 _Strcoll 3 API calls 93406->93407 93410 2b45afce9ed 93407->93410 93408 2b45b059a1d 93437 2b45b059c94 CreateFileW __std_fs_get_current_path 93408->93437 93409->93406 93409->93408 93412 2b45b059963 GetFileAttributesExW 93409->93412 93410->93380 93414 2b45b0599c8 93412->93414 93415 2b45b059977 __std_fs_get_current_path 93412->93415 93413 2b45b059a40 93416 2b45b059a75 GetFileInformationByHandleEx 93413->93416 93421 2b45b059a46 _invalid_parameter_noinfo 93413->93421 93426 2b45b059b13 93413->93426 93414->93406 93414->93408 93415->93406 93418 2b45b059986 FindFirstFileW 93415->93418 93419 2b45b059ab5 93416->93419 93420 2b45b059a8f _invalid_parameter_noinfo __std_fs_get_current_path 93416->93420 93417 2b45b059b2e GetFileInformationByHandleEx 93417->93421 93427 2b45b059b44 _invalid_parameter_noinfo __std_fs_get_current_path 93417->93427 93418->93406 93422 2b45b0599a5 FindClose 93418->93422 93423 2b45b059ad6 GetFileInformationByHandleEx 93419->93423 93419->93426 93425 2b45b059a5f 93420->93425 93430 2b45b059be6 93420->93430 93421->93406 93424 2b45b059bd5 93421->93424 93421->93425 93422->93414 93423->93426 93431 2b45b059af2 _invalid_parameter_noinfo __std_fs_get_current_path 93423->93431 93438 2b45b037bc4 36 API calls __std_fs_directory_iterator_open 93424->93438 93425->93406 93426->93417 93426->93421 93427->93425 93433 2b45b059be0 93427->93433 93429 2b45b059bda 93439 2b45b037bc4 36 API calls __std_fs_directory_iterator_open 93429->93439 93441 2b45b037bc4 36 API calls __std_fs_directory_iterator_open 93430->93441 93431->93425 93431->93429 93440 2b45b037bc4 36 API calls __std_fs_directory_iterator_open 93433->93440 93437->93413 93443 2b45b005825 93442->93443 93446 2b45b005790 _Yarn 93442->93446 93447 2b45b009b20 38 API calls 4 library calls 93443->93447 93445 2b45b00583a 93445->93385 93446->93385 93447->93445 93449 2b45afce9a0 43 API calls 93448->93449 93453 2b45b018faf memcpy_s 93449->93453 93450 2b45b018fe7 93451 2b45b0196ee Concurrency::cancel_current_task 93450->93451 93486 2b45b018fef 93450->93486 93570 2b45afce0f0 38 API calls Concurrency::cancel_current_task 93451->93570 93453->93450 93453->93486 93504 2b45b0291d0 93453->93504 93454 2b45b04cb70 _Strcoll 3 API calls 93455 2b45b019691 93454->93455 93455->93390 93499 2b45afe22d0 93455->93499 93457 2b45b01902e 93458 2b45b019485 93457->93458 93459 2b45b019091 93457->93459 93537 2b45aff4da0 93458->93537 93519 2b45b023b30 GetCurrentProcess GetProcessId RmStartSession 93459->93519 93463 2b45b019716 93571 2b45afccc70 37 API calls 93463->93571 93469 2b45b019740 Concurrency::cancel_current_task 93470 2b45b0194d7 93473 2b45aff4da0 38 API calls 93470->93473 93471 2b45b0190b4 93474 2b45b0190c7 93471->93474 93475 2b45b01919c GetFileSize 93471->93475 93472 2b45afe51e0 37 API calls 93472->93470 93477 2b45b0194ea 93473->93477 93474->93463 93478 2b45b01910e _Receive_impl 93474->93478 93476 2b45b0191dd 93475->93476 93481 2b45b0191b8 memcpy_s 93475->93481 93476->93481 93484 2b45afe5b00 37 API calls 93476->93484 93552 2b45b0276a0 93477->93552 93564 2b45aff19c0 37 API calls 93478->93564 93480 2b45b019242 SetFilePointer ReadFile 93492 2b45b0193a2 93480->93492 93494 2b45b019291 93480->93494 93481->93480 93483 2b45b01915f 93483->93486 93484->93480 93486->93454 93488 2b45b0193f7 _Receive_impl 93566 2b45aff19c0 37 API calls 93488->93566 93489 2b45b019314 _Receive_impl 93565 2b45aff19c0 37 API calls 93489->93565 93490 2b45b01957b 93495 2b45b0195ad 93490->93495 93497 2b45b0196ac 93490->93497 93492->93463 93492->93488 93494->93463 93494->93489 93568 2b45aff19c0 37 API calls 93495->93568 93569 2b45afccc70 37 API calls 93497->93569 93500 2b45afdfc80 37 API calls 93499->93500 93501 2b45afe233a 93500->93501 93502 2b45afdfc80 37 API calls 93501->93502 93503 2b45afe244d 93502->93503 93503->93390 93572 2b45afe1a70 93504->93572 93511 2b45b029368 93518 2b45b029318 93511->93518 93598 2b45afccc70 37 API calls 93511->93598 93512 2b45b0292df 93596 2b45aff1f80 36 API calls _Strcoll 93512->93596 93514 2b45b0292f1 93597 2b45aff39f0 52 API calls 4 library calls 93514->93597 93516 2b45b0293d2 Concurrency::cancel_current_task 93518->93457 93520 2b45b023b98 RmRegisterResources 93519->93520 93521 2b45b023c91 93519->93521 93522 2b45b023c88 RmEndSession 93520->93522 93523 2b45b023bc3 RmGetList 93520->93523 93524 2b45b04cb70 _Strcoll 3 API calls 93521->93524 93522->93521 93525 2b45b023cd4 93523->93525 93528 2b45b023bff 93523->93528 93527 2b45b0190a3 93524->93527 93526 2b45b023cd7 RmEndSession 93525->93526 93526->93521 93563 2b45b023cf0 46 API calls 6 library calls 93527->93563 93528->93525 93528->93526 93529 2b45b023c36 RmGetList 93528->93529 93530 2b45b023c5a 93529->93530 93531 2b45b023ccc 93529->93531 93530->93531 93532 2b45b023c5f 93530->93532 93793 2b45b02efd8 7 API calls 3 library calls 93531->93793 93532->93522 93534 2b45b023cb7 93532->93534 93792 2b45b02efd8 7 API calls 3 library calls 93534->93792 93536 2b45b023cbf RmEndSession 93536->93521 93538 2b45aff4dfd 93537->93538 93541 2b45aff4ee3 93537->93541 93794 2b45aff56c0 93538->93794 93540 2b45aff4e22 93544 2b45aff4e59 Concurrency::cancel_current_task 93540->93544 93802 2b45aff0f70 93540->93802 93812 2b45afccc70 37 API calls 93541->93812 93543 2b45aff4eb0 93548 2b45aff4cc0 93543->93548 93544->93543 93813 2b45afccc70 37 API calls 93544->93813 93546 2b45aff4f7e Concurrency::cancel_current_task 93549 2b45aff4cf0 93548->93549 93550 2b45aff56c0 37 API calls 93549->93550 93551 2b45aff4cff 93550->93551 93551->93470 93551->93472 93553 2b45b0276fd 93552->93553 93555 2b45b027717 93552->93555 93553->93555 93930 2b45aff1370 93553->93930 93554 2b45b0277ba 93559 2b45b0277c5 _Receive_impl 93554->93559 93960 2b45afe15c0 93554->93960 93555->93554 93949 2b45b02d450 93555->93949 93558 2b45b04cb70 _Strcoll 3 API calls 93560 2b45b01954d 93558->93560 93559->93558 93561 2b45b027889 93559->93561 93560->93463 93567 2b45aff2080 37 API calls 93560->93567 93563->93471 93564->93483 93565->93483 93566->93483 93567->93490 93568->93486 93569->93451 93571->93469 93573 2b45b04cb98 std::_Facet_Register 37 API calls 93572->93573 93574 2b45afe1ad1 93573->93574 93599 2b45b05a8fc 93574->93599 93576 2b45afe1ae1 93608 2b45afe1dd0 93576->93608 93578 2b45afe1b6e 93580 2b45afe1b7b 93578->93580 93623 2b45b05abc8 EnterCriticalSection FreeLibrary GetProcAddress std::_Lockit::_Lockit 93578->93623 93585 2b45aff2460 93580->93585 93582 2b45afe1b96 93624 2b45afccc70 37 API calls 93582->93624 93584 2b45afe1bd6 Concurrency::cancel_current_task 93636 2b45afe14c0 93585->93636 93588 2b45b05ae38 93589 2b45b05ae7e 93588->93589 93595 2b45b0292d6 93589->93595 93641 2b45b05c510 93589->93641 93591 2b45b05aeb1 93591->93595 93658 2b45b02f7cc 36 API calls _invalid_parameter_noinfo 93591->93658 93593 2b45b05aecc 93593->93595 93659 2b45b02e530 37 API calls _invalid_parameter_noinfo 93593->93659 93595->93511 93595->93512 93596->93514 93597->93518 93598->93516 93625 2b45b05a29c 93599->93625 93601 2b45b05a91e 93605 2b45b05a962 _Yarn 93601->93605 93629 2b45b05aaf4 37 API calls std::_Facet_Register 93601->93629 93603 2b45b05a936 93630 2b45b05ab24 37 API calls std::locale::_Setgloballocale 93603->93630 93605->93576 93606 2b45b05a941 93606->93605 93631 2b45b02efd8 7 API calls 3 library calls 93606->93631 93609 2b45b05a29c std::_Lockit::_Lockit 3 API calls 93608->93609 93610 2b45afe1e00 93609->93610 93611 2b45b05a29c std::_Lockit::_Lockit 3 API calls 93610->93611 93612 2b45afe1e25 93610->93612 93611->93612 93622 2b45afe1e9d 93612->93622 93633 2b45afcc910 55 API calls 6 library calls 93612->93633 93613 2b45b04cb70 _Strcoll 3 API calls 93614 2b45afe1b12 93613->93614 93614->93578 93614->93582 93616 2b45afe1eaf 93617 2b45afe1f16 93616->93617 93618 2b45afe1eb5 93616->93618 93635 2b45afcc450 37 API calls 2 library calls 93617->93635 93634 2b45b05a8bc 37 API calls std::_Facet_Register 93618->93634 93621 2b45afe1f1b 93622->93613 93623->93580 93624->93584 93626 2b45b05a2ab 93625->93626 93628 2b45b05a2b0 93625->93628 93632 2b45b03a73c EnterCriticalSection FreeLibrary GetProcAddress std::_Locinfo::_Locinfo_ctor 93626->93632 93628->93601 93629->93603 93630->93606 93631->93605 93633->93616 93634->93622 93635->93621 93637 2b45b04cb98 std::_Facet_Register 37 API calls 93636->93637 93638 2b45afe1537 93637->93638 93639 2b45b05a8fc 41 API calls 93638->93639 93640 2b45afe1547 93639->93640 93640->93511 93640->93588 93642 2b45b05c43c 93641->93642 93643 2b45b05c462 93642->93643 93646 2b45b05c495 93642->93646 93669 2b45b0340cc 6 API calls _Strcoll 93643->93669 93645 2b45b05c467 93670 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93645->93670 93648 2b45b05c49b 93646->93648 93649 2b45b05c4a8 93646->93649 93671 2b45b0340cc 6 API calls _Strcoll 93648->93671 93660 2b45b03b830 93649->93660 93652 2b45b05c4b2 93653 2b45b05c4c9 93652->93653 93654 2b45b05c4bc 93652->93654 93664 2b45b05d78c 93653->93664 93672 2b45b0340cc 6 API calls _Strcoll 93654->93672 93657 2b45b05c472 93657->93591 93658->93593 93659->93595 93661 2b45b03b847 93660->93661 93673 2b45b03b8a4 93661->93673 93663 2b45b03b852 93663->93652 93683 2b45b05d3ec 93664->93683 93667 2b45b05d7e6 93667->93657 93669->93645 93670->93657 93671->93657 93672->93657 93678 2b45b03b8d5 93673->93678 93675 2b45b03b931 93676 2b45b03b550 __free_lconv_mon 6 API calls 93675->93676 93677 2b45b03b93b 93676->93677 93680 2b45b03b95b 93677->93680 93682 2b45b03c358 FreeLibrary GetProcAddress InitializeCriticalSectionAndSpinCount __crtLCMapStringW 93677->93682 93678->93678 93678->93680 93681 2b45b03bbb8 6 API calls 3 library calls 93678->93681 93680->93663 93681->93675 93682->93680 93684 2b45b05d427 __crtLCMapStringW 93683->93684 93685 2b45b05d5ee 93684->93685 93698 2b45b04a7bc 39 API calls 4 library calls 93684->93698 93689 2b45b05d5f7 93685->93689 93701 2b45b0340cc 6 API calls _Strcoll 93685->93701 93687 2b45b05d6c5 93702 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93687->93702 93689->93667 93695 2b45b05ed58 93689->93695 93691 2b45b05d659 93691->93685 93699 2b45b04a7bc 39 API calls 4 library calls 93691->93699 93693 2b45b05d678 93693->93685 93700 2b45b04a7bc 39 API calls 4 library calls 93693->93700 93703 2b45b05e208 93695->93703 93697 2b45b05ed85 93697->93667 93698->93691 93699->93693 93700->93685 93701->93687 93702->93689 93704 2b45b05e21f 93703->93704 93705 2b45b05e23d 93703->93705 93754 2b45b0340cc 6 API calls _Strcoll 93704->93754 93705->93704 93708 2b45b05e259 93705->93708 93707 2b45b05e224 93755 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93707->93755 93712 2b45b05e968 93708->93712 93711 2b45b05e230 93711->93697 93756 2b45b05e54c 93712->93756 93714 2b45b05e9af 93715 2b45b05e9f5 93714->93715 93716 2b45b05e9dd 93714->93716 93772 2b45b04397c 93715->93772 93779 2b45b0340ac 6 API calls _Strcoll 93716->93779 93719 2b45b05e9fa 93720 2b45b05ea1a CreateFileW 93719->93720 93721 2b45b05ea01 93719->93721 93723 2b45b05ea85 93720->93723 93724 2b45b05eb00 GetFileType 93720->93724 93781 2b45b0340ac 6 API calls _Strcoll 93721->93781 93744 2b45b05e9e2 93780 2b45b0340cc 6 API calls _Strcoll 93744->93780 93745 2b45b05e9ee 93745->93711 93754->93707 93755->93711 93757 2b45b05e578 93756->93757 93759 2b45b05e592 93756->93759 93758 2b45b0340cc _Strcoll 6 API calls 93757->93758 93757->93759 93760 2b45b05e587 93758->93760 93762 2b45b05e610 93759->93762 93766 2b45b0340cc _Strcoll 6 API calls 93759->93766 93761 2b45b02fbec _invalid_parameter_noinfo 36 API calls 93760->93761 93761->93759 93763 2b45b05e661 93762->93763 93765 2b45b0340cc _Strcoll 6 API calls 93762->93765 93764 2b45b05c188 36 API calls 93763->93764 93771 2b45b05e6ba 93763->93771 93764->93771 93767 2b45b05e656 93765->93767 93768 2b45b05e605 93766->93768 93769 2b45b02fbec _invalid_parameter_noinfo 36 API calls 93767->93769 93770 2b45b02fbec _invalid_parameter_noinfo 36 API calls 93768->93770 93769->93763 93770->93762 93771->93714 93776 2b45b04399f 93772->93776 93773 2b45b0439c8 93775 2b45b0436cc 9 API calls 93773->93775 93774 2b45b0439cd 93774->93719 93775->93774 93776->93773 93776->93774 93777 2b45b043a1e EnterCriticalSection 93776->93777 93777->93774 93778 2b45b043a2d LeaveCriticalSection 93777->93778 93778->93776 93779->93744 93780->93745 93792->93536 93793->93525 93795 2b45aff5700 93794->93795 93799 2b45aff56dd 93794->93799 93797 2b45aff570e 93795->93797 93814 2b45afe7060 93795->93814 93796 2b45aff56fa 93796->93540 93797->93540 93799->93796 93834 2b45afccc70 37 API calls 93799->93834 93801 2b45aff5763 Concurrency::cancel_current_task _Receive_impl 93801->93540 93804 2b45aff0fa3 93802->93804 93811 2b45aff0ffb 93804->93811 93840 2b45aff1e90 93804->93840 93805 2b45aff0fc6 93808 2b45aff0fe6 93805->93808 93805->93811 93850 2b45b02f734 93805->93850 93806 2b45b04cb70 _Strcoll 3 API calls 93807 2b45aff1069 93806->93807 93807->93544 93808->93811 93858 2b45b02ed2c 93808->93858 93811->93806 93812->93544 93813->93546 93815 2b45afe709e 93814->93815 93821 2b45afe7120 93814->93821 93835 2b45afe6a80 37 API calls 93815->93835 93817 2b45b04cb70 _Strcoll 3 API calls 93818 2b45afe714d 93817->93818 93818->93797 93819 2b45afe710d 93819->93821 93836 2b45afe7b40 37 API calls 2 library calls 93819->93836 93820 2b45afe70ab 93820->93819 93823 2b45afe7162 93820->93823 93821->93817 93837 2b45afccc70 37 API calls 93823->93837 93825 2b45afe71a4 Concurrency::cancel_current_task 93826 2b45afe720b 93825->93826 93827 2b45afe7060 37 API calls 93825->93827 93828 2b45afe7318 93826->93828 93829 2b45afe72da 93826->93829 93827->93826 93839 2b45afccc70 37 API calls 93828->93839 93830 2b45afe72eb 93829->93830 93838 2b45afe7b40 37 API calls 2 library calls 93829->93838 93830->93797 93833 2b45afe735a Concurrency::cancel_current_task 93834->93801 93835->93820 93836->93821 93837->93825 93838->93830 93839->93833 93841 2b45aff1eb3 93840->93841 93842 2b45aff1f62 93840->93842 93841->93842 93848 2b45aff1ebd 93841->93848 93843 2b45b04cb70 _Strcoll 3 API calls 93842->93843 93844 2b45aff1f71 93843->93844 93844->93805 93845 2b45aff1f01 93846 2b45b04cb70 _Strcoll 3 API calls 93845->93846 93847 2b45aff1f1e 93846->93847 93847->93805 93848->93845 93867 2b45b02ec88 36 API calls _invalid_parameter_noinfo 93848->93867 93851 2b45b02f764 93850->93851 93868 2b45b02f4c4 93851->93868 93853 2b45b02f77d 93854 2b45b02f7a2 93853->93854 93875 2b45b02db64 36 API calls 3 library calls 93853->93875 93856 2b45b02f7b7 93854->93856 93876 2b45b02db64 36 API calls 3 library calls 93854->93876 93856->93808 93859 2b45b02ed55 93858->93859 93860 2b45b02ed40 93858->93860 93859->93860 93862 2b45b02ed5a 93859->93862 93904 2b45b0340cc 6 API calls _Strcoll 93860->93904 93896 2b45b03cf38 93862->93896 93863 2b45b02ed45 93905 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93863->93905 93866 2b45b02ed50 93866->93811 93867->93845 93869 2b45b02f52e 93868->93869 93870 2b45b02f4ee 93868->93870 93869->93870 93872 2b45b02f53a 93869->93872 93883 2b45b02fb20 36 API calls 2 library calls 93870->93883 93877 2b45b02f648 93872->93877 93873 2b45b02f515 93873->93853 93875->93854 93876->93856 93878 2b45b02f68d 93877->93878 93882 2b45b02f678 93877->93882 93884 2b45b02f560 93878->93884 93880 2b45b02f697 93880->93882 93888 2b45b02e23c 93880->93888 93882->93873 93883->93873 93885 2b45b02f57a 93884->93885 93887 2b45b02f5e3 93884->93887 93885->93887 93894 2b45b03dcb0 36 API calls 2 library calls 93885->93894 93887->93880 93889 2b45b02e262 93888->93889 93890 2b45b02e293 93888->93890 93889->93890 93891 2b45b037c1c _fread_nolock 36 API calls 93889->93891 93890->93882 93892 2b45b02e283 93891->93892 93895 2b45b03b128 36 API calls _invalid_parameter_noinfo 93892->93895 93894->93887 93895->93890 93897 2b45b03cf68 93896->93897 93906 2b45b03ca44 93897->93906 93899 2b45b03cf81 93900 2b45b03cfa7 93899->93900 93912 2b45b02db64 36 API calls 3 library calls 93899->93912 93901 2b45b03cfbc 93900->93901 93913 2b45b02db64 36 API calls 3 library calls 93900->93913 93901->93866 93904->93863 93905->93866 93907 2b45b03ca8e 93906->93907 93908 2b45b03ca5f 93906->93908 93914 2b45b03cab0 93907->93914 93926 2b45b02fb20 36 API calls 2 library calls 93908->93926 93911 2b45b03ca7f 93911->93899 93912->93900 93913->93901 93915 2b45b03cacb 93914->93915 93916 2b45b03caf4 93914->93916 93927 2b45b02fb20 36 API calls 2 library calls 93915->93927 93918 2b45b037c1c _fread_nolock 36 API calls 93916->93918 93919 2b45b03caf9 93918->93919 93920 2b45b03cb86 93919->93920 93921 2b45b03cb76 93919->93921 93925 2b45b03caeb 93919->93925 93920->93925 93929 2b45b03cc00 36 API calls _fread_nolock 93920->93929 93928 2b45b03cd5c 37 API calls 2 library calls 93921->93928 93923 2b45b03cb84 93923->93925 93925->93911 93926->93911 93927->93925 93928->93923 93929->93925 93931 2b45aff13ad 93930->93931 93933 2b45aff1443 93931->93933 93934 2b45aff1421 93931->93934 93938 2b45aff13bd _Receive_impl 93931->93938 93932 2b45b04cb70 _Strcoll 3 API calls 93935 2b45aff15ef 93932->93935 93937 2b45b02e614 36 API calls 93933->93937 93973 2b45b02e614 93934->93973 93935->93555 93944 2b45aff1471 _Yarn 93937->93944 93938->93932 93939 2b45afe5990 37 API calls 93939->93944 93940 2b45aff1677 93942 2b45aff16a4 93940->93942 93948 2b45aff1370 37 API calls 93940->93948 93941 2b45aff1591 93941->93938 93941->93940 93942->93555 93943 2b45aff16bb 93943->93555 93944->93939 93944->93941 93945 2b45b02e614 36 API calls 93944->93945 93947 2b45aff1627 93944->93947 93945->93944 93947->93941 93990 2b45b02f10c 36 API calls 2 library calls 93947->93990 93948->93943 94004 2b45b02d380 93949->94004 93951 2b45b02d662 93951->93554 93953 2b45b02d69f 94009 2b45afcb7b0 37 API calls 2 library calls 93953->94009 93954 2b45b02d48c _Yarn _Receive_impl 93954->93951 93954->93953 93955 2b45b04cb98 37 API calls std::_Facet_Register 93954->93955 93957 2b45b02d380 37 API calls 93954->93957 93959 2b45b02d694 93954->93959 93955->93954 93957->93954 93958 2b45b02d6a5 94008 2b45afcb870 37 API calls 93959->94008 93963 2b45afe15dd _Yarn 93960->93963 93964 2b45afe1607 93960->93964 93962 2b45afe1710 94011 2b45afcb7b0 37 API calls 2 library calls 93962->94011 93963->93559 93966 2b45afe1653 _Yarn 93964->93966 93968 2b45afe1661 93964->93968 93969 2b45afe1699 93964->93969 93965 2b45b04cb98 std::_Facet_Register 37 API calls 93965->93966 93972 2b45afe16e7 _Receive_impl 93966->93972 94010 2b45afcb870 37 API calls 93966->94010 93968->93962 93968->93965 93970 2b45b04cb98 std::_Facet_Register 37 API calls 93969->93970 93970->93966 93971 2b45afe1716 93972->93559 93974 2b45b02e630 93973->93974 93976 2b45b02e64e 93973->93976 93997 2b45b0340cc 6 API calls _Strcoll 93974->93997 93979 2b45b037c1c _fread_nolock 36 API calls 93976->93979 93983 2b45b02e672 93976->93983 93977 2b45b02e635 93998 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93977->93998 93979->93983 93980 2b45b02e6e4 93999 2b45b0340cc 6 API calls _Strcoll 93980->93999 93981 2b45b02e70f 93991 2b45b02e5d0 93981->93991 93983->93980 93983->93981 93985 2b45b02e6e9 94000 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93985->94000 93986 2b45b02e640 93986->93938 93988 2b45b02e6f4 94001 2b45b04edc4 RtlUnwind 93988->94001 93990->93947 93992 2b45b02e5dc 93991->93992 93996 2b45b02e5ec 93991->93996 94002 2b45b0340cc 6 API calls _Strcoll 93992->94002 93994 2b45b02e5e1 94003 2b45b02fbec 36 API calls _invalid_parameter_noinfo 93994->94003 93996->93986 93997->93977 93998->93986 93999->93985 94000->93988 94001->93986 94002->93994 94003->93996 94005 2b45b02d396 94004->94005 94006 2b45b02d3b3 94004->94006 94005->94006 94007 2b45aff1370 37 API calls 94005->94007 94006->93954 94007->94006 94009->93958 94011->93971 94012->93404 94013 2b45b019fe0 94014 2b45b01a073 94013->94014 94069 2b45afcd6c0 94014->94069 94016 2b45b01a098 _Receive_impl 94017 2b45afce9a0 43 API calls 94016->94017 94018 2b45b01a5e7 94016->94018 94019 2b45b01a104 memcpy_s 94017->94019 94149 2b45afce0f0 38 API calls Concurrency::cancel_current_task 94018->94149 94022 2b45b0291d0 70 API calls 94019->94022 94030 2b45b01a146 94019->94030 94021 2b45b04cb70 _Strcoll 3 API calls 94023 2b45b01a1d9 94021->94023 94024 2b45b01a229 94022->94024 94068 2b45b01a4b0 94024->94068 94078 2b45b0279c0 94024->94078 94025 2b45b01a60f 94150 2b45afccc70 37 API calls 94025->94150 94029 2b45b01a2a2 94032 2b45b01a2bf 94029->94032 94033 2b45b01a342 94029->94033 94030->94018 94060 2b45b01a1a7 _Receive_impl 94030->94060 94031 2b45b01a636 Concurrency::cancel_current_task 94151 2b45afccc70 37 API calls 94031->94151 94032->94025 94034 2b45b01a2f1 94032->94034 94124 2b45b026110 94033->94124 94085 2b45b025f50 94034->94085 94038 2b45b01a356 94042 2b45b01a36d 94038->94042 94043 2b45b01a3f0 94038->94043 94039 2b45b01a2fe 94093 2b45afe0fb0 94039->94093 94042->94031 94047 2b45b01a39f 94042->94047 94046 2b45b026110 37 API calls 94043->94046 94045 2b45b01a670 Concurrency::cancel_current_task 94152 2b45afccc70 37 API calls 94045->94152 94049 2b45b01a404 94046->94049 94048 2b45b025f50 38 API calls 94047->94048 94050 2b45b01a3ac 94048->94050 94051 2b45b026110 37 API calls 94049->94051 94052 2b45afe0fb0 37 API calls 94050->94052 94054 2b45b01a413 94051->94054 94055 2b45b01a3cc 94052->94055 94136 2b45b004500 94054->94136 94135 2b45aff0cd0 37 API calls 94055->94135 94056 2b45b01a6ae Concurrency::cancel_current_task 94059 2b45b01a423 94059->94045 94061 2b45b025f50 38 API calls 94059->94061 94060->94021 94062 2b45b01a463 94061->94062 94063 2b45afdfe50 37 API calls 94062->94063 94064 2b45b01a473 94063->94064 94065 2b45afe0fb0 37 API calls 94064->94065 94066 2b45b01a4a2 94065->94066 94147 2b45aff0cd0 37 API calls 94066->94147 94068->94060 94148 2b45aff19c0 37 API calls 94068->94148 94072 2b45afcd700 94069->94072 94070 2b45afcd82a 94154 2b45afd4e90 94070->94154 94072->94070 94075 2b45afcd746 94072->94075 94073 2b45afcd832 94166 2b45afccff0 94073->94166 94077 2b45afcd7aa _Yarn 94075->94077 94153 2b45afe86f0 37 API calls 4 library calls 94075->94153 94077->94016 94186 2b45afe0840 94078->94186 94080 2b45b0279f6 94194 2b45b02aeb0 94080->94194 94084 2b45b027a65 94084->94029 94373 2b45aff2080 37 API calls 94085->94373 94087 2b45b025f90 94087->94039 94088 2b45b025f62 94088->94087 94374 2b45afccc70 37 API calls 94088->94374 94090 2b45b025fd6 Concurrency::cancel_current_task 94091 2b45b026017 94090->94091 94375 2b45b02efd8 7 API calls 3 library calls 94090->94375 94091->94039 94094 2b45afe0fed 94093->94094 94096 2b45afe1310 94094->94096 94097 2b45afe10c7 94094->94097 94098 2b45afe1026 94094->94098 94118 2b45afe1382 _Receive_impl 94094->94118 94095 2b45b04cb70 _Strcoll 3 API calls 94099 2b45afe141f 94095->94099 94100 2b45afe1333 94096->94100 94101 2b45afe13fa 94096->94101 94096->94118 94110 2b45afe10f4 94097->94110 94117 2b45afe143d 94097->94117 94383 2b45afe5f40 37 API calls 2 library calls 94097->94383 94112 2b45afe1066 94098->94112 94098->94117 94381 2b45afe5f40 37 API calls 2 library calls 94098->94381 94123 2b45aff0cd0 37 API calls 94099->94123 94103 2b45afe13eb 94100->94103 94116 2b45afe133c 94100->94116 94376 2b45afde3a0 94101->94376 94102 2b45afe1307 94392 2b45afe1c60 37 API calls _Receive_impl 94102->94392 94393 2b45afe1c60 37 API calls _Receive_impl 94103->94393 94122 2b45afe10c2 _Receive_impl 94110->94122 94384 2b45afe9d50 37 API calls 2 library calls 94110->94384 94112->94122 94382 2b45afe9d50 37 API calls 2 library calls 94112->94382 94113 2b45afdeec0 37 API calls 94113->94122 94116->94117 94116->94118 94394 2b45afde8f0 37 API calls 94117->94394 94118->94095 94119 2b45afe9d50 37 API calls 94119->94122 94122->94102 94122->94113 94122->94119 94385 2b45afe6000 94122->94385 94390 2b45aff0000 94122->94390 94123->94060 94125 2b45b02619d Concurrency::cancel_current_task 94124->94125 94127 2b45b02612f 94124->94127 94400 2b45b0280c0 37 API calls 94125->94400 94129 2b45b02616a 94127->94129 94398 2b45b028180 37 API calls 94127->94398 94128 2b45b0261c8 94130 2b45afe4740 37 API calls 94128->94130 94129->94038 94131 2b45b0261db Concurrency::cancel_current_task 94130->94131 94133 2b45b02618f 94399 2b45b028240 37 API calls 3 library calls 94133->94399 94135->94060 94137 2b45b00453d 94136->94137 94138 2b45b00457e 94136->94138 94139 2b45b00455c 94137->94139 94140 2b45afe15c0 37 API calls 94137->94140 94141 2b45afe4670 37 API calls 94138->94141 94139->94059 94140->94139 94142 2b45b00459e 94141->94142 94143 2b45afe4740 37 API calls 94142->94143 94146 2b45b0045b1 Concurrency::cancel_current_task 94143->94146 94144 2b45b0045f6 94144->94059 94146->94144 94401 2b45b0597f0 37 API calls __std_fs_directory_iterator_open 94146->94401 94147->94068 94148->94030 94150->94031 94151->94045 94152->94056 94153->94077 94158 2b45afd4ebe 94154->94158 94155 2b45afd4fb3 94181 2b45afcb870 37 API calls 94155->94181 94158->94155 94159 2b45afd4f5e 94158->94159 94160 2b45afd4f4d 94158->94160 94161 2b45afd4f74 94158->94161 94165 2b45afd4eda _Yarn 94158->94165 94159->94165 94180 2b45afcb7b0 37 API calls 2 library calls 94159->94180 94160->94159 94164 2b45b04cb98 std::_Facet_Register 37 API calls 94160->94164 94163 2b45b04cb98 std::_Facet_Register 37 API calls 94161->94163 94163->94165 94164->94159 94165->94073 94173 2b45afcd00f 94166->94173 94167 2b45afcd11b 94168 2b45afcd147 94167->94168 94172 2b45afcd170 94167->94172 94169 2b45afcd20e 94168->94169 94176 2b45afcd157 94168->94176 94185 2b45afe15a0 37 API calls 94169->94185 94172->94176 94183 2b45afe4c50 37 API calls 4 library calls 94172->94183 94173->94167 94177 2b45afcd0fa 94173->94177 94174 2b45afcd105 94174->94077 94184 2b45afdfa70 37 API calls _Yarn 94176->94184 94182 2b45afcd870 37 API calls _Yarn 94177->94182 94180->94155 94182->94174 94183->94176 94184->94174 94187 2b45afe0873 94186->94187 94188 2b45afe0996 94186->94188 94190 2b45b04cb70 _Strcoll 3 API calls 94187->94190 94188->94187 94189 2b45afe09a3 94188->94189 94253 2b45afe5540 37 API calls 3 library calls 94189->94253 94191 2b45afe08a2 94190->94191 94191->94080 94193 2b45afe09c4 Concurrency::cancel_current_task 94197 2b45b02af04 94194->94197 94254 2b45b033fc4 94197->94254 94199 2b45b02b011 94277 2b45b017f10 94199->94277 94202 2b45b04cb70 _Strcoll 3 API calls 94203 2b45b027a59 94202->94203 94204 2b45b028b70 94203->94204 94205 2b45b028e81 94204->94205 94208 2b45b028bbb memcpy_s 94204->94208 94313 2b45b02c4d0 94205->94313 94207 2b45b028eb4 94209 2b45b029610 37 API calls 94207->94209 94347 2b45b004f50 37 API calls 94208->94347 94215 2b45b028ec0 94209->94215 94211 2b45b028c0b 94217 2b45b029610 37 API calls 94211->94217 94212 2b45b028fc8 _Receive_impl 94214 2b45afe0840 37 API calls 94212->94214 94222 2b45b0290b6 94212->94222 94226 2b45b029160 94212->94226 94246 2b45b0291a7 Concurrency::cancel_current_task 94212->94246 94213 2b45b028e7c _Receive_impl 94216 2b45b04cb70 _Strcoll 3 API calls 94213->94216 94218 2b45b02907c 94214->94218 94215->94212 94353 2b45b008950 37 API calls 4 library calls 94215->94353 94219 2b45b02910c 94216->94219 94229 2b45b028c27 94217->94229 94220 2b45afe0fb0 37 API calls 94218->94220 94219->94084 94220->94222 94222->94213 94222->94226 94223 2b45b028f33 94354 2b45b005630 37 API calls _Strcoll 94223->94354 94224 2b45b028e15 94230 2b45afe0840 37 API calls 94224->94230 94239 2b45b028e6f 94224->94239 94225 2b45b028dcd 94228 2b45afe0840 37 API calls 94225->94228 94357 2b45b004110 37 API calls 94226->94357 94233 2b45b028de8 94228->94233 94251 2b45b028db4 _Receive_impl 94229->94251 94348 2b45b008950 37 API calls 4 library calls 94229->94348 94230->94233 94236 2b45afe0fb0 37 API calls 94233->94236 94236->94239 94237 2b45b028f42 _Receive_impl 94237->94246 94250 2b45b029178 Concurrency::cancel_current_task 94237->94250 94355 2b45b04eae0 7 API calls __std_exception_destroy 94237->94355 94238 2b45b028c99 94349 2b45b005630 37 API calls _Strcoll 94238->94349 94352 2b45b004d70 37 API calls _Receive_impl 94239->94352 94242 2b45b028fba 94356 2b45b04eae0 7 API calls __std_exception_destroy 94242->94356 94243 2b45b028ca9 94243->94226 94245 2b45b028cbe _Receive_impl 94243->94245 94245->94250 94350 2b45b04eae0 7 API calls __std_exception_destroy 94245->94350 94248 2b45b028d29 94351 2b45b04eae0 7 API calls __std_exception_destroy 94248->94351 94358 2b45b004110 37 API calls 94250->94358 94251->94224 94251->94225 94252 2b45b028d37 _Receive_impl 94252->94250 94252->94251 94253->94193 94255 2b45b0381fc _Getctype 36 API calls 94254->94255 94256 2b45b033fcd 94255->94256 94257 2b45b03a488 _Getctype 36 API calls 94256->94257 94258 2b45b02afea 94257->94258 94259 2b45b029610 94258->94259 94260 2b45b029633 94259->94260 94264 2b45b029680 94259->94264 94282 2b45b02abc0 94260->94282 94262 2b45b02abc0 37 API calls 94262->94264 94263 2b45b029638 94263->94264 94265 2b45b02abc0 37 API calls 94263->94265 94264->94262 94275 2b45b0296d3 94264->94275 94266 2b45b029647 94265->94266 94267 2b45b02965d 94266->94267 94268 2b45b02abc0 37 API calls 94266->94268 94269 2b45b04cb70 _Strcoll 3 API calls 94267->94269 94271 2b45b029656 94268->94271 94272 2b45b02967a 94269->94272 94270 2b45b0297d8 94273 2b45b04cb70 _Strcoll 3 API calls 94270->94273 94271->94264 94271->94267 94272->94199 94274 2b45b02992b 94273->94274 94274->94199 94275->94270 94276 2b45b02abc0 37 API calls 94275->94276 94276->94275 94278 2b45b017f47 94277->94278 94279 2b45b017f1e 94277->94279 94278->94202 94279->94278 94312 2b45afccc70 37 API calls 94279->94312 94281 2b45b017f7e Concurrency::cancel_current_task 94283 2b45b02abe3 94282->94283 94284 2b45b02abdd 94282->94284 94286 2b45b02abfa 94283->94286 94296 2b45aff1370 37 API calls 94283->94296 94285 2b45b02ac67 94284->94285 94297 2b45b00b010 94284->94297 94285->94263 94286->94284 94288 2b45b02ac94 94286->94288 94309 2b45afccc70 37 API calls 94288->94309 94290 2b45b02acd6 Concurrency::cancel_current_task 94291 2b45afe5990 37 API calls 94290->94291 94295 2b45b02ad15 94290->94295 94291->94295 94292 2b45b02adc0 94292->94263 94293 2b45b02abc0 37 API calls 94293->94295 94294 2b45afe5990 37 API calls 94294->94295 94295->94292 94295->94293 94295->94294 94296->94286 94298 2b45b00b05a 94297->94298 94307 2b45b00b08a _Yarn 94297->94307 94300 2b45b00b076 94298->94300 94303 2b45b00b0da 94298->94303 94298->94307 94301 2b45b00b1b6 94300->94301 94302 2b45b04cb98 std::_Facet_Register 37 API calls 94300->94302 94311 2b45afcb7b0 37 API calls 2 library calls 94301->94311 94302->94307 94305 2b45b04cb98 std::_Facet_Register 37 API calls 94303->94305 94305->94307 94306 2b45b00b1bc 94308 2b45b00b173 _Receive_impl 94307->94308 94310 2b45afde8f0 37 API calls 94307->94310 94308->94285 94309->94290 94311->94306 94312->94281 94314 2b45b02c54d 94313->94314 94359 2b45b008950 37 API calls 4 library calls 94314->94359 94316 2b45b02d182 94360 2b45b005630 37 API calls _Strcoll 94316->94360 94318 2b45b02d192 94319 2b45b02d1fd 94318->94319 94320 2b45b02d19d 94318->94320 94362 2b45b004110 37 API calls 94319->94362 94361 2b45afced70 7 API calls __std_exception_destroy 94320->94361 94323 2b45b02d209 Concurrency::cancel_current_task 94363 2b45b004110 37 API calls 94323->94363 94325 2b45b02d226 Concurrency::cancel_current_task 94364 2b45b004110 37 API calls 94325->94364 94327 2b45b02d1b1 94328 2b45b04cb70 _Strcoll 3 API calls 94327->94328 94329 2b45b02d1e6 94328->94329 94329->94207 94330 2b45b02d243 Concurrency::cancel_current_task 94365 2b45b00a710 37 API calls 94330->94365 94332 2b45b02d260 Concurrency::cancel_current_task 94366 2b45b004110 37 API calls 94332->94366 94334 2b45b02d27d Concurrency::cancel_current_task 94367 2b45b004110 37 API calls 94334->94367 94336 2b45b02d29a Concurrency::cancel_current_task 94368 2b45b004110 37 API calls 94336->94368 94338 2b45b02d2b7 Concurrency::cancel_current_task 94369 2b45b004110 37 API calls 94338->94369 94340 2b45b02d2d4 Concurrency::cancel_current_task 94370 2b45b004110 37 API calls 94340->94370 94342 2b45b02d2f1 Concurrency::cancel_current_task 94371 2b45b004110 37 API calls 94342->94371 94344 2b45b02d30e Concurrency::cancel_current_task 94372 2b45b004110 37 API calls 94344->94372 94346 2b45b02d32b Concurrency::cancel_current_task 94346->94207 94347->94211 94348->94238 94349->94243 94350->94248 94351->94252 94352->94213 94353->94223 94354->94237 94355->94242 94356->94212 94357->94250 94358->94246 94359->94316 94360->94318 94361->94327 94362->94323 94363->94325 94364->94330 94365->94332 94366->94334 94367->94336 94368->94338 94369->94340 94370->94342 94371->94344 94372->94346 94373->94088 94374->94090 94375->94090 94377 2b45afde3f1 94376->94377 94378 2b45afde3bf _Receive_impl 94376->94378 94378->94377 94379 2b45afe6000 37 API calls 94378->94379 94380 2b45aff0000 37 API calls 94378->94380 94379->94378 94380->94378 94382->94112 94384->94110 94386 2b45afe6051 94385->94386 94389 2b45afe601c _Receive_impl 94385->94389 94386->94122 94387 2b45afe6000 37 API calls 94387->94389 94388 2b45aff0000 37 API calls 94388->94389 94389->94386 94389->94387 94389->94388 94395 2b45afdeec0 94390->94395 94392->94096 94393->94118 94396 2b45afe0fb0 37 API calls 94395->94396 94397 2b45afdeed8 94396->94397 94398->94133 94399->94125 94400->94128 94401->94146 94402 2b45b016480 94468 2b45b019760 GetCurrentProcess OpenProcessToken 94402->94468 94405 2b45b0164a4 94675 2b45b019aa0 38 API calls 2 library calls 94405->94675 94406 2b45b0164ce 94473 2b45b025970 GetCurrentProcess OpenProcessToken 94406->94473 94409 2b45b0164ae 94676 2b45b024740 65 API calls _Strcoll 94409->94676 94412 2b45b025970 8 API calls 94414 2b45b0164e6 94412->94414 94413 2b45b0164b7 94417 2b45b0164c2 ExitProcess 94413->94417 94481 2b45b021ff0 94414->94481 94416 2b45b0164f0 94655 2b45b016eb0 94416->94655 94417->94406 94419 2b45b016576 _Receive_impl 94420 2b45b0165b4 OpenMutexA 94419->94420 94426 2b45b016746 94419->94426 94421 2b45b0165f9 CreateMutexA 94420->94421 94422 2b45b0165ed ExitProcess 94420->94422 94659 2b45b0109f0 94421->94659 94422->94421 94469 2b45b0197b8 GetTokenInformation 94468->94469 94470 2b45b0197f4 94468->94470 94469->94470 94471 2b45b04cb70 _Strcoll 3 API calls 94470->94471 94472 2b45b0164a0 94471->94472 94472->94405 94472->94406 94474 2b45b0259db LookupPrivilegeValueW 94473->94474 94475 2b45b025a46 94473->94475 94474->94475 94476 2b45b0259fc AdjustTokenPrivileges 94474->94476 94477 2b45b025a5a 94475->94477 94478 2b45b025a4e CloseHandle 94475->94478 94476->94475 94479 2b45b04cb70 _Strcoll 3 API calls 94477->94479 94478->94477 94480 2b45b0164da 94479->94480 94480->94412 94677 2b45b020c30 GetCurrentHwProfileW 94481->94677 94485 2b45b0220f9 94486 2b45b022143 94485->94486 95038 2b45b02de34 39 API calls 94485->95038 94699 2b45b027550 94486->94699 94489 2b45b022153 94492 2b45b02219c 94489->94492 94494 2b45b0221cc _Yarn _Receive_impl 94489->94494 95039 2b45b036cc0 94489->95039 94491 2b45b02229a _Receive_impl 94493 2b45b04cb70 _Strcoll 3 API calls 94491->94493 94492->94494 94495 2b45b036cc0 36 API calls 94492->94495 94496 2b45b0222bf 94493->94496 94494->94491 94497 2b45b0222dc 94494->94497 94495->94492 94496->94416 94711 2b45b020500 94497->94711 94508 2b45b021ff0 137 API calls 94509 2b45b02237d 94508->94509 94763 2b45b01ff80 94509->94763 94656 2b45b016ed2 94655->94656 94657 2b45b005760 38 API calls 94656->94657 94658 2b45b016ee6 94657->94658 94658->94419 94660 2b45b010a21 94659->94660 95304 2b45b0118e0 37 API calls _Receive_impl 94660->95304 94662 2b45b01113c 94663 2b45afe15c0 37 API calls 94662->94663 94664 2b45b01117f 94663->94664 95305 2b45b0043c0 94664->95305 94666 2b45b0111b7 94667 2b45afdeda0 37 API calls 94666->94667 94668 2b45b01122b 94667->94668 94669 2b45b004500 38 API calls 94668->94669 94670 2b45b01123b 94669->94670 94675->94409 94676->94413 94678 2b45b020c7a 94677->94678 94680 2b45b020cd9 94677->94680 95048 2b45b011bf0 94678->95048 94681 2b45b04cb70 _Strcoll 3 API calls 94680->94681 94682 2b45b020d51 94681->94682 94685 2b45b020250 94682->94685 94684 2b45b020c89 94684->94680 95057 2b45b02de34 39 API calls 94684->95057 95059 2b45b019920 94685->95059 94689 2b45b0202f3 memcpy_s _Receive_impl 94690 2b45b020417 94689->94690 94698 2b45b020341 94689->94698 95070 2b45b012490 56 API calls 94689->95070 94691 2b45b04cb70 _Strcoll 3 API calls 94692 2b45b0203fe 94691->94692 94692->94485 94694 2b45b02037d 95071 2b45b0125f0 55 API calls 2 library calls 94694->95071 94696 2b45b0203a4 95072 2b45afde100 94696->95072 94698->94691 94702 2b45b027599 94699->94702 94710 2b45b027698 94699->94710 94703 2b45b0275d8 94702->94703 94705 2b45b0275fa _Yarn 94702->94705 94706 2b45b027636 94702->94706 94704 2b45b04cb98 std::_Facet_Register 37 API calls 94703->94704 94707 2b45b0275f1 94703->94707 94704->94707 94705->94489 94708 2b45b04cb98 std::_Facet_Register 37 API calls 94706->94708 94707->94705 95085 2b45afcb7b0 37 API calls 2 library calls 94707->95085 94708->94705 95086 2b45afcb870 37 API calls 94710->95086 94712 2b45b020559 memcpy_s 94711->94712 94713 2b45b04cb98 std::_Facet_Register 37 API calls 94712->94713 94714 2b45b0205c3 94713->94714 94715 2b45b020608 EnumDisplayDevicesW 94714->94715 94716 2b45b0206c9 94715->94716 94718 2b45b020625 _Receive_impl 94715->94718 94720 2b45b0206d1 94716->94720 94723 2b45afe0dc0 37 API calls 94716->94723 94717 2b45b011bf0 37 API calls 94717->94718 94718->94717 94722 2b45b020691 EnumDisplayDevicesW 94718->94722 94725 2b45b02080f 94718->94725 95087 2b45b027d70 37 API calls 2 library calls 94718->95087 94721 2b45b04cb70 _Strcoll 3 API calls 94720->94721 94724 2b45b0207ee 94721->94724 94722->94716 94722->94718 94723->94716 94726 2b45b020420 RegGetValueA 94724->94726 94727 2b45b02049d 94726->94727 94728 2b45b04cb70 _Strcoll 3 API calls 94727->94728 94729 2b45b0204df 94728->94729 94730 2b45b020820 94729->94730 94731 2b45b0208af 94730->94731 94734 2b45b0208c0 _Receive_impl 94730->94734 94732 2b45afe51e0 37 API calls 94731->94732 94732->94734 94733 2b45afe0dc0 37 API calls 94733->94734 94734->94733 94735 2b45b02099e 94734->94735 94739 2b45b020c0b 94734->94739 95088 2b45b05b3c4 GetNativeSystemInfo 94735->95088 94737 2b45b0209a3 94738 2b45b005760 38 API calls 94737->94738 94740 2b45b020a44 94738->94740 94741 2b45afe0dc0 37 API calls 94740->94741 94742 2b45b020a8e 94741->94742 94743 2b45afe0dc0 37 API calls 94742->94743 94745 2b45b020ae8 _Receive_impl 94743->94745 94744 2b45b04cb70 _Strcoll 3 API calls 94746 2b45b020bee 94744->94746 94745->94739 94745->94744 94747 2b45b020110 94746->94747 95089 2b45b04d830 94747->95089 94750 2b45b02016c 94753 2b45b04cb70 _Strcoll 3 API calls 94750->94753 94751 2b45b02015f 94752 2b45b011bf0 37 API calls 94751->94752 94752->94750 94754 2b45b02019e 94753->94754 94755 2b45b0201b0 94754->94755 94756 2b45b04d830 _Strcoll 94755->94756 94757 2b45b0201c0 GetComputerNameW 94756->94757 94758 2b45b0201ff 94757->94758 94760 2b45b02020c 94757->94760 94759 2b45b011bf0 37 API calls 94758->94759 94759->94760 94761 2b45b04cb70 _Strcoll 3 API calls 94760->94761 94762 2b45b02023e 94761->94762 94762->94508 94764 2b45b020080 94763->94764 95091 2b45b01f200 94764->95091 95038->94485 95040 2b45b036cfa 95039->95040 95041 2b45b036cd9 95039->95041 95042 2b45b0381fc _Getctype 36 API calls 95040->95042 95041->94489 95043 2b45b036cff 95042->95043 95044 2b45b03a488 _Getctype 36 API calls 95043->95044 95045 2b45b036d18 95044->95045 95045->95041 95303 2b45b03ddc0 36 API calls 3 library calls 95045->95303 95047 2b45b036d4e 95047->94489 95049 2b45b011c3e 95048->95049 95055 2b45b011c1f _Receive_impl 95048->95055 95051 2b45afd4c00 37 API calls 95049->95051 95050 2b45b04cb70 _Strcoll 3 API calls 95052 2b45b011cde 95050->95052 95053 2b45b011c67 95051->95053 95052->94684 95058 2b45b011d00 37 API calls 2 library calls 95053->95058 95055->95050 95056 2b45b011cec 95055->95056 95057->94684 95058->95055 95076 2b45b017d40 95059->95076 95062 2b45b01996d 95064 2b45afd4c00 37 API calls 95062->95064 95068 2b45b019a82 95062->95068 95065 2b45b0199de 95064->95065 95066 2b45b019a47 _Receive_impl 95065->95066 95065->95068 95067 2b45b04cb70 _Strcoll 3 API calls 95066->95067 95069 2b45b019a6c GetVolumeInformationW 95067->95069 95082 2b45b017b50 37 API calls Concurrency::cancel_current_task 95068->95082 95069->94689 95070->94694 95071->94696 95074 2b45afde148 95072->95074 95073 2b45afde1ac 95073->94698 95074->95073 95075 2b45afe15c0 37 API calls 95074->95075 95075->95073 95077 2b45b017dbf 95076->95077 95079 2b45b017da0 __std_fs_get_current_path 95076->95079 95077->95079 95083 2b45afe57d0 37 API calls 4 library calls 95077->95083 95081 2b45b017ed5 95079->95081 95084 2b45afe57d0 37 API calls 4 library calls 95079->95084 95081->95062 95083->95079 95084->95079 95085->94710 95087->94718 95088->94737 95090 2b45b020120 GetUserNameW 95089->95090 95090->94750 95090->94751 95092 2b45b01f3a0 95091->95092 95093 2b45b01f3b7 InternetOpenA 95092->95093 95094 2b45b01f475 InternetOpenUrlA 95093->95094 95096 2b45b01f3e2 95093->95096 95094->95096 95097 2b45b01f4e9 HttpQueryInfoW 95094->95097 95108 2b45b01f86f 95096->95108 95115 2b45b01f436 _Receive_impl 95096->95115 95303->95047 95304->94662 95306 2b45afe0840 37 API calls 95305->95306 95307 2b45b0043f6 95306->95307 95312 2b45b0075b0 95307->95312 95311 2b45b004481 95311->94666 95314 2b45b0075f4 95312->95314 95313 2b45b033fc4 36 API calls 95315 2b45b0076cc 95313->95315 95314->95313 95367 2b45b005850 95315->95367 95317 2b45b004475 95318 2b45b004710 95317->95318 95319 2b45b004a21 95318->95319 95320 2b45b00475b memcpy_s 95318->95320 95321 2b45b005850 37 API calls 95319->95321 95391 2b45b004f50 37 API calls 95320->95391 95328 2b45b004a60 95321->95328 95323 2b45b0047ab 95392 2b45b007a80 37 API calls 2 library calls 95323->95392 95325 2b45b004a1c _Receive_impl 95329 2b45b04cb70 _Strcoll 3 API calls 95325->95329 95326 2b45b0047bb 95330 2b45b005850 37 API calls 95326->95330 95327 2b45afe0840 37 API calls 95331 2b45b004c1c 95327->95331 95360 2b45b004b68 _Receive_impl 95328->95360 95398 2b45b008950 37 API calls 4 library calls 95328->95398 95332 2b45b004cac 95329->95332 95342 2b45b0047c7 95330->95342 95333 2b45afe0fb0 37 API calls 95331->95333 95332->95311 95338 2b45b004c56 95333->95338 95335 2b45b004ad3 95399 2b45b005630 37 API calls _Strcoll 95335->95399 95336 2b45b0049b5 95341 2b45b004a0f 95336->95341 95347 2b45afe0840 37 API calls 95336->95347 95337 2b45b00496d 95340 2b45afe0840 37 API calls 95337->95340 95338->95325 95343 2b45b004d00 95338->95343 95346 2b45b004988 95340->95346 95397 2b45b004d70 37 API calls _Receive_impl 95341->95397 95365 2b45b004954 _Receive_impl 95342->95365 95393 2b45b008950 37 API calls 4 library calls 95342->95393 95402 2b45b004110 37 API calls 95343->95402 95348 2b45afe0fb0 37 API calls 95346->95348 95347->95346 95348->95341 95351 2b45b004839 95394 2b45b005630 37 API calls _Strcoll 95351->95394 95352 2b45b004ae2 _Receive_impl 95355 2b45b004d18 Concurrency::cancel_current_task 95352->95355 95362 2b45b004d47 Concurrency::cancel_current_task 95352->95362 95400 2b45b04eae0 7 API calls __std_exception_destroy 95352->95400 95403 2b45b004110 37 API calls 95355->95403 95356 2b45b004b5a 95401 2b45b04eae0 7 API calls __std_exception_destroy 95356->95401 95357 2b45b004849 95357->95343 95359 2b45b00485e _Receive_impl 95357->95359 95359->95355 95395 2b45b04eae0 7 API calls __std_exception_destroy 95359->95395 95360->95327 95360->95338 95360->95343 95360->95362 95363 2b45b0048c9 95396 2b45b04eae0 7 API calls __std_exception_destroy 95363->95396 95365->95336 95365->95337 95368 2b45b005873 95367->95368 95375 2b45b0058c0 95367->95375 95386 2b45b007280 37 API calls 95368->95386 95371 2b45b005878 95371->95375 95387 2b45b007280 37 API calls 95371->95387 95373 2b45b0059f7 95380 2b45b04cb70 _Strcoll 3 API calls 95373->95380 95374 2b45b005887 95376 2b45b00589d 95374->95376 95388 2b45b007280 37 API calls 95374->95388 95389 2b45b005ca0 37 API calls 95375->95389 95379 2b45b04cb70 _Strcoll 3 API calls 95376->95379 95377 2b45b007280 37 API calls 95385 2b45b005901 95377->95385 95382 2b45b0058ba 95379->95382 95383 2b45b005af5 95380->95383 95381 2b45b005896 95381->95375 95381->95376 95382->95317 95383->95317 95385->95373 95385->95377 95390 2b45b005ca0 37 API calls 95385->95390 95386->95371 95387->95374 95388->95381 95389->95385 95390->95385 95391->95323 95392->95326 95393->95351 95394->95357 95395->95363 95397->95325 95398->95335 95399->95352 95400->95356 95401->95360 95402->95355 95403->95362 95404 2b45afe1925 95405 2b45b04cb98 std::_Facet_Register 37 API calls 95404->95405 95406 2b45afe1937 95405->95406 95407 2b45afdfe50 37 API calls 95406->95407 95408 2b45afe1951 95407->95408 95409 2b45b04cb70 _Strcoll 3 API calls 95408->95409 95410 2b45afe1a33 95409->95410 95411 7ff65dab1940 95414 7ff65dab17d0 95411->95414 95413 7ff65dab195d 95430 7ff65dab17b0 95414->95430 95418 7ff65dab18d8 95425 7ff65dab1917 _CallMemberFunction0 95418->95425 95488 7ff65daaa560 95418->95488 95422 7ff65dab1970 94 API calls 95429 7ff65dab17e2 _CallMemberFunction0 95422->95429 95424 7ff65daaa560 59 API calls 95424->95425 95425->95413 95428 7ff65daaa560 59 API calls 95428->95429 95429->95418 95429->95422 95429->95428 95436 7ff65dae21cc 95429->95436 95439 7ff65dab7980 95429->95439 95509 7ff65dae22ac GetSystemTimeAsFileTime 95430->95509 95433 7ff65dae21f8 95511 7ff65dae5cb8 GetLastError 95433->95511 95437 7ff65dae5cb8 _Getctype 47 API calls 95436->95437 95438 7ff65dae21d5 95437->95438 95438->95429 95440 7ff65dab79b7 std::ios_base::_Init 95439->95440 95544 7ff65dab7c00 95440->95544 95448 7ff65dab79fb 95449 7ff65daa6610 std::ios_base::_Init 50 API calls 95448->95449 95450 7ff65dab7a0d 95449->95450 95451 7ff65dab6330 50 API calls 95450->95451 95452 7ff65dab7a27 95451->95452 95453 7ff65daa6450 std::ios_base::_Init 47 API calls 95452->95453 95454 7ff65dab7a32 95453->95454 95455 7ff65daa6610 std::ios_base::_Init 50 API calls 95454->95455 95456 7ff65dab7a47 95455->95456 95457 7ff65dab6330 50 API calls 95456->95457 95458 7ff65dab7a64 95457->95458 95459 7ff65daa6450 std::ios_base::_Init 47 API calls 95458->95459 95460 7ff65dab7a72 95459->95460 95461 7ff65daa6610 std::ios_base::_Init 50 API calls 95460->95461 95489 7ff65daaa598 char_traits 95488->95489 96150 7ff65daa79a0 95489->96150 95494 7ff65daaa8eb 95495 7ff65daf5500 _Find_unchecked 8 API calls 95494->95495 95496 7ff65daaa903 95495->95496 95498 7ff65dab1970 95496->95498 95497 7ff65daaa64c Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::width 96154 7ff65daa7da0 95497->96154 95499 7ff65daa79a0 59 API calls 95498->95499 95500 7ff65dab19b1 95499->95500 95508 7ff65dab1a17 Concurrency::details::WorkQueue::IsStructuredEmpty 95500->95508 96185 7ff65daaa940 85 API calls 5 library calls 95500->96185 95501 7ff65daa7da0 50 API calls 95502 7ff65dab1bd2 95501->95502 95503 7ff65daa7950 59 API calls 95502->95503 95505 7ff65dab1bed 95503->95505 95506 7ff65daf5500 _Find_unchecked 8 API calls 95505->95506 95507 7ff65dab1908 95506->95507 95507->95424 95508->95501 95510 7ff65dab17c3 95509->95510 95510->95433 95512 7ff65dae5cdc FlsGetValue 95511->95512 95513 7ff65dae5cf9 FlsSetValue 95511->95513 95514 7ff65dae5cf3 95512->95514 95516 7ff65dae5ce9 95512->95516 95515 7ff65dae5d0b 95513->95515 95513->95516 95514->95513 95534 7ff65dae5798 11 API calls 3 library calls 95515->95534 95517 7ff65dae5d65 SetLastError 95516->95517 95519 7ff65dae2205 95517->95519 95520 7ff65dae5d85 95517->95520 95519->95429 95542 7ff65dae5324 47 API calls 2 library calls 95520->95542 95521 7ff65dae5d1a 95523 7ff65dae5d38 FlsSetValue 95521->95523 95524 7ff65dae5d28 FlsSetValue 95521->95524 95525 7ff65dae5d44 FlsSetValue 95523->95525 95526 7ff65dae5d56 95523->95526 95528 7ff65dae5d31 95524->95528 95525->95528 95541 7ff65dae5a68 11 API calls _Getctype 95526->95541 95535 7ff65dae5810 95528->95535 95532 7ff65dae5d5e 95533 7ff65dae5810 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 95532->95533 95533->95517 95534->95521 95536 7ff65dae5815 RtlFreeHeap 95535->95536 95537 7ff65dae5844 95535->95537 95536->95537 95538 7ff65dae5830 GetLastError 95536->95538 95537->95516 95539 7ff65dae583d Concurrency::details::SchedulerProxy::DeleteThis 95538->95539 95543 7ff65dae5920 11 API calls memcpy_s 95539->95543 95541->95532 95543->95537 95545 7ff65dab7c13 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 95544->95545 95620 7ff65dab84e0 95545->95620 95550 7ff65daa6610 95551 7ff65daa6637 std::ios_base::_Init Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock char_traits 95550->95551 95697 7ff65daaac90 95551->95697 95554 7ff65dab6330 95729 7ff65dab84b0 95554->95729 95557 7ff65daa6450 95745 7ff65daa7e40 95557->95745 95559 7ff65daa6463 std::ios_base::_Init 95559->95448 95626 7ff65dab8870 95620->95626 95623 7ff65dab8440 95672 7ff65dab8820 95623->95672 95627 7ff65dab88a1 95626->95627 95630 7ff65dab8bc0 95627->95630 95631 7ff65dab8be2 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 95630->95631 95636 7ff65dabc470 95631->95636 95633 7ff65dab8c19 UnDecorator::getVbTableType 95634 7ff65daf5500 _Find_unchecked 8 API calls 95633->95634 95635 7ff65dab7c33 95634->95635 95635->95623 95641 7ff65dabc770 95636->95641 95638 7ff65dabc497 UnDecorator::getVbTableType 95639 7ff65daf5500 _Find_unchecked 8 API calls 95638->95639 95640 7ff65dabc4fe 95639->95640 95640->95633 95646 7ff65dabfd80 95641->95646 95647 7ff65dabfdae 95646->95647 95649 7ff65dabc788 95646->95649 95660 7ff65daa4160 RtlPcToFileHeader RaiseException std::ios_base::_Init std::_Xinvalid_argument 95647->95660 95650 7ff65daacc20 95649->95650 95651 7ff65daacc35 allocator 95650->95651 95657 7ff65daacc31 95650->95657 95652 7ff65daacc41 95651->95652 95653 7ff65daacc4d 95651->95653 95669 7ff65daa4210 95652->95669 95655 7ff65daacc64 95653->95655 95656 7ff65daacc58 95653->95656 95659 7ff65daa4210 allocator 14 API calls 95655->95659 95661 7ff65daacd80 95656->95661 95657->95638 95659->95657 95660->95649 95662 7ff65daacda3 95661->95662 95663 7ff65daacda8 95661->95663 95665 7ff65daa4160 allocator RtlPcToFileHeader RaiseException 95662->95665 95664 7ff65daa4210 allocator 14 API calls 95663->95664 95667 7ff65daacdb3 95664->95667 95665->95663 95666 7ff65dae2154 _invalid_parameter_noinfo_noreturn 47 API calls 95666->95667 95667->95666 95668 7ff65daacdd4 95667->95668 95668->95657 95670 7ff65daf5554 std::ios_base::_Init 14 API calls 95669->95670 95671 7ff65daa4223 95670->95671 95671->95657 95673 7ff65dab8851 95672->95673 95676 7ff65dab8b40 95673->95676 95677 7ff65dab8b62 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 95676->95677 95682 7ff65dabc3d0 95677->95682 95679 7ff65dab8b99 UnDecorator::getVbTableType 95680 7ff65daf5500 _Find_unchecked 8 API calls 95679->95680 95681 7ff65dab79c4 95680->95681 95681->95550 95687 7ff65dabc700 95682->95687 95684 7ff65dabc3f7 UnDecorator::getVbTableType 95685 7ff65daf5500 _Find_unchecked 8 API calls 95684->95685 95686 7ff65dabc45e 95685->95686 95686->95679 95692 7ff65dabfd40 95687->95692 95690 7ff65daacc20 allocator 50 API calls 95691 7ff65dabc720 95690->95691 95691->95684 95693 7ff65dabfd6e 95692->95693 95694 7ff65dabc718 95692->95694 95696 7ff65daa4160 RtlPcToFileHeader RaiseException std::ios_base::_Init std::_Xinvalid_argument 95693->95696 95694->95690 95696->95694 95710 7ff65daac520 95697->95710 95701 7ff65daaacd5 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init 95702 7ff65daaad11 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock UnDecorator::getVbTableType 95701->95702 95703 7ff65daac520 std::ios_base::_Init 8 API calls 95701->95703 95708 7ff65daf5500 _Find_unchecked 8 API calls 95702->95708 95704 7ff65daaad8a 95703->95704 95715 7ff65daac470 95704->95715 95709 7ff65daa665c 95708->95709 95709->95554 95711 7ff65daac542 Concurrency::details::WorkQueue::IsStructuredEmpty std::ios_base::_Init _Min_value _Max_value 95710->95711 95712 7ff65daf5500 _Find_unchecked 8 API calls 95711->95712 95713 7ff65daaacc6 95712->95713 95713->95701 95714 7ff65daa4310 50 API calls std::_Xinvalid_argument 95713->95714 95714->95701 95716 7ff65daac4ac _Max_value 95715->95716 95717 7ff65daf5500 _Find_unchecked 8 API calls 95716->95717 95718 7ff65daaad9f 95717->95718 95719 7ff65daacac0 95718->95719 95722 7ff65daaa910 95719->95722 95721 7ff65daacaf9 std::ios_base::_Init Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock allocator 95721->95702 95725 7ff65daac5f0 95722->95725 95726 7ff65daac608 allocator 95725->95726 95727 7ff65daacc20 allocator 50 API calls 95726->95727 95728 7ff65daaa930 95727->95728 95728->95721 95732 7ff65dabbd20 95729->95732 95733 7ff65dabbd67 95732->95733 95735 7ff65dabbd8c 95733->95735 95742 7ff65dabc730 50 API calls Concurrency::details::WorkQueue::IsStructuredEmpty 95733->95742 95736 7ff65daf5500 _Find_unchecked 8 API calls 95735->95736 95737 7ff65dab6360 95736->95737 95737->95557 95738 7ff65dabbdc6 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock UnDecorator::getVbTableType 95743 7ff65dabf9f0 50 API calls 2 library calls 95738->95743 95740 7ff65dabbe52 95744 7ff65dabc540 47 API calls 2 library calls 95740->95744 95742->95738 95743->95740 95744->95735 95746 7ff65daa7e5d Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getVbTableType 95745->95746 95748 7ff65daa7e99 UnDecorator::getVbTableType 95746->95748 95749 7ff65daa97a0 95746->95749 95748->95559 95752 7ff65daa83c0 95749->95752 95755 7ff65daabce0 95752->95755 95754 7ff65daa83e2 95754->95748 95756 7ff65daabcf3 allocator 95755->95756 95757 7ff65daabcfa UnDecorator::getVbTableType 95756->95757 95759 7ff65daa4230 47 API calls _invalid_parameter_noinfo_noreturn 95756->95759 95757->95754 95759->95757 96152 7ff65daa79bd std::ios_base::good 96150->96152 96151 7ff65daa79e4 std::ios_base::good 96151->95497 96152->96151 96163 7ff65daa94c0 59 API calls _Find_unchecked 96152->96163 96155 7ff65daa7dbc std::ios_base::good 96154->96155 96164 7ff65daa9670 96155->96164 96158 7ff65daa7950 96179 7ff65dafb640 __uncaught_exceptions 96158->96179 96160 7ff65daa795e 96161 7ff65daa798d 96160->96161 96183 7ff65daa95a0 50 API calls 2 library calls 96160->96183 96161->95494 96163->96151 96165 7ff65daa9697 96164->96165 96168 7ff65daa5820 96165->96168 96169 7ff65daa5900 96168->96169 96170 7ff65daa587a 96168->96170 96169->96158 96172 7ff65daa588f std::make_error_code 96170->96172 96176 7ff65daf77d4 RtlPcToFileHeader RaiseException 96170->96176 96177 7ff65daa57c0 50 API calls std::ios_base::_Init 96172->96177 96174 7ff65daa58ef 96178 7ff65daf77d4 RtlPcToFileHeader RaiseException 96174->96178 96176->96172 96177->96174 96178->96169 96179->96160 96180 7ff65db074e4 96179->96180 96184 7ff65daf7cb8 8 API calls __vcrt_FlsGetValue 96180->96184 96182 7ff65db074ed 96182->96160 96183->96161 96184->96182 96185->95508 96186 2b45aff11c0 96187 2b45aff11d8 96186->96187 96192 2b45aff11e4 _Yarn 96186->96192 96188 2b45aff11f5 _Yarn 96189 2b45aff132e 96189->96188 96191 2b45b02f3fc _fread_nolock 40 API calls 96189->96191 96191->96188 96192->96188 96192->96189 96193 2b45b02f3fc 96192->96193 96196 2b45b02f41c 96193->96196 96195 2b45b02f414 96195->96192 96197 2b45b02f446 96196->96197 96198 2b45b02f475 96196->96198 96197->96198 96199 2b45b02f455 memcpy_s 96197->96199 96201 2b45b02f492 96197->96201 96198->96195 96220 2b45b0340cc 6 API calls _Strcoll 96199->96220 96205 2b45b02f19c 96201->96205 96202 2b45b02f46a 96221 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96202->96221 96208 2b45b02f1cb memcpy_s 96205->96208 96218 2b45b02f1e5 96205->96218 96206 2b45b02f1d5 96242 2b45b0340cc 6 API calls _Strcoll 96206->96242 96208->96206 96210 2b45b02f23a _Yarn memcpy_s 96208->96210 96208->96218 96212 2b45b02f3bd memcpy_s 96210->96212 96213 2b45b037c1c _fread_nolock 36 API calls 96210->96213 96210->96218 96222 2b45b03ba50 96210->96222 96244 2b45b0340cc 6 API calls _Strcoll 96210->96244 96245 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96210->96245 96246 2b45b03d5f0 96210->96246 96309 2b45b0340cc 6 API calls _Strcoll 96212->96309 96213->96210 96216 2b45b02f1da 96243 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96216->96243 96218->96198 96220->96202 96221->96198 96223 2b45b03ba6d 96222->96223 96227 2b45b03ba98 96222->96227 96335 2b45b0340cc 6 API calls _Strcoll 96223->96335 96225 2b45b03ba7d 96225->96210 96226 2b45b03ba72 96336 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96226->96336 96227->96225 96229 2b45b03bad4 96227->96229 96337 2b45b03cfdc 6 API calls 2 library calls 96227->96337 96231 2b45b037c1c _fread_nolock 36 API calls 96229->96231 96232 2b45b03bae6 96231->96232 96310 2b45b03d4d0 96232->96310 96234 2b45b03baf3 96234->96225 96235 2b45b037c1c _fread_nolock 36 API calls 96234->96235 96236 2b45b03bb28 96235->96236 96236->96225 96237 2b45b037c1c _fread_nolock 36 API calls 96236->96237 96238 2b45b03bb34 96237->96238 96238->96225 96239 2b45b037c1c _fread_nolock 36 API calls 96238->96239 96240 2b45b03bb41 96239->96240 96241 2b45b037c1c _fread_nolock 36 API calls 96240->96241 96241->96225 96242->96216 96243->96218 96244->96210 96245->96210 96247 2b45b03d618 96246->96247 96248 2b45b03d631 96246->96248 96355 2b45b0340ac 6 API calls _Strcoll 96247->96355 96250 2b45b03da0b 96248->96250 96255 2b45b03d67c 96248->96255 96370 2b45b0340ac 6 API calls _Strcoll 96250->96370 96251 2b45b03d61d 96356 2b45b0340cc 6 API calls _Strcoll 96251->96356 96253 2b45b03da10 96371 2b45b0340cc 6 API calls _Strcoll 96253->96371 96257 2b45b03d626 96255->96257 96258 2b45b03d685 96255->96258 96262 2b45b03d6b6 96255->96262 96257->96210 96357 2b45b0340ac 6 API calls _Strcoll 96258->96357 96259 2b45b03d691 96372 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96259->96372 96261 2b45b03d68a 96358 2b45b0340cc 6 API calls _Strcoll 96261->96358 96265 2b45b03d6dd 96262->96265 96266 2b45b03d6ea 96262->96266 96267 2b45b03d717 96262->96267 96265->96266 96294 2b45b03d706 96265->96294 96359 2b45b0340ac 6 API calls _Strcoll 96266->96359 96268 2b45b03dedc wcsftime 6 API calls 96267->96268 96270 2b45b03d728 96268->96270 96272 2b45b03b550 __free_lconv_mon 6 API calls 96270->96272 96271 2b45b03d6ef 96360 2b45b0340cc 6 API calls _Strcoll 96271->96360 96275 2b45b03d732 96272->96275 96277 2b45b03b550 __free_lconv_mon 6 API calls 96275->96277 96276 2b45b03d6f6 96361 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96276->96361 96280 2b45b03d739 96277->96280 96283 2b45b03d741 96280->96283 96284 2b45b03d75c 96280->96284 96281 2b45b03d8b7 ReadFile 96285 2b45b03d9d1 __std_fs_get_current_path 96281->96285 96286 2b45b03d8dd 96281->96286 96282 2b45b03d845 GetConsoleMode 96287 2b45b03d859 96282->96287 96362 2b45b0340cc 6 API calls _Strcoll 96283->96362 96364 2b45b03dcb0 36 API calls 2 library calls 96284->96364 96295 2b45b03d9dc 96285->96295 96299 2b45b03d887 __std_fs_get_current_path 96285->96299 96286->96285 96290 2b45b03d8a6 96286->96290 96287->96281 96291 2b45b03d863 _fread_nolock 96287->96291 96297 2b45b03d93b 96290->96297 96298 2b45b03d916 96290->96298 96308 2b45b03d701 96290->96308 96291->96290 96291->96299 96292 2b45b03b550 __free_lconv_mon 6 API calls 96292->96257 96293 2b45b03d746 96363 2b45b0340ac 6 API calls _Strcoll 96293->96363 96347 2b45b047c7c 96294->96347 96368 2b45b0340cc 6 API calls _Strcoll 96295->96368 96302 2b45b03d9bf 96297->96302 96297->96308 96366 2b45b03d208 37 API calls 4 library calls 96298->96366 96299->96308 96365 2b45b034040 6 API calls 2 library calls 96299->96365 96367 2b45b03d048 37 API calls _fread_nolock 96302->96367 96304 2b45b03d9e1 96369 2b45b0340ac 6 API calls _Strcoll 96304->96369 96307 2b45b03d9cc 96307->96308 96308->96292 96309->96216 96311 2b45b03d4fa 96310->96311 96315 2b45b03d52a 96310->96315 96338 2b45b0340ac 6 API calls _Strcoll 96311->96338 96313 2b45b03d4ff 96339 2b45b0340cc 6 API calls _Strcoll 96313->96339 96314 2b45b03d543 96340 2b45b0340ac 6 API calls _Strcoll 96314->96340 96315->96314 96318 2b45b03d581 96315->96318 96320 2b45b03d58a 96318->96320 96321 2b45b03d59f 96318->96321 96319 2b45b03d548 96341 2b45b0340cc 6 API calls _Strcoll 96319->96341 96343 2b45b0340ac 6 API calls _Strcoll 96320->96343 96326 2b45b03d5d1 96321->96326 96327 2b45b03d5bc 96321->96327 96324 2b45b03d550 96342 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96324->96342 96325 2b45b03d58f 96344 2b45b0340cc 6 API calls _Strcoll 96325->96344 96331 2b45b03d5f0 _fread_nolock 40 API calls 96326->96331 96345 2b45b0340cc 6 API calls _Strcoll 96327->96345 96334 2b45b03d507 96331->96334 96332 2b45b03d5c1 96346 2b45b0340ac 6 API calls _Strcoll 96332->96346 96334->96234 96335->96226 96336->96225 96337->96229 96338->96313 96339->96334 96340->96319 96341->96324 96342->96334 96343->96325 96344->96324 96345->96332 96346->96334 96348 2b45b047c85 96347->96348 96349 2b45b047c92 96347->96349 96373 2b45b0340cc 6 API calls _Strcoll 96348->96373 96352 2b45b03d826 96349->96352 96374 2b45b0340cc 6 API calls _Strcoll 96349->96374 96352->96282 96352->96287 96353 2b45b047cc9 96375 2b45b02fbec 36 API calls _invalid_parameter_noinfo 96353->96375 96355->96251 96356->96257 96357->96261 96358->96259 96359->96271 96360->96276 96361->96308 96362->96293 96363->96308 96364->96294 96365->96308 96366->96308 96367->96307 96368->96304 96369->96308 96370->96253 96371->96259 96372->96257 96373->96352 96374->96353 96375->96352 96376 2b45b02c80b 96450 2b45b00b5f0 96376->96450 96378 2b45b02cb35 96379 2b45b04cb70 _Strcoll 3 API calls 96378->96379 96380 2b45b02d1e6 96379->96380 96381 2b45b02c66e 96381->96378 96382 2b45b02ca48 96381->96382 96383 2b45b02cc6d 96381->96383 96384 2b45b02cd22 96381->96384 96385 2b45b029610 37 API calls 96381->96385 96393 2b45b00a9b0 37 API calls 96381->96393 96386 2b45b029610 37 API calls 96382->96386 96483 2b45b008950 37 API calls 4 library calls 96383->96483 96486 2b45b008950 37 API calls 4 library calls 96384->96486 96385->96381 96387 2b45b02ca50 96386->96387 96388 2b45b02ce8c 96387->96388 96389 2b45b02ca5c 96387->96389 96492 2b45b008950 37 API calls 4 library calls 96388->96492 96468 2b45b00a810 96389->96468 96391 2b45b02ca74 96392 2b45b029610 37 API calls 96391->96392 96397 2b45b02ca80 96392->96397 96393->96381 96396 2b45b02cd88 96487 2b45b005630 37 API calls _Strcoll 96396->96487 96401 2b45b02ca8c 96397->96401 96413 2b45b02cdd7 96397->96413 96398 2b45b02ccd3 96484 2b45b005630 37 API calls _Strcoll 96398->96484 96406 2b45b029610 37 API calls 96401->96406 96403 2b45b02cce3 96407 2b45b02ccf2 96403->96407 96449 2b45b02d260 Concurrency::cancel_current_task 96403->96449 96404 2b45b02cd98 96408 2b45b02cda7 96404->96408 96415 2b45b02d27d Concurrency::cancel_current_task 96404->96415 96405 2b45b02cef2 96493 2b45b005630 37 API calls _Strcoll 96405->96493 96421 2b45b02ca94 96406->96421 96485 2b45afced70 7 API calls __std_exception_destroy 96407->96485 96488 2b45afced70 7 API calls __std_exception_destroy 96408->96488 96410 2b45b02cf02 96414 2b45b02cf11 96410->96414 96427 2b45b02d2b7 Concurrency::cancel_current_task 96410->96427 96489 2b45b008950 37 API calls 4 library calls 96413->96489 96494 2b45afced70 7 API calls __std_exception_destroy 96414->96494 96499 2b45b004110 37 API calls 96415->96499 96420 2b45b02ce3d 96490 2b45b005630 37 API calls _Strcoll 96420->96490 96480 2b45b008950 37 API calls 4 library calls 96421->96480 96422 2b45b02d29a Concurrency::cancel_current_task 96500 2b45b004110 37 API calls 96422->96500 96426 2b45b02ce4d 96426->96422 96428 2b45b02ce5c 96426->96428 96501 2b45b004110 37 API calls 96427->96501 96491 2b45afced70 7 API calls __std_exception_destroy 96428->96491 96429 2b45b02d2d4 Concurrency::cancel_current_task 96502 2b45b004110 37 API calls 96429->96502 96432 2b45b02cb02 96481 2b45b005630 37 API calls _Strcoll 96432->96481 96434 2b45b02cb12 96436 2b45b02d21a 96434->96436 96437 2b45b02cb21 96434->96437 96495 2b45b004110 37 API calls 96436->96495 96482 2b45afced70 7 API calls __std_exception_destroy 96437->96482 96438 2b45b02d2f1 Concurrency::cancel_current_task 96503 2b45b004110 37 API calls 96438->96503 96442 2b45b02d226 Concurrency::cancel_current_task 96496 2b45b004110 37 API calls 96442->96496 96443 2b45b02d30e Concurrency::cancel_current_task 96504 2b45b004110 37 API calls 96443->96504 96446 2b45b02d32b Concurrency::cancel_current_task 96447 2b45b02d243 Concurrency::cancel_current_task 96497 2b45b00a710 37 API calls 96447->96497 96498 2b45b004110 37 API calls 96449->96498 96451 2b45b00b685 96450->96451 96452 2b45b00b610 96450->96452 96454 2b45b00b6f7 96451->96454 96455 2b45b00b68f 96451->96455 96453 2b45afe0fb0 37 API calls 96452->96453 96457 2b45b00b635 96453->96457 96456 2b45afe0fb0 37 API calls 96454->96456 96458 2b45b00b6c4 96455->96458 96459 2b45b00b69d 96455->96459 96460 2b45b00b71c 96456->96460 96461 2b45afe0fb0 37 API calls 96457->96461 96505 2b45b00e4b0 37 API calls 2 library calls 96458->96505 96462 2b45afe0fb0 37 API calls 96459->96462 96464 2b45afe0fb0 37 API calls 96460->96464 96465 2b45b00b671 96461->96465 96466 2b45b00b6b6 96462->96466 96467 2b45b00b759 96464->96467 96465->96381 96466->96381 96467->96381 96469 2b45b00a835 96468->96469 96470 2b45b00a868 96469->96470 96471 2b45b00a911 96469->96471 96476 2b45b00a8c0 96469->96476 96473 2b45b04cb98 std::_Facet_Register 37 API calls 96470->96473 96506 2b45afcb890 37 API calls 96471->96506 96474 2b45b00a88c 96473->96474 96477 2b45afdfe50 37 API calls 96474->96477 96476->96391 96478 2b45b00a8a8 96477->96478 96479 2b45afe0840 37 API calls 96478->96479 96479->96476 96480->96432 96481->96434 96482->96378 96483->96398 96484->96403 96485->96378 96486->96396 96487->96404 96488->96378 96489->96420 96490->96426 96491->96378 96492->96405 96493->96410 96494->96378 96495->96442 96496->96447 96497->96449 96498->96415 96499->96422 96500->96427 96501->96429 96502->96438 96503->96443 96504->96446 96505->96466 96507 2b45b02662b 96508 2b45b026651 96507->96508 96527 2b45b02663c 96507->96527 96509 2b45b02665a 96508->96509 96523 2b45b02681f 96508->96523 96511 2b45afdfc80 37 API calls 96509->96511 96526 2b45b0266b2 96509->96526 96510 2b45b0268cf 96514 2b45b0270b0 37 API calls 96510->96514 96511->96526 96512 2b45b04cb70 _Strcoll 3 API calls 96513 2b45b026f13 96512->96513 96516 2b45b0268e8 96514->96516 96515 2b45b0270b0 37 API calls 96515->96523 96518 2b45b0265d0 3 API calls 96516->96518 96517 2b45b026782 96521 2b45b0270b0 37 API calls 96517->96521 96518->96527 96519 2b45b0265d0 3 API calls 96519->96523 96520 2b45b0270b0 37 API calls 96520->96526 96522 2b45b0267bb 96521->96522 96525 2b45b0265d0 3 API calls 96522->96525 96523->96510 96523->96515 96523->96519 96525->96527 96526->96517 96526->96520 96528 2b45b0265d0 96526->96528 96527->96512 96529 2b45b026600 96528->96529 96530 2b45b04cb70 _Strcoll 3 API calls 96529->96530 96531 2b45b026f13 96530->96531 96531->96526 96532 2b45b026929 96533 2b45b026954 96532->96533 96534 2b45b02693f 96532->96534 96536 2b45b026b20 96533->96536 96539 2b45b02695d 96533->96539 96540 2b45b04cb70 _Strcoll 3 API calls 96534->96540 96535 2b45b026b89 96538 2b45b0265d0 3 API calls 96535->96538 96536->96535 96541 2b45b0265d0 3 API calls 96536->96541 96537 2b45b026aaa 96545 2b45b0265d0 3 API calls 96537->96545 96538->96534 96543 2b45afe5b00 37 API calls 96539->96543 96544 2b45b0269ba memcpy_s 96539->96544 96542 2b45b026f13 96540->96542 96541->96536 96543->96544 96544->96537 96546 2b45b0265d0 3 API calls 96544->96546 96545->96534 96546->96544 96547 2b45b0298ee 96552 2b45b02a1e0 96547->96552 96550 2b45b04cb70 _Strcoll 3 API calls 96551 2b45b02992b 96550->96551 96553 2b45b02a206 96552->96553 96554 2b45b02a232 96553->96554 96555 2b45b00b010 37 API calls 96553->96555 96556 2b45b02abc0 37 API calls 96554->96556 96555->96554 96558 2b45b02a297 96556->96558 96557 2b45b0298f6 96557->96550 96558->96557 96559 2b45afe5990 37 API calls 96558->96559 96560 2b45b02abc0 37 API calls 96558->96560 96559->96558 96560->96558 96561 2b45b019b50 96562 2b45b019b80 96561->96562 96563 2b45b0598c0 43 API calls 96562->96563 96564 2b45b019b99 96563->96564 96565 2b45b04cb70 _Strcoll 3 API calls 96564->96565 96566 2b45b019bd6 96565->96566 96567 2b45afe1795 96568 2b45b04cb98 std::_Facet_Register 37 API calls 96567->96568 96569 2b45afe17a7 96568->96569 96570 2b45b04cb98 std::_Facet_Register 37 API calls 96569->96570 96571 2b45afe17d6 96570->96571 96576 2b45aff8140 96571->96576 96574 2b45b04cb70 _Strcoll 3 API calls 96575 2b45afe1a33 96574->96575 96577 2b45aff8172 96576->96577 96587 2b45afe17fc 96576->96587 96578 2b45b04cb98 std::_Facet_Register 37 API calls 96577->96578 96579 2b45aff818d 96578->96579 96580 2b45afdfe50 37 API calls 96579->96580 96581 2b45aff81ab 96580->96581 96588 2b45afe1730 96581->96588 96584 2b45aff8140 37 API calls 96585 2b45aff81ff 96584->96585 96586 2b45aff8140 37 API calls 96585->96586 96586->96587 96587->96574 96589 2b45afe177e 96588->96589 96590 2b45b04cb70 _Strcoll 3 API calls 96589->96590 96591 2b45afe1a33 96590->96591 96591->96584

                                                                                        Executed Functions

                                                                                        Function 000002B45B01FB30 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                                                        • String ID:
                                                                                        • API String ID: 3214587331-3916222277
                                                                                        • Opcode ID: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                                                                        • Instruction ID: e84091af3fdde68629ad955de16c150382d7531b281a71d6a09d306c20e67dc2
                                                                                        • Opcode Fuzzy Hash: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                                                                        • Instruction Fuzzy Hash: 88B110B2214FC086E774EF21E89839AB7A5F799B80F808515DE8943B5ADF7CC185CB50
                                                                                        Function 000002B45B0598C0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 40 2b45b0598c0-2b45b059900 41 2b45b059915-2b45b05991e 40->41 42 2b45b059902-2b45b059909 40->42 44 2b45b05993a-2b45b05993c 41->44 45 2b45b059920-2b45b059923 41->45 42->41 43 2b45b05990b-2b45b059910 42->43 49 2b45b059b94-2b45b059bba call 2b45b04cb70 43->49 47 2b45b059b92 44->47 48 2b45b059942-2b45b059946 44->48 45->44 46 2b45b059925-2b45b05992d 45->46 50 2b45b059933-2b45b059936 46->50 51 2b45b05992f-2b45b059931 46->51 47->49 53 2b45b059a1d-2b45b059a44 call 2b45b059c94 48->53 54 2b45b05994c-2b45b05994f 48->54 50->44 51->44 51->50 64 2b45b059a66-2b45b059a6f 53->64 65 2b45b059a46-2b45b059a4f 53->65 57 2b45b059951-2b45b059959 54->57 58 2b45b059963-2b45b059975 GetFileAttributesExW 54->58 57->58 60 2b45b05995b-2b45b05995d 57->60 61 2b45b0599c8-2b45b0599d7 58->61 62 2b45b059977-2b45b059980 call 2b45b072160 58->62 60->53 60->58 63 2b45b0599db-2b45b0599dd 61->63 62->49 77 2b45b059986-2b45b059998 FindFirstFileW 62->77 67 2b45b0599e9-2b45b059a17 63->67 68 2b45b0599df-2b45b0599e7 63->68 72 2b45b059a75-2b45b059a8d GetFileInformationByHandleEx 64->72 73 2b45b059b23-2b45b059b2c 64->73 69 2b45b059a51-2b45b059a59 call 2b45b072138 65->69 70 2b45b059a5f-2b45b059a61 65->70 67->47 67->53 68->53 68->67 69->70 95 2b45b059bd5-2b45b059bda call 2b45b037bc4 69->95 70->49 78 2b45b059ab5-2b45b059ace 72->78 79 2b45b059a8f-2b45b059a9b call 2b45b072160 72->79 74 2b45b059b7b-2b45b059b7d 73->74 75 2b45b059b2e-2b45b059b42 GetFileInformationByHandleEx 73->75 87 2b45b059bbb-2b45b059bbf 74->87 88 2b45b059b7f-2b45b059b83 74->88 81 2b45b059b68-2b45b059b78 75->81 82 2b45b059b44-2b45b059b50 call 2b45b072160 75->82 85 2b45b05999a-2b45b0599a0 call 2b45b072160 77->85 86 2b45b0599a5-2b45b0599c6 FindClose 77->86 78->73 83 2b45b059ad0-2b45b059ad4 78->83 99 2b45b059a9d-2b45b059aa8 call 2b45b072138 79->99 100 2b45b059aae-2b45b059ab0 79->100 81->74 82->100 110 2b45b059b56-2b45b059b61 call 2b45b072138 82->110 93 2b45b059ad6-2b45b059af0 GetFileInformationByHandleEx 83->93 94 2b45b059b1c 83->94 85->49 86->63 91 2b45b059bc1-2b45b059bcc call 2b45b072138 87->91 92 2b45b059bce-2b45b059bd3 87->92 88->47 97 2b45b059b85-2b45b059b90 call 2b45b072138 88->97 91->92 91->95 92->49 104 2b45b059b13-2b45b059b1a 93->104 105 2b45b059af2-2b45b059afe call 2b45b072160 93->105 101 2b45b059b20 94->101 117 2b45b059bdb-2b45b059be0 call 2b45b037bc4 95->117 97->47 97->95 99->100 118 2b45b059be7-2b45b059bef call 2b45b037bc4 99->118 100->49 101->73 104->101 105->100 120 2b45b059b00-2b45b059b0b call 2b45b072138 105->120 124 2b45b059be1-2b45b059be6 call 2b45b037bc4 110->124 125 2b45b059b63 110->125 117->124 120->117 131 2b45b059b11 120->131 124->118 125->100 131->100
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                                        • String ID:
                                                                                        • API String ID: 2398595512-0
                                                                                        • Opcode ID: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                                        • Instruction ID: 286ac6364bfc674fed1b48c137ada84eb3b6c5d184a2fca05a0254d6ebca53dc
                                                                                        • Opcode Fuzzy Hash: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                                                                        • Instruction Fuzzy Hash: 449171B1310E4147FE74AF25A4C87697391E7A6FB0F948710DAB647AE6DB38C841CB60
                                                                                        Function 000002B45B021660 Relevance: 26.6, APIs: 4, Strings: 10, Instructions: 2133timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InformationTimeZone
                                                                                        • String ID: %d-%m-%Y, %H:%M:%S$[UTC$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                                        • API String ID: 565725191-1610854563
                                                                                        • Opcode ID: 0dd1e5c6ffcfe042f98f50cea33d590f3970540244b4691ecc6062fd750dda19
                                                                                        • Instruction ID: e3bf78f859f38f283e9e466c80b525f7e12182f904f25c02374f21c8b3390e7f
                                                                                        • Opcode Fuzzy Hash: 0dd1e5c6ffcfe042f98f50cea33d590f3970540244b4691ecc6062fd750dda19
                                                                                        • Instruction Fuzzy Hash: F5238F73614FC08ADB21DF64D8843DD77A1F7A9B98F905216EA9D07B9ADB78C284C700
                                                                                        Function 000002B45B021FF0 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1516COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                                                                        • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                                        • API String ID: 2509368203-1182675529
                                                                                        • Opcode ID: 0edf946aa031858e22f84dec9932a38a9ea07152ae512ed7bca355d0ac67b43f
                                                                                        • Instruction ID: be911f56578260d5393e18eb992000ebd04bac022d131908221e6823fb892804
                                                                                        • Opcode Fuzzy Hash: 0edf946aa031858e22f84dec9932a38a9ea07152ae512ed7bca355d0ac67b43f
                                                                                        • Instruction Fuzzy Hash: 79F27073614FC08ADB21DF64D8943DD77A1F799B98F805216EA9D07BAADB78C284C700
                                                                                        Function 000002B45AFDB820 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1195 2b45afdb820-2b45afdb91f LoadLibraryA 1196 2b45afdc7e0-2b45afdc7ea 1195->1196 1197 2b45afdb925-2b45afdbce0 GetProcAddress * 6 1195->1197 1199 2b45afdc7ec-2b45afdc7ee 1196->1199 1200 2b45afdc7f9-2b45afdc7fc 1196->1200 1197->1196 1198 2b45afdbce6-2b45afdbce9 1197->1198 1198->1196 1201 2b45afdbcef-2b45afdbcf2 1198->1201 1199->1200 1202 2b45afdc7fe-2b45afdc801 FreeLibrary 1200->1202 1203 2b45afdc807-2b45afdc836 call 2b45b04cb70 1200->1203 1201->1196 1205 2b45afdbcf8-2b45afdbcfb 1201->1205 1202->1203 1205->1196 1208 2b45afdbd01-2b45afdbd04 1205->1208 1208->1196 1209 2b45afdbd0a-2b45afdbd0d 1208->1209 1209->1196 1210 2b45afdbd13-2b45afdbd21 1209->1210 1211 2b45afdbd25-2b45afdbd27 1210->1211 1211->1196 1212 2b45afdbd2d-2b45afdbd39 1211->1212 1212->1196 1213 2b45afdbd3f-2b45afdbd48 1212->1213 1214 2b45afdbd50-2b45afdbd6b 1213->1214 1216 2b45afdbd71-2b45afdbd8f 1214->1216 1217 2b45afdc7c7-2b45afdc7d3 1214->1217 1216->1217 1220 2b45afdbd95-2b45afdbda7 1216->1220 1217->1214 1218 2b45afdc7d9 1217->1218 1218->1196 1221 2b45afdc7b3-2b45afdc7c2 1220->1221 1222 2b45afdbdad 1220->1222 1221->1217 1223 2b45afdbdb2-2b45afdbe03 call 2b45b04cb98 1222->1223 1228 2b45afdc082 1223->1228 1229 2b45afdbe09-2b45afdbe10 1223->1229 1231 2b45afdc084-2b45afdc08b 1228->1231 1229->1228 1230 2b45afdbe16-2b45afdbf0f call 2b45b011bf0 call 2b45afe22d0 call 2b45afe25a0 1229->1230 1256 2b45afdbf10-2b45afdbf18 1230->1256 1233 2b45afdc301-2b45afdc33d 1231->1233 1234 2b45afdc091-2b45afdc098 1231->1234 1242 2b45afdc343-2b45afdc351 1233->1242 1243 2b45afdc5d7-2b45afdc5d9 1233->1243 1234->1233 1236 2b45afdc09e-2b45afdc18b call 2b45b011bf0 call 2b45afe22d0 call 2b45afe25a0 1234->1236 1268 2b45afdc192-2b45afdc19a 1236->1268 1244 2b45afdc5d0-2b45afdc5d3 1242->1244 1245 2b45afdc357-2b45afdc35e 1242->1245 1246 2b45afdc5df-2b45afdc708 call 2b45afe5330 call 2b45afdeda0 call 2b45afe5330 call 2b45afdeda0 call 2b45afe0fb0 call 2b45b04cb98 call 2b45aff9100 1243->1246 1247 2b45afdc785-2b45afdc79b call 2b45afde3a0 1243->1247 1244->1243 1250 2b45afdc5d5 1244->1250 1245->1244 1253 2b45afdc364-2b45afdc458 call 2b45b011bf0 call 2b45afe22d0 call 2b45afe25a0 1245->1253 1342 2b45afdc70a-2b45afdc70c 1246->1342 1343 2b45afdc714-2b45afdc727 call 2b45afe0840 1246->1343 1262 2b45afdbdb0 1247->1262 1263 2b45afdc7a1-2b45afdc7ac 1247->1263 1250->1243 1285 2b45afdc460-2b45afdc467 1253->1285 1256->1256 1261 2b45afdbf1a-2b45afdbf74 call 2b45afe5330 call 2b45afe3990 call 2b45afe0fb0 1256->1261 1291 2b45afdbf76-2b45afdbf87 1261->1291 1292 2b45afdbfa7-2b45afdbfd1 1261->1292 1262->1223 1263->1221 1268->1268 1272 2b45afdc19c-2b45afdc1f5 call 2b45afe5330 call 2b45afe3990 call 2b45afe0fb0 1268->1272 1307 2b45afdc228-2b45afdc252 1272->1307 1308 2b45afdc1f7-2b45afdc208 1272->1308 1285->1285 1289 2b45afdc469-2b45afdc4c2 call 2b45afe5330 call 2b45afe3990 call 2b45afe0fb0 1285->1289 1348 2b45afdc4c4-2b45afdc4d5 1289->1348 1349 2b45afdc4f5-2b45afdc51e 1289->1349 1296 2b45afdbfa2 call 2b45b04cb90 1291->1296 1297 2b45afdbf89-2b45afdbf9c 1291->1297 1300 2b45afdbfd3-2b45afdbfe7 1292->1300 1301 2b45afdc009-2b45afdc02f 1292->1301 1296->1292 1297->1296 1305 2b45afdc891-2b45afdc896 call 2b45b02fc0c 1297->1305 1310 2b45afdc002-2b45afdc007 call 2b45b04cb90 1300->1310 1311 2b45afdbfe9-2b45afdbffc 1300->1311 1303 2b45afdc031-2b45afdc045 1301->1303 1304 2b45afdc067-2b45afdc080 1301->1304 1318 2b45afdc060-2b45afdc065 call 2b45b04cb90 1303->1318 1319 2b45afdc047-2b45afdc05a 1303->1319 1304->1231 1323 2b45afdc897-2b45afdc89c call 2b45b02fc0c 1305->1323 1313 2b45afdc28a-2b45afdc2b0 1307->1313 1314 2b45afdc254-2b45afdc268 1307->1314 1320 2b45afdc223 call 2b45b04cb90 1308->1320 1321 2b45afdc20a-2b45afdc21d 1308->1321 1310->1301 1311->1310 1311->1323 1330 2b45afdc2b2-2b45afdc2c6 1313->1330 1331 2b45afdc2e8-2b45afdc2fa 1313->1331 1324 2b45afdc283-2b45afdc288 call 2b45b04cb90 1314->1324 1325 2b45afdc26a-2b45afdc27d 1314->1325 1318->1304 1319->1318 1329 2b45afdc89d-2b45afdc8a2 call 2b45b02fc0c 1319->1329 1320->1307 1321->1320 1334 2b45afdc8a3-2b45afdc8a8 call 2b45b02fc0c 1321->1334 1323->1329 1324->1313 1325->1324 1341 2b45afdc8a9-2b45afdc8ae call 2b45b02fc0c 1325->1341 1329->1334 1345 2b45afdc2e1-2b45afdc2e6 call 2b45b04cb90 1330->1345 1346 2b45afdc2c8-2b45afdc2db 1330->1346 1331->1233 1334->1341 1354 2b45afdc8af-2b45afdc8b4 call 2b45b02fc0c 1341->1354 1350 2b45afdc712 1342->1350 1351 2b45afdc83d-2b45afdc88a call 2b45afe0a00 call 2b45afe4670 call 2b45afe4740 call 2b45b04f198 1342->1351 1363 2b45afdc72b-2b45afdc737 1343->1363 1345->1331 1346->1345 1346->1354 1360 2b45afdc4f0 call 2b45b04cb90 1348->1360 1361 2b45afdc4d7-2b45afdc4ea 1348->1361 1364 2b45afdc520-2b45afdc534 1349->1364 1365 2b45afdc554-2b45afdc57a 1349->1365 1350->1363 1391 2b45afdc88b-2b45afdc890 call 2b45b02fc0c 1351->1391 1369 2b45afdc8b5-2b45afdc8ba call 2b45b02fc0c 1354->1369 1360->1349 1361->1360 1361->1369 1374 2b45afdc75e-2b45afdc768 call 2b45afe9d50 1363->1374 1375 2b45afdc739-2b45afdc75c 1363->1375 1372 2b45afdc54f call 2b45b04cb90 1364->1372 1373 2b45afdc536-2b45afdc549 1364->1373 1377 2b45afdc5b0-2b45afdc5c9 1365->1377 1378 2b45afdc57c-2b45afdc590 1365->1378 1372->1365 1373->1372 1380 2b45afdc837-2b45afdc83c call 2b45b02fc0c 1373->1380 1382 2b45afdc76d-2b45afdc77e call 2b45afe0fb0 1374->1382 1375->1382 1377->1244 1385 2b45afdc592-2b45afdc5a5 1378->1385 1386 2b45afdc5ab call 2b45b04cb90 1378->1386 1380->1351 1382->1247 1385->1386 1385->1391 1386->1377 1391->1305
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Library$FreeLoad
                                                                                        • String ID: cannot use push_back() with $system$vault
                                                                                        • API String ID: 2449869053-1741236777
                                                                                        • Opcode ID: 29bb64fe588729a6dd7e9a1a634112c6195bb6beec1e71e03033c135bde283d8
                                                                                        • Instruction ID: 6a38a31696200aa61e89a15b6905b0b47f4cb47fcb494c609edbc939ab36ca42
                                                                                        • Opcode Fuzzy Hash: 29bb64fe588729a6dd7e9a1a634112c6195bb6beec1e71e03033c135bde283d8
                                                                                        • Instruction Fuzzy Hash: 9C923772205FC48ADB719F29E8883DD73A4F799798F504216DA9C5BB9AEF74C684C300
                                                                                        Function 000002B45B016480 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173synchronizationCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1480 2b45b016480-2b45b0164a2 call 2b45b019760 1483 2b45b0164a4-2b45b0164cd call 2b45b019aa0 call 2b45b024740 call 2b45afdfb00 ExitProcess 1480->1483 1484 2b45b0164ce-2b45b016580 call 2b45b025970 * 2 call 2b45b021ff0 call 2b45b016eb0 1480->1484 1483->1484 1499 2b45b0165b4-2b45b0165eb OpenMutexA 1484->1499 1500 2b45b016582-2b45b016594 1484->1500 1503 2b45b0165f9-2b45b016630 CreateMutexA call 2b45b0109f0 call 2b45b019be0 1499->1503 1504 2b45b0165ed-2b45b0165f8 ExitProcess 1499->1504 1501 2b45b016596-2b45b0165a9 1500->1501 1502 2b45b0165af call 2b45b04cb90 1500->1502 1501->1502 1505 2b45b016746-2b45b01674b call 2b45b02fc0c 1501->1505 1502->1499 1515 2b45b01663e-2b45b0166a1 call 2b45b0222f0 call 2b45afdb820 call 2b45afdc8c0 call 2b45afdcf60 call 2b45afddc90 call 2b45afdacc0 call 2b45b000d70 call 2b45b003a60 call 2b45afd1100 call 2b45afd9090 call 2b45afd7940 call 2b45b0170e0 call 2b45afda1f0 call 2b45afd5a90 call 2b45afd2e30 call 2b45afd5d60 call 2b45b01e9f0 1503->1515 1516 2b45b016632-2b45b01663d ExitProcess 1503->1516 1504->1503 1512 2b45b01674c-2b45b016751 call 2b45b02fc0c 1505->1512 1553 2b45b0166a6-2b45b0166b6 call 2b45b015a80 1515->1553 1516->1515 1557 2b45b0166b8-2b45b0166c4 ReleaseMutex call 2b45b072138 1553->1557 1558 2b45b0166ca-2b45b0166d1 1553->1558 1557->1558 1559 2b45b0166d9-2b45b0166e5 1558->1559 1560 2b45b0166d3-2b45b0166d8 call 2b45b016760 1558->1560 1563 2b45b016715-2b45b016745 call 2b45b04cb70 1559->1563 1564 2b45b0166e7-2b45b0166f9 1559->1564 1560->1559 1566 2b45b0166fb-2b45b01670e 1564->1566 1567 2b45b016710 call 2b45b04cb90 1564->1567 1566->1512 1566->1567 1567->1563
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
                                                                                        • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                                        • API String ID: 470559343-3768118664
                                                                                        • Opcode ID: 782d380b29ac7723b8536a50f4b201a6bd666a22727d19413264e9f9b1f80c53
                                                                                        • Instruction ID: 408ab38d3be1ff52f76aec4ddbecae3baf3199d951d6de8d60718c734901e04a
                                                                                        • Opcode Fuzzy Hash: 782d380b29ac7723b8536a50f4b201a6bd666a22727d19413264e9f9b1f80c53
                                                                                        • Instruction Fuzzy Hash: 316192A2114E8083FA35BF64E8DD39EB350FBA5B94FD04515EA9D42BDBDF28C0458720
                                                                                        Function 000002B45B04114C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1571 2b45b04114c-2b45b041187 call 2b45b0407e8 call 2b45b0407f0 call 2b45b040858 1578 2b45b0413b1-2b45b0413fd call 2b45b02fc3c call 2b45b0407e8 call 2b45b0407f0 call 2b45b040858 1571->1578 1579 2b45b04118d-2b45b041198 call 2b45b0407f8 1571->1579 1605 2b45b04153b-2b45b0415a9 call 2b45b02fc3c call 2b45b049d94 1578->1605 1606 2b45b041403-2b45b04140e call 2b45b0407f8 1578->1606 1579->1578 1585 2b45b04119e-2b45b0411a8 1579->1585 1587 2b45b0411ca-2b45b0411ce 1585->1587 1588 2b45b0411aa-2b45b0411ad 1585->1588 1590 2b45b0411d1-2b45b0411d9 1587->1590 1589 2b45b0411b0-2b45b0411bb 1588->1589 1592 2b45b0411c6-2b45b0411c8 1589->1592 1593 2b45b0411bd-2b45b0411c4 1589->1593 1590->1590 1594 2b45b0411db-2b45b0411ee call 2b45b03dedc 1590->1594 1592->1587 1596 2b45b0411f7-2b45b041205 1592->1596 1593->1589 1593->1592 1601 2b45b041206-2b45b041212 call 2b45b03b550 1594->1601 1602 2b45b0411f0-2b45b0411f2 call 2b45b03b550 1594->1602 1612 2b45b041219-2b45b041221 1601->1612 1602->1596 1624 2b45b0415ab-2b45b0415b2 1605->1624 1625 2b45b0415b7-2b45b0415ba 1605->1625 1606->1605 1615 2b45b041414-2b45b04141f call 2b45b040828 1606->1615 1612->1612 1616 2b45b041223-2b45b041234 call 2b45b0462e8 1612->1616 1615->1605 1623 2b45b041425-2b45b041448 call 2b45b03b550 GetTimeZoneInformation 1615->1623 1616->1578 1626 2b45b04123a-2b45b041290 call 2b45b05f960 * 4 call 2b45b041068 1616->1626 1637 2b45b041510-2b45b04153a call 2b45b0407e0 call 2b45b0407d0 call 2b45b0407d8 1623->1637 1638 2b45b04144e-2b45b04146f 1623->1638 1628 2b45b041647-2b45b04164a 1624->1628 1630 2b45b0415f1-2b45b041604 call 2b45b03dedc 1625->1630 1631 2b45b0415bc 1625->1631 1683 2b45b041292-2b45b041296 1626->1683 1634 2b45b0415bf call 2b45b0413c8 1628->1634 1635 2b45b041650-2b45b041658 call 2b45b04114c 1628->1635 1649 2b45b041606 1630->1649 1650 2b45b04160f-2b45b04162a call 2b45b049d94 1630->1650 1631->1634 1647 2b45b0415c4-2b45b0415f0 call 2b45b03b550 call 2b45b04cb70 1634->1647 1635->1647 1643 2b45b04147a-2b45b041481 1638->1643 1644 2b45b041471-2b45b041477 1638->1644 1653 2b45b041495 1643->1653 1654 2b45b041483-2b45b04148b 1643->1654 1644->1643 1651 2b45b041608-2b45b04160d call 2b45b03b550 1649->1651 1666 2b45b041631-2b45b041643 call 2b45b03b550 1650->1666 1667 2b45b04162c-2b45b04162f 1650->1667 1651->1631 1662 2b45b041497-2b45b04150b call 2b45b05f960 * 4 call 2b45b044cb4 call 2b45b041660 * 2 1653->1662 1654->1653 1660 2b45b04148d-2b45b041493 1654->1660 1660->1662 1662->1637 1666->1628 1667->1651 1685 2b45b041298 1683->1685 1686 2b45b04129c-2b45b0412a0 1683->1686 1685->1686 1686->1683 1688 2b45b0412a2-2b45b0412c7 call 2b45b033f10 1686->1688 1695 2b45b0412ca-2b45b0412ce 1688->1695 1697 2b45b0412d0-2b45b0412db 1695->1697 1698 2b45b0412dd-2b45b0412e1 1695->1698 1697->1698 1700 2b45b0412e3-2b45b0412e7 1697->1700 1698->1695 1702 2b45b041368-2b45b04136c 1700->1702 1703 2b45b0412e9-2b45b041311 call 2b45b033f10 1700->1703 1704 2b45b041373-2b45b041380 1702->1704 1705 2b45b04136e-2b45b041370 1702->1705 1711 2b45b041313 1703->1711 1712 2b45b04132f-2b45b041333 1703->1712 1707 2b45b04139b-2b45b0413aa call 2b45b0407e0 call 2b45b0407d0 1704->1707 1708 2b45b041382-2b45b041398 call 2b45b041068 1704->1708 1705->1704 1707->1578 1708->1707 1715 2b45b041316-2b45b04131d 1711->1715 1712->1702 1717 2b45b041335-2b45b041353 call 2b45b033f10 1712->1717 1715->1712 1718 2b45b04131f-2b45b04132d 1715->1718 1723 2b45b04135f-2b45b041366 1717->1723 1718->1712 1718->1715 1723->1702 1724 2b45b041355-2b45b041359 1723->1724 1724->1702 1725 2b45b04135b 1724->1725 1725->1723
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                        • API String ID: 355007559-239921721
                                                                                        • Opcode ID: 7c59d7ccbe5d7300b5b7a10bdfa8df02b94e7a90d3a9da5a0b2f52bbfcd600ed
                                                                                        • Instruction ID: 075b949041f6a59d36b195aaaaa63c54d672026e3a415e6d8e78d9cdce7f1341
                                                                                        • Opcode Fuzzy Hash: 7c59d7ccbe5d7300b5b7a10bdfa8df02b94e7a90d3a9da5a0b2f52bbfcd600ed
                                                                                        • Instruction Fuzzy Hash: 4ED1C2A6600A409BE730FF26D4D93A97B61F764F84FD48126EE4947AD7EB38C441C760
                                                                                        Function 000002B45B01F200 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1726 2b45b01f200-2b45b01f39e 1727 2b45b01f3a0-2b45b01f3a7 1726->1727 1727->1727 1728 2b45b01f3a9-2b45b01f3dc call 2b45afe5330 InternetOpenA 1727->1728 1731 2b45b01f475-2b45b01f48c 1728->1731 1732 2b45b01f3e2-2b45b01f3f8 1728->1732 1734 2b45b01f48e 1731->1734 1735 2b45b01f491-2b45b01f4b8 InternetOpenUrlA 1731->1735 1733 2b45b01f400-2b45b01f408 1732->1733 1738 2b45b01f40a-2b45b01f41b 1733->1738 1739 2b45b01f43b-2b45b01f474 call 2b45b04cb70 1733->1739 1734->1735 1736 2b45b01f4ba-2b45b01f4e4 1735->1736 1737 2b45b01f4e9-2b45b01f514 HttpQueryInfoW 1735->1737 1736->1733 1740 2b45b01f516-2b45b01f54a 1737->1740 1741 2b45b01f54f-2b45b01f5aa HttpQueryInfoW 1737->1741 1742 2b45b01f436 call 2b45b04cb90 1738->1742 1743 2b45b01f41d-2b45b01f430 1738->1743 1740->1741 1748 2b45b01f5d8-2b45b01f5ee InternetQueryDataAvailable 1741->1748 1749 2b45b01f5ac-2b45b01f5c2 call 2b45b033f10 1741->1749 1742->1739 1743->1742 1746 2b45b01f875-2b45b01f87a call 2b45b02fc0c 1743->1746 1759 2b45b01f87b-2b45b01f880 call 2b45afcb7b0 1746->1759 1752 2b45b01f5f4-2b45b01f5f9 1748->1752 1753 2b45b01f7d3-2b45b01f826 InternetCloseHandle 1748->1753 1749->1748 1763 2b45b01f5c4-2b45b01f5d3 call 2b45afe51e0 1749->1763 1757 2b45b01f600-2b45b01f606 1752->1757 1762 2b45b01f82f-2b45b01f838 1753->1762 1757->1753 1760 2b45b01f60c-2b45b01f626 1757->1760 1766 2b45b01f628-2b45b01f62e 1760->1766 1767 2b45b01f699-2b45b01f6b1 InternetReadFile 1760->1767 1762->1739 1768 2b45b01f83e-2b45b01f84f 1762->1768 1763->1748 1773 2b45b01f65c-2b45b01f65f call 2b45b04cb98 1766->1773 1774 2b45b01f630-2b45b01f637 1766->1774 1770 2b45b01f6b7-2b45b01f6bc 1767->1770 1771 2b45b01f78d-2b45b01f794 1767->1771 1768->1742 1775 2b45b01f855-2b45b01f868 1768->1775 1770->1771 1776 2b45b01f6c2-2b45b01f6cd 1770->1776 1771->1753 1777 2b45b01f796-2b45b01f7a7 1771->1777 1786 2b45b01f664-2b45b01f694 call 2b45b05f960 1773->1786 1774->1759 1778 2b45b01f63d-2b45b01f648 call 2b45b04cb98 1774->1778 1775->1746 1780 2b45b01f86a 1775->1780 1781 2b45b01f6ff-2b45b01f719 call 2b45afe5cb0 1776->1781 1782 2b45b01f6cf-2b45b01f6fd call 2b45b05f2c0 1776->1782 1783 2b45b01f7a9-2b45b01f7bc 1777->1783 1784 2b45b01f7c2-2b45b01f7cf call 2b45b04cb90 1777->1784 1788 2b45b01f86f-2b45b01f874 call 2b45b02fc0c 1778->1788 1798 2b45b01f64e-2b45b01f65a 1778->1798 1780->1742 1800 2b45b01f71a-2b45b01f721 1781->1800 1782->1800 1783->1784 1783->1788 1784->1753 1786->1767 1788->1746 1798->1786 1801 2b45b01f764 1800->1801 1802 2b45b01f723-2b45b01f734 1800->1802 1803 2b45b01f766-2b45b01f77c InternetQueryDataAvailable 1801->1803 1804 2b45b01f736-2b45b01f749 1802->1804 1805 2b45b01f74f-2b45b01f762 call 2b45b04cb90 1802->1805 1803->1753 1806 2b45b01f77e-2b45b01f788 1803->1806 1804->1788 1804->1805 1805->1803 1806->1757
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                                                                        • String ID:
                                                                                        • API String ID: 1475545111-0
                                                                                        • Opcode ID: 21f0a994e3c7b07007afd14c1e7407b7e66aed596d6a0d2b4b5656aaf2c13836
                                                                                        • Instruction ID: 04f872313dd5fbd62ef0c4ce787075ba95e9d484dc217cb13c80fb762b99a0f6
                                                                                        • Opcode Fuzzy Hash: 21f0a994e3c7b07007afd14c1e7407b7e66aed596d6a0d2b4b5656aaf2c13836
                                                                                        • Instruction Fuzzy Hash: 89029E72A14F9486EB20DF69E88439E77B4F795B98F604215EE9C57B9ADF38C080C710
                                                                                        Function 000002B45B05E968 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1809 2b45b05e968-2b45b05e9db call 2b45b05e54c 1812 2b45b05e9f5-2b45b05e9ff call 2b45b04397c 1809->1812 1813 2b45b05e9dd-2b45b05e9e6 call 2b45b0340ac 1809->1813 1818 2b45b05ea1a-2b45b05ea83 CreateFileW 1812->1818 1819 2b45b05ea01-2b45b05ea18 call 2b45b0340ac call 2b45b0340cc 1812->1819 1820 2b45b05e9e9-2b45b05e9f0 call 2b45b0340cc 1813->1820 1822 2b45b05ea85-2b45b05ea8b 1818->1822 1823 2b45b05eb00-2b45b05eb0b GetFileType 1818->1823 1819->1820 1837 2b45b05ed36-2b45b05ed56 1820->1837 1828 2b45b05eacd-2b45b05eafb call 2b45b072160 call 2b45b034040 1822->1828 1829 2b45b05ea8d-2b45b05ea91 1822->1829 1825 2b45b05eb5e-2b45b05eb65 1823->1825 1826 2b45b05eb0d-2b45b05eb48 call 2b45b072160 call 2b45b034040 call 2b45b072138 1823->1826 1834 2b45b05eb67-2b45b05eb6b 1825->1834 1835 2b45b05eb6d-2b45b05eb70 1825->1835 1826->1820 1856 2b45b05eb4e-2b45b05eb59 call 2b45b0340cc 1826->1856 1828->1820 1829->1828 1833 2b45b05ea93-2b45b05eacb CreateFileW 1829->1833 1833->1823 1833->1828 1840 2b45b05eb76-2b45b05ebcb call 2b45b043894 1834->1840 1835->1840 1842 2b45b05eb72 1835->1842 1849 2b45b05ebea-2b45b05ec1b call 2b45b05e2cc 1840->1849 1850 2b45b05ebcd-2b45b05ebd9 call 2b45b05e754 1840->1850 1842->1840 1860 2b45b05ec21-2b45b05ec63 1849->1860 1861 2b45b05ec1d-2b45b05ec1f 1849->1861 1850->1849 1858 2b45b05ebdb 1850->1858 1856->1820 1862 2b45b05ebdd-2b45b05ebe5 call 2b45b03b6c8 1858->1862 1864 2b45b05ec85-2b45b05ec90 1860->1864 1865 2b45b05ec65-2b45b05ec69 1860->1865 1861->1862 1862->1837 1866 2b45b05ec96-2b45b05ec9a 1864->1866 1867 2b45b05ed34 1864->1867 1865->1864 1869 2b45b05ec6b-2b45b05ec80 1865->1869 1866->1867 1870 2b45b05eca0-2b45b05ece5 call 2b45b072138 CreateFileW 1866->1870 1867->1837 1869->1864 1874 2b45b05ed1a-2b45b05ed2f 1870->1874 1875 2b45b05ece7-2b45b05ed15 call 2b45b072160 call 2b45b034040 call 2b45b043abc 1870->1875 1874->1867 1875->1874
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                        • String ID:
                                                                                        • API String ID: 1617910340-0
                                                                                        • Opcode ID: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                                        • Instruction ID: 6c60d7a50310d6954293a7337b09cd7d4299e4aa422918796cd7da5ef2f218d4
                                                                                        • Opcode Fuzzy Hash: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                                                                        • Instruction Fuzzy Hash: 32C1BEB2720E4086EB60EFA9C4D92AD3761F36AF98F415215DF5A5B7D6CB38C451C310
                                                                                        Function 000002B45B018F60 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1907 2b45b018f60-2b45b018fe5 call 2b45afce9a0 1910 2b45b018fe7-2b45b018fe9 1907->1910 1911 2b45b018ff1-2b45b018ff4 1907->1911 1912 2b45b018fef 1910->1912 1913 2b45b019700-2b45b019716 call 2b45afce0f0 1910->1913 1914 2b45b019007-2b45b019020 call 2b45b05f960 1911->1914 1915 2b45b018ff6-2b45b019002 1911->1915 1912->1915 1922 2b45b019717-2b45b01971c call 2b45b02fc0c 1913->1922 1924 2b45b019025-2b45b01908b call 2b45b0291d0 1914->1924 1925 2b45b019022 1914->1925 1917 2b45b01967f-2b45b0196ab call 2b45b04cb70 1915->1917 1932 2b45b01971d-2b45b019751 call 2b45afcba80 call 2b45afccc70 call 2b45b04f198 1922->1932 1930 2b45b019485-2b45b0194bf call 2b45aff4da0 call 2b45aff4cc0 1924->1930 1931 2b45b019091-2b45b019099 1924->1931 1925->1924 1946 2b45b0194de-2b45b019548 call 2b45aff4da0 call 2b45b0276a0 1930->1946 1947 2b45b0194c1-2b45b0194d2 call 2b45afe51e0 1930->1947 1934 2b45b01909b 1931->1934 1935 2b45b01909e call 2b45b023b30 1931->1935 1934->1935 1941 2b45b0190a3-2b45b0190c1 call 2b45b023cf0 1935->1941 1952 2b45b0190c7-2b45b0190dd 1941->1952 1953 2b45b01919c-2b45b0191b6 GetFileSize 1941->1953 1973 2b45b01954d-2b45b01956c 1946->1973 1957 2b45b0194d7 1947->1957 1959 2b45b0190df-2b45b0190f3 1952->1959 1960 2b45b019113-2b45b019197 call 2b45aff19c0 1952->1960 1955 2b45b0191b8-2b45b0191db 1953->1955 1956 2b45b0191dd-2b45b0191f3 1953->1956 1962 2b45b019242-2b45b01928b SetFilePointer ReadFile 1955->1962 1963 2b45b019225-2b45b01923d call 2b45afe5b00 1956->1963 1964 2b45b0191f5-2b45b019223 call 2b45b05f960 1956->1964 1957->1946 1966 2b45b0190f5-2b45b019108 1959->1966 1967 2b45b01910e call 2b45b04cb90 1959->1967 1975 2b45b01966b-2b45b01967a call 2b45b05ac3c 1960->1975 1971 2b45b019291-2b45b0192e3 1962->1971 1972 2b45b0193a2-2b45b0193c6 1962->1972 1963->1962 1964->1962 1966->1922 1966->1967 1967->1960 1984 2b45b0192e5-2b45b0192f9 1971->1984 1985 2b45b019319-2b45b01939d call 2b45aff19c0 1971->1985 1982 2b45b0193c8-2b45b0193dc 1972->1982 1983 2b45b0193fc-2b45b019480 call 2b45aff19c0 1972->1983 1973->1932 1977 2b45b019572-2b45b01957e call 2b45aff2080 1973->1977 1975->1917 1993 2b45b0195ad-2b45b019667 call 2b45aff19c0 1977->1993 1994 2b45b019580-2b45b0195a7 1977->1994 1988 2b45b0193f7 call 2b45b04cb90 1982->1988 1989 2b45b0193de-2b45b0193f1 1982->1989 1983->1975 1991 2b45b019314 call 2b45b04cb90 1984->1991 1992 2b45b0192fb-2b45b01930e 1984->1992 1985->1975 1988->1983 1989->1922 1989->1988 1991->1985 1992->1922 1992->1991 1993->1975 1994->1993 1995 2b45b0196ac-2b45b0196af 1994->1995 2002 2b45b0196ba-2b45b0196cb 1995->2002 2003 2b45b0196b1-2b45b0196b8 1995->2003 2004 2b45b0196cf-2b45b0196ff call 2b45afcba80 call 2b45afccc70 call 2b45b04f198 2002->2004 2003->2004 2004->1913
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$PointerReadSize
                                                                                        • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                        • API String ID: 404940565-15404121
                                                                                        • Opcode ID: 298d008676232b06471bdd186e2a9360a47126fbb1c4607c87d28e5657c7adae
                                                                                        • Instruction ID: 509506ac6d78cd65d702d13b3eda7d0e623e0ca4a86b100fad8459f65c7ad0e4
                                                                                        • Opcode Fuzzy Hash: 298d008676232b06471bdd186e2a9360a47126fbb1c4607c87d28e5657c7adae
                                                                                        • Instruction Fuzzy Hash: DA320472614BC48AEB30DF24D8C83DD37A1F795B88F908226DA4D57BAAEB74C645C710
                                                                                        Function 000002B45B0413C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2129 2b45b0413c8-2b45b0413fd call 2b45b0407e8 call 2b45b0407f0 call 2b45b040858 2136 2b45b04153b-2b45b0415a9 call 2b45b02fc3c call 2b45b049d94 2129->2136 2137 2b45b041403-2b45b04140e call 2b45b0407f8 2129->2137 2149 2b45b0415ab-2b45b0415b2 2136->2149 2150 2b45b0415b7-2b45b0415ba 2136->2150 2137->2136 2143 2b45b041414-2b45b04141f call 2b45b040828 2137->2143 2143->2136 2148 2b45b041425-2b45b041448 call 2b45b03b550 GetTimeZoneInformation 2143->2148 2159 2b45b041510-2b45b04153a call 2b45b0407e0 call 2b45b0407d0 call 2b45b0407d8 2148->2159 2160 2b45b04144e-2b45b04146f 2148->2160 2152 2b45b041647-2b45b04164a 2149->2152 2153 2b45b0415f1-2b45b041604 call 2b45b03dedc 2150->2153 2154 2b45b0415bc 2150->2154 2156 2b45b0415bf call 2b45b0413c8 2152->2156 2157 2b45b041650-2b45b041658 call 2b45b04114c 2152->2157 2169 2b45b041606 2153->2169 2170 2b45b04160f-2b45b04162a call 2b45b049d94 2153->2170 2154->2156 2167 2b45b0415c4-2b45b0415f0 call 2b45b03b550 call 2b45b04cb70 2156->2167 2157->2167 2164 2b45b04147a-2b45b041481 2160->2164 2165 2b45b041471-2b45b041477 2160->2165 2173 2b45b041495 2164->2173 2174 2b45b041483-2b45b04148b 2164->2174 2165->2164 2171 2b45b041608-2b45b04160d call 2b45b03b550 2169->2171 2184 2b45b041631-2b45b041643 call 2b45b03b550 2170->2184 2185 2b45b04162c-2b45b04162f 2170->2185 2171->2154 2180 2b45b041497-2b45b04150b call 2b45b05f960 * 4 call 2b45b044cb4 call 2b45b041660 * 2 2173->2180 2174->2173 2179 2b45b04148d-2b45b041493 2174->2179 2179->2180 2180->2159 2184->2152 2185->2171
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                        • API String ID: 3458911817-239921721
                                                                                        • Opcode ID: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
                                                                                        • Instruction ID: 31426c189b9ad7b5099870c2e9baa0efb638e309c45464eb4cbb59636922b5e0
                                                                                        • Opcode Fuzzy Hash: 94df1ec9e2384a72c79be9da220bb4aa566035efaa8ab6aaac74d351b0b15fee
                                                                                        • Instruction Fuzzy Hash: C751A4B6600E419BE730FF21E8C979A7760F768F84FD48126EA4947BA7DB38C4418760
                                                                                        Function 000002B45B03749C Relevance: 9.2, APIs: 6, Instructions: 227COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2206 2b45b03749c-2b45b0374b0 2207 2b45b0374cd-2b45b0374e4 2206->2207 2208 2b45b0374b2-2b45b0374be call 2b45b0340cc call 2b45b02fbec 2206->2208 2207->2208 2209 2b45b0374e6-2b45b0374ea 2207->2209 2219 2b45b0374c3 2208->2219 2211 2b45b0374fa-2b45b037507 2209->2211 2212 2b45b0374ec-2b45b0374f8 call 2b45b0340cc 2209->2212 2211->2212 2215 2b45b037509 call 2b45b0416e0 2211->2215 2212->2219 2220 2b45b03750e-2b45b037525 call 2b45b0407f8 2215->2220 2221 2b45b0374c5-2b45b0374cc 2219->2221 2224 2b45b03752b-2b45b037536 call 2b45b040828 2220->2224 2225 2b45b037783-2b45b03779b call 2b45b02fc3c 2220->2225 2224->2225 2230 2b45b03753c-2b45b037547 call 2b45b040858 2224->2230 2230->2225 2233 2b45b03754d-2b45b037564 2230->2233 2234 2b45b0375c6-2b45b0375d3 call 2b45b040b6c 2233->2234 2235 2b45b037566-2b45b03757f call 2b45b040b6c 2233->2235 2234->2221 2241 2b45b0375d9-2b45b0375df 2234->2241 2235->2221 2240 2b45b037585-2b45b037588 2235->2240 2244 2b45b03758e-2b45b037598 call 2b45b041724 2240->2244 2245 2b45b03777c-2b45b03777e 2240->2245 2242 2b45b0375fe 2241->2242 2243 2b45b0375e1-2b45b0375eb call 2b45b041724 2241->2243 2247 2b45b037602-2b45b03762f 2242->2247 2243->2242 2253 2b45b0375ed-2b45b0375fc 2243->2253 2244->2245 2256 2b45b03759e-2b45b0375b4 call 2b45b040b6c 2244->2256 2245->2221 2250 2b45b03763a-2b45b03767b 2247->2250 2251 2b45b037631-2b45b037638 2247->2251 2254 2b45b037687-2b45b0376d2 2250->2254 2255 2b45b03767d-2b45b037684 2250->2255 2251->2250 2253->2247 2258 2b45b0376d4-2b45b0376db 2254->2258 2259 2b45b0376de-2b45b0376f8 2254->2259 2255->2254 2256->2221 2263 2b45b0375ba-2b45b0375c1 2256->2263 2258->2259 2261 2b45b037725 2259->2261 2262 2b45b0376fa-2b45b037723 2259->2262 2261->2245 2264 2b45b037727-2b45b03775c 2261->2264 2262->2245 2263->2245 2265 2b45b037779 2264->2265 2266 2b45b03775e-2b45b037777 2264->2266 2265->2245 2266->2245
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1405656091-0
                                                                                        • Opcode ID: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                                                                        • Instruction ID: 80cc0c950ae1ff047c4422708fff70d5c2a02cd6fa6d60b662ca12397ce50fe2
                                                                                        • Opcode Fuzzy Hash: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                                                                        • Instruction Fuzzy Hash: 69810CF27007458BEB689F34C9C97BC37A5E764F88F449125DA094B787EB38D5418750
                                                                                        Function 000002B45B028B70 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2267 2b45b028b70-2b45b028bb5 2268 2b45b028bbb-2b45b028be5 call 2b45b05f960 2267->2268 2269 2b45b028e81-2b45b028ebb call 2b45b02c4d0 call 2b45b029610 2267->2269 2274 2b45b028be7-2b45b028bf0 2268->2274 2275 2b45b028bf4-2b45b028c2d call 2b45b004f50 call 2b45b02b600 call 2b45b029610 2268->2275 2278 2b45b028ec0-2b45b028ec6 2269->2278 2274->2275 2308 2b45b028dc4-2b45b028dcb 2275->2308 2309 2b45b028c33-2b45b028cb8 call 2b45afe5330 call 2b45b0050b0 call 2b45b008950 call 2b45b005630 2275->2309 2281 2b45b029057-2b45b02905b 2278->2281 2282 2b45b028ecc-2b45b028f4b call 2b45afe5330 call 2b45b0050b0 call 2b45b008950 call 2b45b005630 2278->2282 2284 2b45b029129-2b45b029130 2281->2284 2285 2b45b029061-2b45b0290be call 2b45afe0840 call 2b45afe0fb0 2281->2285 2333 2b45b02919b-2b45b0291b7 call 2b45b004110 call 2b45b04f198 2282->2333 2334 2b45b028f51-2b45b028f59 2282->2334 2287 2b45b0290fd-2b45b029128 call 2b45b04cb70 2284->2287 2288 2b45b029132-2b45b029147 2284->2288 2285->2287 2311 2b45b0290c0-2b45b0290d5 2285->2311 2294 2b45b029149-2b45b02915c 2288->2294 2295 2b45b0290ec-2b45b0290f8 call 2b45b04cb90 2288->2295 2301 2b45b029166-2b45b02916b call 2b45b02fc0c 2294->2301 2302 2b45b02915e 2294->2302 2295->2287 2318 2b45b02916c-2b45b029188 call 2b45b004110 call 2b45b04f198 2301->2318 2302->2295 2314 2b45b028e15-2b45b028e18 2308->2314 2315 2b45b028dcd-2b45b028e13 call 2b45afe0840 2308->2315 2309->2318 2361 2b45b028cbe-2b45b028cc6 2309->2361 2311->2295 2317 2b45b0290d7-2b45b0290ea 2311->2317 2321 2b45b028e1a-2b45b028e5b call 2b45afe0840 2314->2321 2322 2b45b028e70-2b45b028e7c call 2b45b004d70 2314->2322 2336 2b45b028e60-2b45b028e6f call 2b45afe0fb0 2315->2336 2317->2295 2317->2301 2352 2b45b029189-2b45b02918e call 2b45b02fc0c 2318->2352 2321->2336 2322->2287 2353 2b45b0291b8-2b45b0291bd call 2b45b02fc0c 2333->2353 2341 2b45b028f5b-2b45b028f6c 2334->2341 2342 2b45b028f8c-2b45b028fd1 call 2b45b04eae0 * 2 2334->2342 2336->2322 2347 2b45b028f87 call 2b45b04cb90 2341->2347 2348 2b45b028f6e-2b45b028f81 2341->2348 2365 2b45b029005-2b45b029018 2342->2365 2366 2b45b028fd3-2b45b028fe5 2342->2366 2347->2342 2348->2347 2348->2353 2370 2b45b02918f-2b45b029194 call 2b45b02fc0c 2352->2370 2369 2b45b0291be-2b45b0291c3 call 2b45b02fc0c 2353->2369 2367 2b45b028cfa-2b45b028d40 call 2b45b04eae0 * 2 2361->2367 2368 2b45b028cc8-2b45b028cda 2361->2368 2373 2b45b02901a-2b45b02902c 2365->2373 2374 2b45b02904c-2b45b029052 2365->2374 2371 2b45b028fe7-2b45b028ffa 2366->2371 2372 2b45b029000 call 2b45b04cb90 2366->2372 2394 2b45b028d42-2b45b028d53 2367->2394 2395 2b45b028d73-2b45b028d85 2367->2395 2375 2b45b028cf5 call 2b45b04cb90 2368->2375 2376 2b45b028cdc-2b45b028cef 2368->2376 2389 2b45b029195-2b45b02919a call 2b45b02fc0c 2370->2389 2371->2369 2371->2372 2372->2365 2381 2b45b029047 call 2b45b04cb90 2373->2381 2382 2b45b02902e-2b45b029041 2373->2382 2374->2281 2375->2367 2376->2352 2376->2375 2381->2374 2382->2381 2387 2b45b029160-2b45b029165 call 2b45b02fc0c 2382->2387 2387->2301 2389->2333 2398 2b45b028d55-2b45b028d68 2394->2398 2399 2b45b028d6e call 2b45b04cb90 2394->2399 2400 2b45b028d87-2b45b028d99 2395->2400 2401 2b45b028db9-2b45b028dbf 2395->2401 2398->2370 2398->2399 2399->2395 2403 2b45b028db4 call 2b45b04cb90 2400->2403 2404 2b45b028d9b-2b45b028dae 2400->2404 2401->2308 2403->2401 2404->2389 2404->2403
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy
                                                                                        • String ID: value
                                                                                        • API String ID: 2453523683-494360628
                                                                                        • Opcode ID: ce45c1bc253841957aeb455638705b5451abed70ec86fc96132d5cff3fd0d5d5
                                                                                        • Instruction ID: 87b976447ac93aaa260d54f6c0aa1428a7bb52717ed0ddcfee7ad69c192fa37e
                                                                                        • Opcode Fuzzy Hash: ce45c1bc253841957aeb455638705b5451abed70ec86fc96132d5cff3fd0d5d5
                                                                                        • Instruction Fuzzy Hash: 070293A2614FC086EB20EF74D4C83AD7761E7A5BA4F905215FA9D02AEBDF78C185C310
                                                                                        Function 000002B45AFDC8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                        • String ID: [PID:
                                                                                        • API String ID: 420147892-2210602247
                                                                                        • Opcode ID: e37ae5426cac92230d0c23acd66e156993648a257dd706c95ef8f7e99a7cf727
                                                                                        • Instruction ID: d97cbe260eef69965c3853bc0185187275cb1bdc974248e8819851b8615e25db
                                                                                        • Opcode Fuzzy Hash: e37ae5426cac92230d0c23acd66e156993648a257dd706c95ef8f7e99a7cf727
                                                                                        • Instruction Fuzzy Hash: 1EE17063614FC086EB31DF25E8C439D77A5F3997A8F904216EAA907B9ADF78C245C700
                                                                                        Function 000002B45B025970 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                        • String ID:
                                                                                        • API String ID: 3038321057-0
                                                                                        • Opcode ID: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                                        • Instruction ID: 774d3f83cc9eb226e7bf5c005c086b9fcdd931f54e6abad52bbe1dce7a47df7d
                                                                                        • Opcode Fuzzy Hash: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                                                                        • Instruction Fuzzy Hash: 1A216B72218F8086E7609F62F4C834AB3A0F798F90F958126EA8943B5ADF7CC545CB50
                                                                                        Function 000002B45B001340 Relevance: 6.8, Strings: 5, Instructions: 599COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                                                        • API String ID: 0-2713369562
                                                                                        • Opcode ID: 2028398e588e2433f4f958282045dfcafc89b56812f6764fb8a2c61116ee508e
                                                                                        • Instruction ID: 86235af0f050c741a7df814015cbd53d71ec08f401e6473875f7f0feb342b7de
                                                                                        • Opcode Fuzzy Hash: 2028398e588e2433f4f958282045dfcafc89b56812f6764fb8a2c61116ee508e
                                                                                        • Instruction Fuzzy Hash: 11523672609FC485E6B1AB15F8953DEB3A4F7D9B84F905216DACC42B5AEF38C194CB00
                                                                                        Function 000002B45B01E9F0 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: recv$Cleanupclosesocket
                                                                                        • String ID:
                                                                                        • API String ID: 146070474-0
                                                                                        • Opcode ID: 36b5ba9792e9bde74e71c0f1acfcc28cd0ccb678e6b6ee60cf7e27d7f1635b86
                                                                                        • Instruction ID: a167cbecb10a08633fc9540d74c738bdbd023ec176d333f6e2ca3114fa3971db
                                                                                        • Opcode Fuzzy Hash: 36b5ba9792e9bde74e71c0f1acfcc28cd0ccb678e6b6ee60cf7e27d7f1635b86
                                                                                        • Instruction Fuzzy Hash: A81261B2614FC082EA31AF14E8D93DEB751E7A9B90F904215DAAD42BDBDF78C485C710
                                                                                        Function 000002B45AFDACC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Cred$EnumerateFree
                                                                                        • String ID: cannot use push_back() with
                                                                                        • API String ID: 3403564193-4122110429
                                                                                        • Opcode ID: 21b259fd1aadcca7f384711705638e9f6f800b965a1646408ae8043415057343
                                                                                        • Instruction ID: 94acd96ca7d25196bd4e91cc7dc74cd22dde40126c23d83773243d9a41284b1a
                                                                                        • Opcode Fuzzy Hash: 21b259fd1aadcca7f384711705638e9f6f800b965a1646408ae8043415057343
                                                                                        • Instruction Fuzzy Hash: 0E625C73604FC49AEB319F25E8843DD77A1F399798F904216EAAD17B9ADB74C284C700
                                                                                        Function 000002B45B02C55A Relevance: 5.6, Strings: 4, Instructions: 566COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: array$object$object key$object separator
                                                                                        • API String ID: 0-2277530871
                                                                                        • Opcode ID: 67436389a04c99e8054f3e0aa3fffa1fd3ae553f7ec7f9764ff34f684751c61b
                                                                                        • Instruction ID: 3cd2819908e094748cdbfb07e9570c76fe3bdb188af620dae218871a53b2a49a
                                                                                        • Opcode Fuzzy Hash: 67436389a04c99e8054f3e0aa3fffa1fd3ae553f7ec7f9764ff34f684751c61b
                                                                                        • Instruction Fuzzy Hash: 7A42B2A2624E8497EB20EF34D4D93ED7361F7A5B98FC01202EA4D47A9BDF64C248C350
                                                                                        Function 00007FF65DAA34C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryVirtual$ProtectQuery
                                                                                        • String ID: 0
                                                                                        • API String ID: 1355999870-4108050209
                                                                                        • Opcode ID: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                                                        • Instruction ID: 1569ce5b47ca568740f2991cf1d8c385b4365b6ea35e7acb0733ddf282182a44
                                                                                        • Opcode Fuzzy Hash: 89413ede3b1e85be20c8f272e65a27b8bfe40e2a2e38e4141ba162e5d23f76ce
                                                                                        • Instruction Fuzzy Hash: 3D212A3261CB8586EB508B65F45436A73A4FB887A4F540335EAAD93BE8EF7CD0448B00
                                                                                        Function 000002B45B011EA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CryptDataFreeLocalUnprotect
                                                                                        • String ID:
                                                                                        • API String ID: 1561624719-0
                                                                                        • Opcode ID: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                                        • Instruction ID: 596fa499bef244c438dd8ce5b568fe42677af41db95d3305215718dc59f1aca7
                                                                                        • Opcode Fuzzy Hash: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                                                                        • Instruction Fuzzy Hash: CD416C73614B80CEE3209F74E4843DD37A5F769B8CF444229EB8806E8ADB79C5A4C354
                                                                                        Function 000002B45B0213B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DriveLogicalStrings
                                                                                        • String ID:
                                                                                        • API String ID: 2022863570-0
                                                                                        • Opcode ID: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                                        • Instruction ID: d8b03ed05d86498b2cd0db94420db970589b51d7f0771b86feb35ab4319b7204
                                                                                        • Opcode Fuzzy Hash: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                                                                        • Instruction Fuzzy Hash: B1417E33A18F8086E720DF21E8C439EB764F794784F545215EE8823A6ADB78D5D1DB40
                                                                                        Function 000002B45B020110 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                                        • Instruction ID: f16845598cd2ff46f2c1968c5ded64752efd06936a45029065fc06c6ce80e4e7
                                                                                        • Opcode Fuzzy Hash: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                                                                        • Instruction Fuzzy Hash: FF018872118B8183E731DF15F8D539EB3A4F7A8B84F844215EA8D42656DBBCC194CB50
                                                                                        Function 000002B45B020820 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: cores
                                                                                        • API String ID: 0-2370456839
                                                                                        • Opcode ID: d79c3521c7dd920ccc3192e03795f8b47db21d7ff3f24562c83f2d7779fd43af
                                                                                        • Instruction ID: 88516e7bd30a2b6093b1ac3655b713bd73145893e6921b582b74256572eebdcb
                                                                                        • Opcode Fuzzy Hash: d79c3521c7dd920ccc3192e03795f8b47db21d7ff3f24562c83f2d7779fd43af
                                                                                        • Instruction Fuzzy Hash: A3C105A3E14F808AF720DF78D48539D7761F7A9BA8F905305EAA816A97DB78C185C340
                                                                                        Function 000002B45B0270B0 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: \u%04x
                                                                                        • API String ID: 0-2916071157
                                                                                        • Opcode ID: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                                                                        • Instruction ID: 4006db4ea86c973ae35e42ddf845224143fb1beed4bdb61edb134a97f1d5699a
                                                                                        • Opcode Fuzzy Hash: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                                                                        • Instruction Fuzzy Hash: 0681C1A2304A9483EA64EF15D5D87ADB761F7A5F80FC48422DF4A43BA6DF38C919C350
                                                                                        Function 000002B45B02662B Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ":
                                                                                        • API String ID: 0-3662656813
                                                                                        • Opcode ID: 7d9dad981727df251dcf6c5e6bbde99c0667bc6b6e6a6f7e89b9cedcecf14999
                                                                                        • Instruction ID: f0f259c8684685e3667f0e6dfb6ed666e5a7352825e2dd8f50f79a5a62a4018a
                                                                                        • Opcode Fuzzy Hash: 7d9dad981727df251dcf6c5e6bbde99c0667bc6b6e6a6f7e89b9cedcecf14999
                                                                                        • Instruction Fuzzy Hash: 6F91F2B6304A8582DB20AF26D1D879EB361F799FC8F859006CB9E07B66DF39C558C701
                                                                                        Function 000002B45AFE22D0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 000002B45AFE2359
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                        • API String ID: 0-1713319389
                                                                                        • Opcode ID: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                                                                        • Instruction ID: 44cfe04fbae3220caa092f4764b571bfbe3bdfd7fdf1d4e56f0c53d132849297
                                                                                        • Opcode Fuzzy Hash: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                                                                        • Instruction Fuzzy Hash: 83411363619AE04ADB52CB39845137D7FB1E366B88F5CC152DBE487747D62DC206CB10
                                                                                        Function 000002B45AFDCF60 Relevance: .7, Instructions: 715COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4028d5451824e4ec8c33ef6ec6e520c2671e829f655679f515adae9ffa1b5c9d
                                                                                        • Instruction ID: 664b4cac7e122fd08ffb3dafd891f6fe613eea5777f1cdc4645512c56256afff
                                                                                        • Opcode Fuzzy Hash: 4028d5451824e4ec8c33ef6ec6e520c2671e829f655679f515adae9ffa1b5c9d
                                                                                        • Instruction Fuzzy Hash: 4A725B73615FC48AEB21DF69E88439D73A0F798798F504216EADC57B9AEB78C244C700
                                                                                        Function 000002B45AFCF1C0 Relevance: .3, Instructions: 344COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f67552ef0fa8666a4d59e6087d1a22013c3b6e00b0d2513b4aae911bd138e3fa
                                                                                        • Instruction ID: 5dd3c31cbf2802d106d0cdf34a2636507511e7d49e775602ce969e6dd8f499c3
                                                                                        • Opcode Fuzzy Hash: f67552ef0fa8666a4d59e6087d1a22013c3b6e00b0d2513b4aae911bd138e3fa
                                                                                        • Instruction Fuzzy Hash: A9F14073A05F848AEB208F69E88535DB7A0F79C7A8F504315EEDC57B99DB78C1948700
                                                                                        Function 000002B45AFCF8B0 Relevance: .3, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cba1c8cdbafd4b0f0ef2d06a6ba6c9fd059a218815a8c9af8ed0182ad1c5c82d
                                                                                        • Instruction ID: e2fec5aea515fec07c1b1da4eaedef32c82c94bbee5bb17da5cc46e0e31b7f3c
                                                                                        • Opcode Fuzzy Hash: cba1c8cdbafd4b0f0ef2d06a6ba6c9fd059a218815a8c9af8ed0182ad1c5c82d
                                                                                        • Instruction Fuzzy Hash: DDF15E73604F848AEB209B69E88535DB7A0F79C7A8F504315EEEC56B99EB78C194C700
                                                                                        Function 000002B45B018B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 700 2b45b018b30-2b45b018b6b call 2b45b0188b0 703 2b45b018b6d-2b45b018b7c EnterCriticalSection 700->703 704 2b45b018bac 700->704 705 2b45b018b7e-2b45b018ba0 GdiplusStartup 703->705 706 2b45b018bd0-2b45b018bea LeaveCriticalSection GdipGetImageEncodersSize 703->706 707 2b45b018bb1-2b45b018bcf call 2b45b04cb70 704->707 705->706 708 2b45b018ba2-2b45b018ba6 LeaveCriticalSection 705->708 706->704 710 2b45b018bec-2b45b018bff 706->710 708->704 712 2b45b018c3b-2b45b018c49 call 2b45b0366e4 710->712 713 2b45b018c01-2b45b018c0a call 2b45b018640 710->713 720 2b45b018c4b-2b45b018c4e 712->720 721 2b45b018c50-2b45b018c5a 712->721 718 2b45b018c38 713->718 719 2b45b018c0c-2b45b018c16 713->719 718->712 722 2b45b018c18 719->722 723 2b45b018c22-2b45b018c36 call 2b45b04d830 719->723 724 2b45b018c5e 720->724 721->724 722->723 726 2b45b018c61-2b45b018c64 723->726 724->726 728 2b45b018c66-2b45b018c6b 726->728 729 2b45b018c70-2b45b018c7e GdipGetImageEncoders 726->729 730 2b45b018dde-2b45b018de1 728->730 731 2b45b018c84-2b45b018c8d 729->731 732 2b45b018dc9-2b45b018dce 729->732 735 2b45b018e04-2b45b018e06 730->735 736 2b45b018de3-2b45b018de7 730->736 733 2b45b018cbf 731->733 734 2b45b018c8f-2b45b018c9d 731->734 732->730 739 2b45b018cc6-2b45b018cd6 733->739 737 2b45b018ca0-2b45b018cab 734->737 735->707 738 2b45b018df0-2b45b018e02 call 2b45b02efd8 736->738 740 2b45b018cb8-2b45b018cbd 737->740 741 2b45b018cad-2b45b018cb2 737->741 738->735 743 2b45b018cd8-2b45b018ce9 739->743 744 2b45b018cef-2b45b018d0b 739->744 740->733 740->737 741->740 745 2b45b018d6d-2b45b018d71 741->745 743->732 743->744 747 2b45b018d78-2b45b018db7 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 744->747 748 2b45b018d0d-2b45b018d66 GdipCreateBitmapFromScan0 GdipSaveImageToStream 744->748 745->739 751 2b45b018db9 747->751 752 2b45b018dd0-2b45b018ddd GdipDisposeImage 747->752 749 2b45b018d76 748->749 750 2b45b018d68-2b45b018d6b 748->750 749->752 753 2b45b018dbc-2b45b018dc3 GdipDisposeImage 750->753 751->753 752->730 753->732
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                                        • String ID: &
                                                                                        • API String ID: 1703174404-3042966939
                                                                                        • Opcode ID: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                                                                        • Instruction ID: d33fb33a6c751668f5eb61585645d2581b742becefe7e96376a82387ac94bec7
                                                                                        • Opcode Fuzzy Hash: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                                                                        • Instruction Fuzzy Hash: 3B918FB2200F409BEB34EF20D8C87A877A4F765F98F948215EA4947B96DF34C695C360
                                                                                        Function 000002B45B019BE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 250networkCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1402 2b45b019be0-2b45b019c37 call 2b45b01f890 1405 2b45b019c39-2b45b019c41 1402->1405 1406 2b45b019c7d-2b45b019d61 call 2b45aff24f0 call 2b45afe5330 call 2b45afdeda0 call 2b45afe5330 call 2b45afdeda0 call 2b45afe0fb0 WSAStartup 1402->1406 1407 2b45b019c45-2b45b019c4d 1405->1407 1420 2b45b019e28 1406->1420 1438 2b45b019d67-2b45b019d8b socket 1406->1438 1409 2b45b019c4f 1407->1409 1410 2b45b019c52-2b45b019c62 1407->1410 1409->1410 1412 2b45b019c74-2b45b019c7b 1410->1412 1413 2b45b019c64-2b45b019c6e call 2b45b05fd00 1410->1413 1412->1406 1412->1407 1413->1412 1413->1420 1422 2b45b019e2a-2b45b019e32 1420->1422 1424 2b45b019e65-2b45b019ea9 call 2b45b04cb70 1422->1424 1425 2b45b019e34-2b45b019e45 1422->1425 1427 2b45b019e47-2b45b019e5a 1425->1427 1428 2b45b019e60 call 2b45b04cb90 1425->1428 1427->1428 1431 2b45b019fcf-2b45b019fd4 call 2b45b02fc0c 1427->1431 1428->1424 1439 2b45b019fd5-2b45b019fda call 2b45b02fc0c 1431->1439 1440 2b45b019d91-2b45b019dbe htons 1438->1440 1441 2b45b019e22 WSACleanup 1438->1441 1443 2b45b019dc4-2b45b019dd4 call 2b45b027890 1440->1443 1444 2b45b019ecd-2b45b019efe call 2b45b018e10 call 2b45afdfb70 1440->1444 1441->1420 1451 2b45b019dd6 1443->1451 1452 2b45b019dd9-2b45b019e06 inet_pton connect 1443->1452 1457 2b45b019f36-2b45b019f53 call 2b45b018e10 1444->1457 1458 2b45b019f00-2b45b019f16 1444->1458 1451->1452 1454 2b45b019eaa-2b45b019eb4 1452->1454 1455 2b45b019e0c-2b45b019e13 1452->1455 1454->1444 1459 2b45b019eb6-2b45b019ebf 1454->1459 1455->1443 1456 2b45b019e15-2b45b019e1c closesocket 1455->1456 1456->1441 1466 2b45b019f58-2b45b019f7c call 2b45afdfb70 1457->1466 1460 2b45b019f18-2b45b019f2b 1458->1460 1461 2b45b019f31 call 2b45b04cb90 1458->1461 1463 2b45b019ec4-2b45b019ecc call 2b45afe15c0 1459->1463 1464 2b45b019ec1 1459->1464 1460->1439 1460->1461 1461->1457 1463->1444 1464->1463 1471 2b45b019fb8-2b45b019fc4 1466->1471 1472 2b45b019f7e-2b45b019f94 1466->1472 1471->1422 1473 2b45b019f96-2b45b019fa9 1472->1473 1474 2b45b019fab-2b45b019fb0 call 2b45b04cb90 1472->1474 1473->1474 1475 2b45b019fc9-2b45b019fce call 2b45b02fc0c 1473->1475 1474->1471 1475->1431
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                                        • String ID: geo$system
                                                                                        • API String ID: 213021568-2364779556
                                                                                        • Opcode ID: 60c3024b284a940e11ebd5efc28cec14dd664e0cfac4e9075431bf37327be272
                                                                                        • Instruction ID: 1b97bf9ffd9971919b9c3b124241bc05661dd29bc77556e9ae9af90e555e59ce
                                                                                        • Opcode Fuzzy Hash: 60c3024b284a940e11ebd5efc28cec14dd664e0cfac4e9075431bf37327be272
                                                                                        • Instruction Fuzzy Hash: 79C1BFA2B01F409AEB20EFA4D8D939C73A2B765B98F815212DE5D177AADF34C546C310
                                                                                        Function 000002B45B023B30 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1882 2b45b023b30-2b45b023b92 GetCurrentProcess GetProcessId RmStartSession 1883 2b45b023b98-2b45b023bbd RmRegisterResources 1882->1883 1884 2b45b023c91 1882->1884 1886 2b45b023c88-2b45b023c8b RmEndSession 1883->1886 1887 2b45b023bc3-2b45b023bf9 RmGetList 1883->1887 1885 2b45b023c93-2b45b023cb6 call 2b45b04cb70 1884->1885 1886->1884 1889 2b45b023cd4 1887->1889 1890 2b45b023bff-2b45b023c04 1887->1890 1891 2b45b023cd7-2b45b023cdf RmEndSession 1889->1891 1890->1889 1893 2b45b023c0a-2b45b023c30 call 2b45b0366e4 1890->1893 1891->1885 1893->1891 1896 2b45b023c36-2b45b023c58 RmGetList 1893->1896 1897 2b45b023c5a-2b45b023c5d 1896->1897 1898 2b45b023ccc-2b45b023ccf call 2b45b02efd8 1896->1898 1897->1898 1899 2b45b023c5f-2b45b023c68 1897->1899 1898->1889 1899->1886 1901 2b45b023c6a 1899->1901 1902 2b45b023c70-2b45b023c7f 1901->1902 1903 2b45b023cb7-2b45b023cca call 2b45b02efd8 RmEndSession 1902->1903 1904 2b45b023c81-2b45b023c86 1902->1904 1903->1884 1904->1886 1904->1902
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                                        • String ID:
                                                                                        • API String ID: 3299295986-0
                                                                                        • Opcode ID: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                                                                        • Instruction ID: 3bec53ecfa4320dfb45b12534d06ebd6dd48c7b70fe673c2148dfc57fabf97fe
                                                                                        • Opcode Fuzzy Hash: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                                                                        • Instruction Fuzzy Hash: 34512E72714A418BF724DFA5E4D869DB3B1F758B88F90412ADE0A63B95DF34C80AC750
                                                                                        Function 000002B45B03D5F0 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2011 2b45b03d5f0-2b45b03d616 2012 2b45b03d618-2b45b03d62c call 2b45b0340ac call 2b45b0340cc 2011->2012 2013 2b45b03d631-2b45b03d635 2011->2013 2030 2b45b03da22 2012->2030 2015 2b45b03da0b-2b45b03da17 call 2b45b0340ac call 2b45b0340cc 2013->2015 2016 2b45b03d63b-2b45b03d642 2013->2016 2033 2b45b03da1d call 2b45b02fbec 2015->2033 2016->2015 2018 2b45b03d648-2b45b03d676 2016->2018 2018->2015 2022 2b45b03d67c-2b45b03d683 2018->2022 2025 2b45b03d685-2b45b03d697 call 2b45b0340ac call 2b45b0340cc 2022->2025 2026 2b45b03d69c-2b45b03d69f 2022->2026 2025->2033 2027 2b45b03d6a5-2b45b03d6ab 2026->2027 2028 2b45b03da07-2b45b03da09 2026->2028 2027->2028 2032 2b45b03d6b1-2b45b03d6b4 2027->2032 2034 2b45b03da25-2b45b03da3c 2028->2034 2030->2034 2032->2025 2036 2b45b03d6b6-2b45b03d6db 2032->2036 2033->2030 2039 2b45b03d6dd-2b45b03d6df 2036->2039 2040 2b45b03d70e-2b45b03d715 2036->2040 2042 2b45b03d706-2b45b03d70c 2039->2042 2043 2b45b03d6e1-2b45b03d6e8 2039->2043 2044 2b45b03d6ea-2b45b03d701 call 2b45b0340ac call 2b45b0340cc call 2b45b02fbec 2040->2044 2045 2b45b03d717-2b45b03d73f call 2b45b03dedc call 2b45b03b550 * 2 2040->2045 2048 2b45b03d78c-2b45b03d7a3 2042->2048 2043->2042 2043->2044 2076 2b45b03d894 2044->2076 2072 2b45b03d741-2b45b03d757 call 2b45b0340cc call 2b45b0340ac 2045->2072 2073 2b45b03d75c-2b45b03d787 call 2b45b03dcb0 2045->2073 2051 2b45b03d7a5-2b45b03d7ad 2048->2051 2052 2b45b03d81e-2b45b03d828 call 2b45b047c7c 2048->2052 2051->2052 2053 2b45b03d7af-2b45b03d7b1 2051->2053 2064 2b45b03d8b2 2052->2064 2065 2b45b03d82e-2b45b03d843 2052->2065 2053->2052 2057 2b45b03d7b3-2b45b03d7c9 2053->2057 2057->2052 2061 2b45b03d7cb-2b45b03d7d7 2057->2061 2061->2052 2066 2b45b03d7d9-2b45b03d7db 2061->2066 2068 2b45b03d8b7-2b45b03d8d7 ReadFile 2064->2068 2065->2064 2070 2b45b03d845-2b45b03d857 GetConsoleMode 2065->2070 2066->2052 2071 2b45b03d7dd-2b45b03d7f5 2066->2071 2074 2b45b03d9d1-2b45b03d9da call 2b45b072160 2068->2074 2075 2b45b03d8dd-2b45b03d8e5 2068->2075 2070->2064 2077 2b45b03d859-2b45b03d861 2070->2077 2071->2052 2079 2b45b03d7f7-2b45b03d803 2071->2079 2072->2076 2073->2048 2093 2b45b03d9f7-2b45b03d9fa 2074->2093 2094 2b45b03d9dc-2b45b03d9f2 call 2b45b0340cc call 2b45b0340ac 2074->2094 2075->2074 2083 2b45b03d8eb 2075->2083 2080 2b45b03d897-2b45b03d8a1 call 2b45b03b550 2076->2080 2077->2068 2084 2b45b03d863-2b45b03d885 call 2b45b0723b8 2077->2084 2079->2052 2086 2b45b03d805-2b45b03d807 2079->2086 2080->2034 2090 2b45b03d8f2-2b45b03d907 2083->2090 2101 2b45b03d8a6-2b45b03d8b0 2084->2101 2102 2b45b03d887 call 2b45b072160 2084->2102 2086->2052 2095 2b45b03d809-2b45b03d819 2086->2095 2090->2080 2098 2b45b03d909-2b45b03d914 2090->2098 2105 2b45b03da00-2b45b03da02 2093->2105 2106 2b45b03d88d-2b45b03d88f call 2b45b034040 2093->2106 2094->2076 2095->2052 2099 2b45b03d93b-2b45b03d943 2098->2099 2100 2b45b03d916-2b45b03d92f call 2b45b03d208 2098->2100 2109 2b45b03d945-2b45b03d957 2099->2109 2110 2b45b03d9bf-2b45b03d9cc call 2b45b03d048 2099->2110 2114 2b45b03d934-2b45b03d936 2100->2114 2101->2090 2102->2106 2105->2080 2106->2076 2115 2b45b03d959 2109->2115 2116 2b45b03d9b2-2b45b03d9ba 2109->2116 2110->2114 2114->2080 2119 2b45b03d95e-2b45b03d965 2115->2119 2116->2080 2121 2b45b03d967-2b45b03d96b 2119->2121 2122 2b45b03d9a1-2b45b03d9ac 2119->2122 2123 2b45b03d987 2121->2123 2124 2b45b03d96d-2b45b03d974 2121->2124 2122->2116 2126 2b45b03d98d-2b45b03d99d 2123->2126 2124->2123 2125 2b45b03d976-2b45b03d97a 2124->2125 2125->2123 2127 2b45b03d97c-2b45b03d985 2125->2127 2126->2119 2128 2b45b03d99f 2126->2128 2127->2126 2128->2116
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
                                                                                        • Instruction ID: 7cebdf34db678d8791fa010cb790e58e9527f2a9d571ab6a782d368851ddd011
                                                                                        • Opcode Fuzzy Hash: 197761c4084f71b538abde1851977105dd70471639988d7dce5d49f8975dacdd
                                                                                        • Instruction Fuzzy Hash: C2C1C2A2214F8593E771BF1994CE3AD7BA1F7A1F80F954211DA4A07793DF79C84A8320
                                                                                        Function 000002B45B018990 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                                        • String ID:
                                                                                        • API String ID: 4268643673-0
                                                                                        • Opcode ID: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                                        • Instruction ID: 29c438c31477100c5b6404e6fe5dd383312e6ec3af03dabd75737afaca510061
                                                                                        • Opcode Fuzzy Hash: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                                                                        • Instruction Fuzzy Hash: 1E113A72111F4082EB24EF25E8C8119B3B4FB65FA4FA84315DA6D027A5DF34C997C360
                                                                                        Function 00007FF65DAB7980 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF65DAB7C00: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00007FF65DAB7C0E
                                                                                          • Part of subcall function 00007FF65DAA6610: char_traits.LIBCPMTD ref: 00007FF65DAA663D
                                                                                          • Part of subcall function 00007FF65DAB7DC0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DAB7ED5
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DAB7AFA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ProcessorReentrantScoped_lockScoped_lock::~_Virtual$Concurrency::RootRoot::char_traits
                                                                                        • String ID: EnterCriticalSection$LeaveCriticalSection$LoadAcceleratorsA$LoadAcceleratorsW
                                                                                        • API String ID: 2378420206-1394853731
                                                                                        • Opcode ID: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                                                        • Instruction ID: 2907f183e0a0640a203cdc572d738fe74f4342b8e6efbdbdd256517f8979fe73
                                                                                        • Opcode Fuzzy Hash: 04327c45c70a67150be1c73c2e078c6eac2a998af2c452a8fcebf7652b8d46cf
                                                                                        • Instruction Fuzzy Hash: E6512F3251DA8791EA70EB90E4513EB6360FBC1344F481132E28DE3AEAEE6CD905CB40
                                                                                        Function 00007FF65DAB7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DAB80EF
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DAB8197
                                                                                          • Part of subcall function 00007FF65DAF77D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF65DAF651B), ref: 00007FF65DAF7824
                                                                                          • Part of subcall function 00007FF65DAF77D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF65DAF651B), ref: 00007FF65DAF7865
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$ExceptionFileHeaderRaise
                                                                                        • String ID: 1.3.1.zlib-ng
                                                                                        • API String ID: 543713560-992988628
                                                                                        • Opcode ID: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                                                        • Instruction ID: 2b2e4bec28393fe5e0b1174a4bc127b8acc68283a3da0de771b7c1b7f460699e
                                                                                        • Opcode Fuzzy Hash: 8956c29817721c66e9a5c783700e556b24576ee2f69ddabf96bd024d6e1e8483
                                                                                        • Instruction Fuzzy Hash: 5961E83261CA8686E670DB64E4513EBB3A0FBD8344F444235E6CD92AD9EF3CD645CB41
                                                                                        Function 000002B45B020420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                        • API String ID: 3702945584-1787575317
                                                                                        • Opcode ID: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                                                                        • Instruction ID: 18647ed88ba045cdd96435fcacda25da4b06b045380efa1cc3d51fc3bb61c629
                                                                                        • Opcode Fuzzy Hash: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                                                                        • Instruction Fuzzy Hash: 7E118172218F8083EB60DF21F48539AB3A4F799B94F804216EA9803B5ADFBCC155CB40
                                                                                        Function 000002B45B02B090 Relevance: 4.9, APIs: 3, Instructions: 440COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 70d3a949619ac1b0e9964116f6ba8f5623cd288c852f1d955663d95d3cb59920
                                                                                        • Instruction ID: 2f40ee141e180b5b1b8ddbc8ddfabd4cfc455397287e15475c8d845e3d620126
                                                                                        • Opcode Fuzzy Hash: 70d3a949619ac1b0e9964116f6ba8f5623cd288c852f1d955663d95d3cb59920
                                                                                        • Instruction Fuzzy Hash: 6DF1A3B2211F8486DA24EF25E4C87ADB3A4F758BE4F944625EBAD47796DF38C194C300
                                                                                        Function 000002B45B01ED77 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Cleanupclosesocketrecv
                                                                                        • String ID:
                                                                                        • API String ID: 3447645871-0
                                                                                        • Opcode ID: a3ff1c72fe5ce7a4ba30a757a1366cac1052ac2a4458e6b2fc94b70744e8dcc2
                                                                                        • Instruction ID: c6beeee9cca80ab956d1dd3247192211756413ccc5aa9d2f8daeb57f16e1707e
                                                                                        • Opcode Fuzzy Hash: a3ff1c72fe5ce7a4ba30a757a1366cac1052ac2a4458e6b2fc94b70744e8dcc2
                                                                                        • Instruction Fuzzy Hash: 269152A3614FC042EA35AF15E4D939E7751E7A5BA0F904305DAAD06BEBDF78C4818710
                                                                                        Function 000002B45B021111 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseEnumOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1332880857-0
                                                                                        • Opcode ID: f458c22420d06c21da6f2b9f6a93e1c26ea9a1f356d9961e8a5c3013cb53f523
                                                                                        • Instruction ID: 806c7673ad30be3d3eb62bf0e1040d83a50794afe79fa63e863a0957e88c5462
                                                                                        • Opcode Fuzzy Hash: f458c22420d06c21da6f2b9f6a93e1c26ea9a1f356d9961e8a5c3013cb53f523
                                                                                        • Instruction Fuzzy Hash: 407185B2604F8486EB20DF65E4C839DB761F7957A8FA00205EFA917AD6DB78C0D5C710
                                                                                        Function 00007FF65DAAD7F0 Relevance: 4.6, APIs: 3, Instructions: 112COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF65DAAD8DD
                                                                                        • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF65DAAD9C0
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAAD9E9
                                                                                          • Part of subcall function 00007FF65DAA6610: char_traits.LIBCPMTD ref: 00007FF65DAA663D
                                                                                          • Part of subcall function 00007FF65DAADAA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAADAB8
                                                                                          • Part of subcall function 00007FF65DAADB00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAADB13
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextIdentityQueue$char_traits
                                                                                        • String ID:
                                                                                        • API String ID: 2573577243-0
                                                                                        • Opcode ID: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                                                        • Instruction ID: 67f0581bbb6226d53542c6954093864db14cd52256f7be7e08b292ffc7a2b84a
                                                                                        • Opcode Fuzzy Hash: f26d7d76682de479d1a510b7515a2100360f65aa1e8371ebd0398830a94be955
                                                                                        • Instruction Fuzzy Hash: 0B51097260CBC691DA609B55E4413ABB3A0FBC5780F844136E6CD97BAAFF2CD445CB40
                                                                                        Function 000002B45B0210A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: EnumOpen
                                                                                        • String ID:
                                                                                        • API String ID: 3231578192-0
                                                                                        • Opcode ID: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                                                                        • Instruction ID: a08690fd5923f89412374b1fc4e81e9246d05981e2915fb1055dbd97206f46f2
                                                                                        • Opcode Fuzzy Hash: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                                                                        • Instruction Fuzzy Hash: 3B319E72600B8486E730DFA1E88879EB365F795B98FA00215EE9817B56DF78C196C700
                                                                                        Function 00007FF65DAB17D0 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallFunction0Member$char_traits
                                                                                        • String ID:
                                                                                        • API String ID: 1927575840-0
                                                                                        • Opcode ID: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                                                        • Instruction ID: 94e39cc7ebfcc7e28ff1bfafbbaecb35e15b2d9943cc45d919552e959996c57c
                                                                                        • Opcode Fuzzy Hash: b3a0a285e39b8cf687cbf5e33b540a6d49c497df54d9ecd142d2dcea34095149
                                                                                        • Instruction Fuzzy Hash: 00316031A0DA4686F660DB95E44117BB7E1FB85784F484235E28DD76EAFF3CE5028B40
                                                                                        Function 000002B45B020DDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseOpenQueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3677997916-0
                                                                                        • Opcode ID: b5901a3cd6b954f6a774689512a6fc3d71d5621db7fe552ec5d293c361ff023b
                                                                                        • Instruction ID: 5b4f2aaaee396765070ece01fe34dd83ae3ff6cb988e4f178016a9f19835f2e8
                                                                                        • Opcode Fuzzy Hash: b5901a3cd6b954f6a774689512a6fc3d71d5621db7fe552ec5d293c361ff023b
                                                                                        • Instruction Fuzzy Hash: A721A7A2615F8082EE709F25E4D535FB351F7E5BD4F805212EA9E42A96EF38C0C4C750
                                                                                        Function 00007FF65DAB82A0 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$CurrentInformationOpen
                                                                                        • String ID:
                                                                                        • API String ID: 2743777493-0
                                                                                        • Opcode ID: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                                                        • Instruction ID: 585bd021ad77fa035ea717594884e739665b7f22dea023cc03d8b0d62a35e7af
                                                                                        • Opcode Fuzzy Hash: 722ab832dbefb05b570a67b2cccdef345e5e387398dfdff30b5f0e262e84267a
                                                                                        • Instruction Fuzzy Hash: 0C215E3152C68185EB40DB65E4543AFA760FB81744F981035F6CE93AD9EF3DD409CB00
                                                                                        Function 000002B45B01F890 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Info$User
                                                                                        • String ID:
                                                                                        • API String ID: 2017065092-0
                                                                                        • Opcode ID: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                                                                        • Instruction ID: aae97450a7c8ecf31efb307a0fae5c10f88095d70eed42f4a7902b2c9287f63b
                                                                                        • Opcode Fuzzy Hash: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                                                                        • Instruction Fuzzy Hash: EE11BF72628B8183E720AF61F49471EB3A1F7A5F88F445225EF8503B5ADF7CD5908B84
                                                                                        Function 000002B45B019760 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$CurrentInformationOpen
                                                                                        • String ID:
                                                                                        • API String ID: 2743777493-0
                                                                                        • Opcode ID: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                                        • Instruction ID: ac19d2d059f11fe95dfa06180a3e4b4e8ab2040db48b75045ca1a072a2cbf215
                                                                                        • Opcode Fuzzy Hash: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                                                                        • Instruction Fuzzy Hash: DB110A72619F8083EB60AF15F8C434AB3A0F799B80F999125EA9957B69CF3CC445CB50
                                                                                        Function 000002B45B043270 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 1703294689-0
                                                                                        • Opcode ID: f80d91bcf93e8424b3640f1b7356e3f7b22acd1ad7b3684da8aa45f97133e79c
                                                                                        • Instruction ID: bcccd370567abc40214f030ab76ef1e15d9b23ec2899ecc777db71c1ab677053
                                                                                        • Opcode Fuzzy Hash: f80d91bcf93e8424b3640f1b7356e3f7b22acd1ad7b3684da8aa45f97133e79c
                                                                                        • Instruction Fuzzy Hash: A2D06CA4320E0493EA387F7069DD26D7325AB7AF01F906838CA02067A7CF2988498320
                                                                                        Function 000002B45AFDF350 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-3916222277
                                                                                        • Opcode ID: e166c857a238f254e59f2c4b7f065a9c8d06d56266ce2945c74b42336dbb6aa6
                                                                                        • Instruction ID: 25aba49fb6d6045f2b380c778251e07d38711ca3f3d4d9bb219b28fe111d497f
                                                                                        • Opcode Fuzzy Hash: e166c857a238f254e59f2c4b7f065a9c8d06d56266ce2945c74b42336dbb6aa6
                                                                                        • Instruction Fuzzy Hash: BA513B73204F44A7EA269F2AD99835C37A0F759B94F948612CB6D43BA6CF79D0A58300
                                                                                        Function 000002B45B020C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CurrentProfile
                                                                                        • String ID: Unknown
                                                                                        • API String ID: 2104809126-1654365787
                                                                                        • Opcode ID: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                                                                        • Instruction ID: 9987bb5ede146e87ca1420a3d0efe5e572d6ecf8a0997956bf49f21a04bb92b7
                                                                                        • Opcode Fuzzy Hash: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                                                                        • Instruction Fuzzy Hash: 8F31A163628FC087E7219F20E59439EB360F7A9B84F945215EFC912A57DB7CC595CB00
                                                                                        Function 00007FF65DAAFAE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @
                                                                                        • API String ID: 0-2766056989
                                                                                        • Opcode ID: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                                                        • Instruction ID: 3056eec26edad0a022dda977660ebc0776ed8039fb981c68fa9ee0e22cfad379
                                                                                        • Opcode Fuzzy Hash: b337b7728e22acf7a85b468339197ec44de5b842342dd1561fc2dcb21d3dd529
                                                                                        • Instruction Fuzzy Hash: C331B83661DB818AD760DB55E49062BBBE0F788784F140626FB8D93B99EF3CD5408F40
                                                                                        Function 000002B45AFE51E0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 7b110e3cb14acf78e02d684284d6cd73aadd085dc85baf4b69cd65186d7b59fb
                                                                                        • Instruction ID: 4d078520eacc43da1d2bd8c46a817a7d3c018bc5fe7b709d386748a94aae051e
                                                                                        • Opcode Fuzzy Hash: 7b110e3cb14acf78e02d684284d6cd73aadd085dc85baf4b69cd65186d7b59fb
                                                                                        • Instruction Fuzzy Hash: C551A2A3305F4486EE74BF52A98839D7391A768BE4F984622DE7D0B7D7DB78C4858300
                                                                                        Function 000002B45B018E10 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FolderFreeKnownPathTask
                                                                                        • String ID:
                                                                                        • API String ID: 969438705-0
                                                                                        • Opcode ID: ac78d0950d5123e79d1274902e366252036e177f94df0b62379f251fbb92b7d3
                                                                                        • Instruction ID: 37c5e594a1a3123c9ae2a42452426a0e856db118891a4c4dc92283225c8a881f
                                                                                        • Opcode Fuzzy Hash: ac78d0950d5123e79d1274902e366252036e177f94df0b62379f251fbb92b7d3
                                                                                        • Instruction Fuzzy Hash: E33173B2914B8082E720DF25E4D535EB761F7A9BF4F505316FAAC02796DB7CC1818B40
                                                                                        Function 000002B45B02E614 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                                                                        • Instruction ID: 8b976cab16cd11e74140d4a5b7b812601b940256c91852f6dab3bb860e1664c4
                                                                                        • Opcode Fuzzy Hash: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                                                                        • Instruction Fuzzy Hash: FE317CA2650E4487EA75FF54E9D97ADB361A7B4FC0FD80621E609473D3EB78C5098320
                                                                                        Function 000002B45B017390 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID:
                                                                                        • API String ID: 47109696-0
                                                                                        • Opcode ID: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                                                                        • Instruction ID: 004422bbd95cc8a1926bcc40e3236a76e696c4739df828ac82deef570c2e89c9
                                                                                        • Opcode Fuzzy Hash: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                                                                        • Instruction Fuzzy Hash: 9221B4A1711E4047EA70AF21E8C43AAB760EBA9FD4F841221EE4D47B9BDF68C481C710
                                                                                        Function 000002B45B01664C Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                                        • String ID:
                                                                                        • API String ID: 420082584-0
                                                                                        • Opcode ID: eea197aff795f4b9c5d6efeee9918aec06857f2d6b74eb6359eb0d3e40ff1cb4
                                                                                        • Instruction ID: fe4c8d5ba5b1ef4554eeb203ddbb9872b39d3462886ab2d0c9c78f3704d69947
                                                                                        • Opcode Fuzzy Hash: eea197aff795f4b9c5d6efeee9918aec06857f2d6b74eb6359eb0d3e40ff1cb4
                                                                                        • Instruction Fuzzy Hash: 6F219DA2605E8053F936BFB4ECDE3AD7340AB76F95FC44602EAA9016D79F18C0848731
                                                                                        Function 000002B45B01667D Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseHandleMutexReleaserecv
                                                                                        • String ID:
                                                                                        • API String ID: 2659716615-0
                                                                                        • Opcode ID: ec0be76bda8e78934538e784beaa4ec270da2de2427e8a6dabb4454447da85b6
                                                                                        • Instruction ID: fcb83c90250b7b74ebd47b77065ff30d2c7d1c2ec834bb80504287df5bd6a69c
                                                                                        • Opcode Fuzzy Hash: ec0be76bda8e78934538e784beaa4ec270da2de2427e8a6dabb4454447da85b6
                                                                                        • Instruction Fuzzy Hash: 571191E2601E8043FA767F64ECDE39D7340ABA6F91FC44601EAA9016D79F18C0848731
                                                                                        Function 000002B45B03DB60 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastPointer
                                                                                        • String ID:
                                                                                        • API String ID: 2976181284-0
                                                                                        • Opcode ID: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                                        • Instruction ID: b299cbb5285ed947540b7887271d98b776bbf86fab8cb27ba1564e4914e1a8cb
                                                                                        • Opcode Fuzzy Hash: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                                                                        • Instruction Fuzzy Hash: F5118CA2214F8082DA20AF25E8C9259B361F7A5FF4F944311EE794B7EACF78C0518750
                                                                                        Function 00007FF65DAAD750 Relevance: 3.0, APIs: 2, Instructions: 33libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID:
                                                                                        • API String ID: 2574300362-0
                                                                                        • Opcode ID: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                                                        • Instruction ID: f385aaeb217b3f0be95a9a23a8b80893fd53e8c446ababc7d483d044cf5a4a1d
                                                                                        • Opcode Fuzzy Hash: bd71bcfb797b50c55a6df7201416778f22323b2fa91c79af38a8b0c2d0370c92
                                                                                        • Instruction Fuzzy Hash: A701297651CB8589DB608B51F48032BB7B0F789798F141635E6CE92BA8EF3CD1958F04
                                                                                        Function 000002B45B04CB98 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                        • String ID:
                                                                                        • API String ID: 1173176844-0
                                                                                        • Opcode ID: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                                                                        • Instruction ID: 443e5462585161a11139de4b3683cd5ef20f082cfea330df8843ae8aac0fc184
                                                                                        • Opcode Fuzzy Hash: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                                                                        • Instruction Fuzzy Hash: 5CE0EC91615B0547F9383E7218DE2B423444B39B70E981B26DD75052C3AB94C4D583B0
                                                                                        Function 00007FF65DAE5810 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(?,?,00007FF65DAE5929,00007FF65DAEACD6,?,?,?,00007FF65DAEB053,?,?,00000000,00007FF65DAEB9B9,?,?,?,00007FF65DAEB8EB), ref: 00007FF65DAE5826
                                                                                        • GetLastError.KERNEL32(?,?,00007FF65DAE5929,00007FF65DAEACD6,?,?,?,00007FF65DAEB053,?,?,00000000,00007FF65DAEB9B9,?,?,?,00007FF65DAEB8EB), ref: 00007FF65DAE5830
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 485612231-0
                                                                                        • Opcode ID: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                                                        • Instruction ID: 56293b8076c2befbd15badc7a8c851348f82d792b6430dd8cf3e2b0e93b2f24f
                                                                                        • Opcode Fuzzy Hash: d1c0f4e6f877c9d6cfcd8a19c59eeb7a423ced942baaa3383c8ac58c4f15d072
                                                                                        • Instruction Fuzzy Hash: 73E08CB0F0C20342FF086BF2B89507A12629F84B41F8C4034DD0DE22E2FE2CA8859300
                                                                                        Function 000002B45B03B550 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 485612231-0
                                                                                        • Opcode ID: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                                                                        • Instruction ID: 772cb318d08f3d01727d40758f3ca683cc6da5a25f8c19e734c59610d1a4edc0
                                                                                        • Opcode Fuzzy Hash: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                                                                        • Instruction Fuzzy Hash: 19E0E2D0B22F0593FA387FF298DD32933956BB9F45FC44520DA25962A3EF2888944320
                                                                                        Function 000002B45B02D450 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: f9939f10e4e3afd893229be84c0e5982441ea8343fd720606789c516903e13da
                                                                                        • Instruction ID: ec01db49cc944febac6d8199965cbefb84aba19af196f7bb3763ced9740ad669
                                                                                        • Opcode Fuzzy Hash: f9939f10e4e3afd893229be84c0e5982441ea8343fd720606789c516903e13da
                                                                                        • Instruction Fuzzy Hash: 59619CA2200E9086EA35AE16D1D936DB3A1A324FD8F948611DE5D077D6DF79C88AC320
                                                                                        Function 000002B45AFCE150 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_fs_directory_iterator_open
                                                                                        • String ID:
                                                                                        • API String ID: 4007087469-0
                                                                                        • Opcode ID: 2144925f09ea7b6f4cadf475c6b9da65537d4cea81ec615bd04734634f348af7
                                                                                        • Instruction ID: dbc5d5545f2bd5cd5d47511dbf77dd5939db65980cab4fd6763e3914024b8e72
                                                                                        • Opcode Fuzzy Hash: 2144925f09ea7b6f4cadf475c6b9da65537d4cea81ec615bd04734634f348af7
                                                                                        • Instruction Fuzzy Hash: A661B463B44F4087FB30EF66D8E839C33A1E765B98F844612DE29576D6EB34C4998340
                                                                                        Function 000002B45AFEA050 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: f9609803d3e825b54ac25102eb7abc985b7260913e5548cc781afebc749f5d3f
                                                                                        • Instruction ID: 4eb583b0e1b50ac5132a4d39eccc99880402ae00d19d8ee2195f4f0c2d77b38e
                                                                                        • Opcode Fuzzy Hash: f9609803d3e825b54ac25102eb7abc985b7260913e5548cc781afebc749f5d3f
                                                                                        • Instruction Fuzzy Hash: C641C163301E8482EE74FB66E89826A7751B764BE4F948626EF7D077C6CF38C0958310
                                                                                        Function 000002B45AFE5B00 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 6eb7d6ad84328a61a5f81028902d6e822cb982940a9aa980b8ad4f398988815d
                                                                                        • Instruction ID: a3e34c49e16cd2178a3a295c874168f9017874816c4368978c7023e2ab23fae5
                                                                                        • Opcode Fuzzy Hash: 6eb7d6ad84328a61a5f81028902d6e822cb982940a9aa980b8ad4f398988815d
                                                                                        • Instruction Fuzzy Hash: 6041BFA2304F8482EA60AF26E89839D7351B729FD4F944622DFAD0B7D7DF38C4458304
                                                                                        Function 000002B45B00B010 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 9e12385e36486cb58df179bf8176c268858ef5d2040d43e36d1972db119702ff
                                                                                        • Instruction ID: 9099d92b0dd7fa2de521a8c9b869ea99ab89b8e61a603d9b234a7d3907b515ab
                                                                                        • Opcode Fuzzy Hash: 9e12385e36486cb58df179bf8176c268858ef5d2040d43e36d1972db119702ff
                                                                                        • Instruction Fuzzy Hash: 694161B6214F8882DA24EF55E5D83AE73A1E759FD4FD08616DBAD03B96DF38C0408310
                                                                                        Function 000002B45AFE9ED0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 37ea0906b01e05952d2a2c17eb9448a2b55dfb41596f7d6e2e290d65e971a214
                                                                                        • Instruction ID: f7e1bfb0b5154cbdc7b2141a99078c6000484eaf480ca602d25f38a44b410301
                                                                                        • Opcode Fuzzy Hash: 37ea0906b01e05952d2a2c17eb9448a2b55dfb41596f7d6e2e290d65e971a214
                                                                                        • Instruction Fuzzy Hash: A531B163301E8446ED74EB56A88869AB354B764FE4FD04A26AFBD077D6CF39C0498310
                                                                                        Function 000002B45AFE5CB0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 455f16833df3cee76ae30f5063861d7cd2cdd050caad19e1d8857e5a0724da3f
                                                                                        • Instruction ID: 8f9f85dd92b96997a985bb951f390453150be5c0d6803593e260758b252e69fa
                                                                                        • Opcode Fuzzy Hash: 455f16833df3cee76ae30f5063861d7cd2cdd050caad19e1d8857e5a0724da3f
                                                                                        • Instruction Fuzzy Hash: 8F41AEA2305F4486EE70BB16A98C39DB351A328FE4F9446229F7D4BBD7DB78C5458300
                                                                                        Function 000002B45AFE15C0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 725e7b1dce42eeb5c15a5466f027004f63ab61178bae60a4eda76fb116a9ea87
                                                                                        • Instruction ID: 8f026e062869b908a2f61b5ebb8a3e4f3ebf7fc9747a16136b0ca7e8cec6e569
                                                                                        • Opcode Fuzzy Hash: 725e7b1dce42eeb5c15a5466f027004f63ab61178bae60a4eda76fb116a9ea87
                                                                                        • Instruction Fuzzy Hash: E831D1A3301E4486FA75BA5699983AD33919725FE4F980622DA390BBC7DB78C4898344
                                                                                        Function 000002B45B03BA50 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                                                                        • Instruction ID: 5727b79b02f933338a8cc2957b574fa0319ff57b06dc3e9d5fb61128ad9b1604
                                                                                        • Opcode Fuzzy Hash: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                                                                        • Instruction Fuzzy Hash: D341D1B2214F0487EA34BF19E5DD36D73A0E766F88F940205EA96836D7CB68C802C771
                                                                                        Function 000002B45AFE5990 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 2c1d873e7b48c48a7202e499ec2ce75aaf65b47fadd1cdb31bddda3e7c006e5e
                                                                                        • Instruction ID: e3dc89259b67a891057725a5959e2e8eaa50f1a475daad60f59b677bf61e05d2
                                                                                        • Opcode Fuzzy Hash: 2c1d873e7b48c48a7202e499ec2ce75aaf65b47fadd1cdb31bddda3e7c006e5e
                                                                                        • Instruction Fuzzy Hash: 8131A0A2305F8496EE70BF16A9C839D7355A724FD4F9846269E6D0BBC7DB78C0958300
                                                                                        Function 000002B45B020250 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InformationVolume
                                                                                        • String ID:
                                                                                        • API String ID: 2039140958-0
                                                                                        • Opcode ID: 076eddd4a4bb32051c91c1a6983a33c56c444267f15b4631bc17067f3113462f
                                                                                        • Instruction ID: 003dde3843425a9994e3b30bc90e45af7d97be800590b0df1a44ffc88cce096f
                                                                                        • Opcode Fuzzy Hash: 076eddd4a4bb32051c91c1a6983a33c56c444267f15b4631bc17067f3113462f
                                                                                        • Instruction Fuzzy Hash: 38519073A14F808AE721DF64D8C439E7364F799B88F904212EB9C53A9AEF78C585C740
                                                                                        Function 00007FF65DAB7DC0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF65DABB970: _Byte_length.LIBCPMTD ref: 00007FF65DABB9F6
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DAB7ED5
                                                                                          • Part of subcall function 00007FF65DABBA40: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DABBA6A
                                                                                          • Part of subcall function 00007FF65DABBAA0: _Byte_length.LIBCPMTD ref: 00007FF65DABBB26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Byte_lengthConcurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                                        • String ID:
                                                                                        • API String ID: 2675252387-0
                                                                                        • Opcode ID: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                                                        • Instruction ID: c951fbae9fd4428cebe0574b09521da38d9945909168c3b76b0540478909cffb
                                                                                        • Opcode Fuzzy Hash: 8cf2c1331036d997b2d5cbdfd09f9a6dace60c7598b65e1a7ef6aa7a93a04358
                                                                                        • Instruction Fuzzy Hash: 2C512A3261DAC596EA60DB55E4503EBB3A1FBC4784F844132E68D93BA9EF3CD549CB00
                                                                                        Function 00007FF65DAABA90 Relevance: 1.6, APIs: 1, Instructions: 95COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF65DAAC520: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAAC53D
                                                                                          • Part of subcall function 00007FF65DAAC520: _Max_value.LIBCPMTD ref: 00007FF65DAAC562
                                                                                          • Part of subcall function 00007FF65DAAC520: _Min_value.LIBCPMTD ref: 00007FF65DAAC590
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAABB3C
                                                                                          • Part of subcall function 00007FF65DAA4310: std::_Xinvalid_argument.LIBCPMT ref: 00007FF65DAA431B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_valueXinvalid_argumentstd::_
                                                                                        • String ID:
                                                                                        • API String ID: 142707115-0
                                                                                        • Opcode ID: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                                                        • Instruction ID: e957a7df378b44cc467ce3b10301ec5cf755c0aeebcdcb40ac56b4c85d64e4fc
                                                                                        • Opcode Fuzzy Hash: 60dc388cca3665f00380207ba0fc440bb0a5f3e9cb1ca1dbde5340a79cbc7bc9
                                                                                        • Instruction Fuzzy Hash: 6451C43661DB8585DA60DB56F49026BB7A0F7C9B80F141126FACE93B69DF3CD450CB40
                                                                                        Function 000002B45AFDFE50 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000002B45AFDFF58
                                                                                          • Part of subcall function 000002B45AFCB7B0: __std_exception_copy.LIBVCRUNTIME ref: 000002B45AFCB7F8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                                                        • String ID:
                                                                                        • API String ID: 317858897-0
                                                                                        • Opcode ID: f050d2dd9f53cf4eb60f05675c22f827f91ddd450abe77daab4cd8a3ee421a2e
                                                                                        • Instruction ID: 33e8590853916dca5c18cdc0b4ea5d095c03bae8038bdfa64e815315f84bfb4a
                                                                                        • Opcode Fuzzy Hash: f050d2dd9f53cf4eb60f05675c22f827f91ddd450abe77daab4cd8a3ee421a2e
                                                                                        • Instruction Fuzzy Hash: 6021E863601F4062EA26FF15E5843687390A764FA4F644722DE7C47BD3EB78C4D68340
                                                                                        Function 000002B45B03D4D0 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                                                                        • Instruction ID: 6768d7fd44c430e026c9052412e74917c59c09d54fafa7fff192f4118f254130
                                                                                        • Opcode Fuzzy Hash: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                                                                        • Instruction Fuzzy Hash: 2F3158A2614F1087FB61BF6998CE35D7760A764FA8FC10206EA254B3D3DB78C8468731
                                                                                        Function 00007FF65DAAF580 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                                                        • Instruction ID: ab44104c9b943f2db355bd83fe4d21e3c3e330a79c9c4a1997c72e24df827700
                                                                                        • Opcode Fuzzy Hash: 8832b93c38650351119958a3682aaab50e8cbc8b9dc0623d89af5356b64ee8a2
                                                                                        • Instruction Fuzzy Hash: BF312C7262CBC181DA509B92E49036BA7A0FBC57D0F041136FACD93BA9EF6CD0008B40
                                                                                        Function 000002B45B0431A1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                        • String ID:
                                                                                        • API String ID: 3947729631-0
                                                                                        • Opcode ID: 530d5f225501611c07fa3f753d7d8dc80cca454b0254b6cc05cb90d306267795
                                                                                        • Instruction ID: 573cd463694ec4384342c209713b640381f23547b15ed85f980e2e5c78466f3f
                                                                                        • Opcode Fuzzy Hash: 530d5f225501611c07fa3f753d7d8dc80cca454b0254b6cc05cb90d306267795
                                                                                        • Instruction Fuzzy Hash: C0214CB2A01B408AEB24AFA8D5C83AC37A0F764B18F945635D61907AD7EB34C945CB60
                                                                                        Function 000002B45B05C510 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                                                                        • Instruction ID: b7a214b7e8728e30ca1252d3b0e7458e1aba8ef083358d9b39d2df2a9f1ac9c1
                                                                                        • Opcode Fuzzy Hash: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                                                                        • Instruction Fuzzy Hash: 111193A1605E4083EA70BF51D4C877DB3A0F7A6F90FC48511EA884BAC7CB39C8418B60
                                                                                        Function 000002B45B05E208 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                                                                        • Instruction ID: 64aa498a8f85b4ed42ec73045912fa7ee0dc5df8219d44bc82bb3c9778c5cf21
                                                                                        • Opcode Fuzzy Hash: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                                                                        • Instruction Fuzzy Hash: 1721A8B2214E4487E771AF18D4C436977A1F7A9F54FA48324E79947ADBDB39C804CB10
                                                                                        Function 00007FF65DABBBF0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DABBC1C
                                                                                          • Part of subcall function 00007FF65DABF7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DABF846
                                                                                          • Part of subcall function 00007FF65DABF7D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DABF855
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Concurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 2595383736-0
                                                                                        • Opcode ID: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                                                        • Instruction ID: 65cdd596d9632659404309422496b52ce043c026517e704ede335ab79d25018e
                                                                                        • Opcode Fuzzy Hash: d187d2a0eb802e6f176a8c328b985804572825bb7962f1620d6111e602d056cd
                                                                                        • Instruction Fuzzy Hash: 2E21E53651CF8981EA10DB55F48025BB7A0F7C9B84F541126EA8D93BA9EF3CD551CB40
                                                                                        Function 00007FF65DAAE170 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                                                        • Instruction ID: 0e1903a1202d6e2f4ab5dafcc6b9cf75d71b6ecaa034df940ccda60f521837fa
                                                                                        • Opcode Fuzzy Hash: 292d0802afc3662b8a44df9434c69ee7ab1bc2423aa3cf29da608adeab93335d
                                                                                        • Instruction Fuzzy Hash: 4F21213261CAC181DAB0DB51E4513AF67A0FB94384F585635F6CED3ADAEF2CD6488B00
                                                                                        Function 00007FF65DAB8750 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAB875E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 1865873047-0
                                                                                        • Opcode ID: f8c7e8331dde7540c220ec2cf53b80f18e0f368c2e7c04878d69dbed098d0d54
                                                                                        • Instruction ID: e0ec0d395d769666c9864387cc7cc0907d5c3ccdf313c1fa378cb1c7c6d8f8e1
                                                                                        • Opcode Fuzzy Hash: f8c7e8331dde7540c220ec2cf53b80f18e0f368c2e7c04878d69dbed098d0d54
                                                                                        • Instruction Fuzzy Hash: BC117236619F8882DB619B5AE48031EB7A1F7C9B84F545122EBCD53BA9DF3CC5508B00
                                                                                        Function 00007FF65DABBAA0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF65DABBB70: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DABBB7E
                                                                                        • _Byte_length.LIBCPMTD ref: 00007FF65DABBB26
                                                                                          • Part of subcall function 00007FF65DABBBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DABBC1C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Byte_lengthConcurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 3730899627-0
                                                                                        • Opcode ID: a4279381825b097a51bbb40bb4fa2ec5ae5536782bc70fef3494edae06f6c104
                                                                                        • Instruction ID: 1ada7df26ac9bcf7323a7242fa55a2422ed65cee480c07979b808f6ee3902354
                                                                                        • Opcode Fuzzy Hash: a4279381825b097a51bbb40bb4fa2ec5ae5536782bc70fef3494edae06f6c104
                                                                                        • Instruction Fuzzy Hash: 9011063251CA8582EA50DB65F49119BB7A0FBC5780F944122FBCD93BAAEF3CC5558F40
                                                                                        Function 00007FF65DABB970 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Byte_length.LIBCPMTD ref: 00007FF65DABB9F6
                                                                                          • Part of subcall function 00007FF65DABBBF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DABBC1C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Byte_lengthConcurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 2180140624-0
                                                                                        • Opcode ID: 4c1b483ce9ae656858f0bbe009e6f38eed582fb41a9c014dc9f6aa9f7ebd549b
                                                                                        • Instruction ID: 18179249ba2746e94ce768aefc8f1f231464af9fe48210fda8e7a744f40654c0
                                                                                        • Opcode Fuzzy Hash: 4c1b483ce9ae656858f0bbe009e6f38eed582fb41a9c014dc9f6aa9f7ebd549b
                                                                                        • Instruction Fuzzy Hash: 0711E33252CA8582DA50DB65F49119BB7A0FBC5780F944122FACD93BA9EF3CC1558F40
                                                                                        Function 00007FF65DAA7E40 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAA7E74
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                                        • String ID:
                                                                                        • API String ID: 1865873047-0
                                                                                        • Opcode ID: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                                                        • Instruction ID: 1b49c8b0b8a57e537da39da087bd77e509266e261ee3cdb73a412222f1acbd13
                                                                                        • Opcode Fuzzy Hash: 30fd8099ffd4be0d4f69dd9a583985dde0d8b0850e5991a20b1c7c05a0df383f
                                                                                        • Instruction Fuzzy Hash: F111303660CB4181DA20DB55E04036FA7A0FBC8BD4F480236EA8D97BA5DF7CC5408B40
                                                                                        Function 00007FF65DAAF6A0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: type_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 3713626258-0
                                                                                        • Opcode ID: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                                                        • Instruction ID: 17fa20d4f650bd7091013af0b58dd41643f16cd8353992f8068264d224a7f12b
                                                                                        • Opcode Fuzzy Hash: 76e54cbdeb55244470ca4b8c1149c975881fede5f5229d85922bdbd701fbbbd6
                                                                                        • Instruction Fuzzy Hash: 1101097662CB8681DA409B56F45026BB3A1FB94BC0F046531FACE97B9AEF3CD4108B40
                                                                                        Function 000002B45B01ADC0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: send
                                                                                        • String ID:
                                                                                        • API String ID: 2809346765-0
                                                                                        • Opcode ID: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                                        • Instruction ID: 63af64b95f8354db1188fb8acc2bcf24d36967ed0b76ebf4bd9d13a4df5cfae1
                                                                                        • Opcode Fuzzy Hash: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                                                                        • Instruction Fuzzy Hash: E701D665715F9486DB64DF1AF9C4219B3A0F798FD4F885131EF5E43B4ADB28C8518700
                                                                                        Function 00007FF65DAACD80 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo_noreturn
                                                                                        • String ID:
                                                                                        • API String ID: 3668304517-0
                                                                                        • Opcode ID: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                                                        • Instruction ID: c5b1ece00b9deacfdede26ad4e2d92f70b4791e06237714886f741f84929bf55
                                                                                        • Opcode Fuzzy Hash: 5b003b8cca513f1d9bd291702dbd346b7f7ce6d2eb4d71e1a0a6965b61c62195
                                                                                        • Instruction Fuzzy Hash: CF01527661DF4681FA609B69E44031BA790FB88794F080331F69DD2BD5EF2CC1108704
                                                                                        Function 00007FF65DABC9F0 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DABCA33
                                                                                          • Part of subcall function 00007FF65DAAA910: allocator.LIBCONCRTD ref: 00007FF65DAAA92B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
                                                                                        • String ID:
                                                                                        • API String ID: 1755220593-0
                                                                                        • Opcode ID: 0be8727490954b9d9608c68c0c3e94e3c05ef35cc3da3c80f663008593293bb7
                                                                                        • Instruction ID: 4b40e2a2a55a1c35c50bf96bc857f2e34d634e6e64944b1433e0209c7e76c58f
                                                                                        • Opcode Fuzzy Hash: 0be8727490954b9d9608c68c0c3e94e3c05ef35cc3da3c80f663008593293bb7
                                                                                        • Instruction Fuzzy Hash: D8016036619F8482CA60DB4AF89011EB7A5F7C9B94F504225FACD83B29DF3CD5608B00
                                                                                        Function 000002B45AFD58F3 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileFindNext
                                                                                        • String ID:
                                                                                        • API String ID: 2029273394-0
                                                                                        • Opcode ID: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                                        • Instruction ID: 7cb7860f7884ad77fa6cfa782a466609da57f5fa957c8177a3a75ae0d9bdedaf
                                                                                        • Opcode Fuzzy Hash: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                                                                        • Instruction Fuzzy Hash: F3012126218E8081EA71DB52F89439A7360F798B94F804023CE9D43B59DF38C4868B00
                                                                                        Function 000002B45B02ED2C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                                                                        • Instruction ID: 7381d8167b5021d2184cf4ec7a09e82dcca829297810e12b6853b4e342fe3d56
                                                                                        • Opcode Fuzzy Hash: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                                                                        • Instruction Fuzzy Hash: 8DE0EDB1215E4182EB313EA4E1C926CB2649B20FB0FD44721EA38062C7CB2484544320
                                                                                        Function 00007FF65DABBA40 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DABBA6A
                                                                                          • Part of subcall function 00007FF65DAB7FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DAB80EF
                                                                                          • Part of subcall function 00007FF65DAB7FD0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF65DAB8197
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                                                        • String ID:
                                                                                        • API String ID: 2443641946-0
                                                                                        • Opcode ID: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                                                        • Instruction ID: c4282fc447f7a817080c12eab2803e1128d5117da5cc370b813f08e93633c295
                                                                                        • Opcode Fuzzy Hash: a00cf0b1ec4db13d273557ccddcb421bc2b4e8bce47aca48317bcbe3f147d040
                                                                                        • Instruction Fuzzy Hash: A1F0D47251CB8486D660DB55E44111FB7A0F7C8794F001225FACD93B69DF7CC1118F44
                                                                                        Function 00007FF65DAF5554 Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                        • String ID:
                                                                                        • API String ID: 680105476-0
                                                                                        • Opcode ID: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                                                        • Instruction ID: ba3c96b7d235443a4e158041e1d04ab880a806c066c944591b94f815a9d651aa
                                                                                        • Opcode Fuzzy Hash: eab2c86477353e2fdf37daf347e1d7af9a32534bc8376d8c7edc6a9f128f6aaa
                                                                                        • Instruction Fuzzy Hash: EFE0EC64E0E10B06F92871E5E55527B01554F4C775E1C1BB0DA3EE92C7BD2CE4518750
                                                                                        Function 00007FF65DAAA910 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: allocator
                                                                                        • String ID:
                                                                                        • API String ID: 3447690668-0
                                                                                        • Opcode ID: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                                                        • Instruction ID: 7412210b05be38f340f060614203fa1588c7ca427c491e68fe72048ba629956a
                                                                                        • Opcode Fuzzy Hash: 69c9719d4dd52abe98a264028dc470e26ea7d52536d19f2f10ff87e1f9baad59
                                                                                        • Instruction Fuzzy Hash: 45C0127AA29F85C1DA04EB12F48100E7760F7C8BC0F849421FA8E53729DF3CC0508B00
                                                                                        Function 000002B45B0597D0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileFindNext
                                                                                        • String ID:
                                                                                        • API String ID: 2029273394-0
                                                                                        • Opcode ID: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                                        • Instruction ID: d3909a6f7473fb26ba17ba61e4194c6e9faed257e702729be9c5f7510ab7a166
                                                                                        • Opcode Fuzzy Hash: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                                                                        • Instruction Fuzzy Hash: F3C04C55F25D05C3EA743F725CCA2066394B776B00FC08061C60480161DB2C81D64B21
                                                                                        Function 000002B45B05B3C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: InfoNativeSystem
                                                                                        • String ID:
                                                                                        • API String ID: 1721193555-0
                                                                                        • Opcode ID: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                                        • Instruction ID: 50236484a74d86e247f9433f6490e9b191fb1e41e495d16555e94deb600eace4
                                                                                        • Opcode Fuzzy Hash: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                                                                        • Instruction Fuzzy Hash: 19B09266A14CC0C3C621FF04E88A00AB331F7A5B0CFE00000E68D42625CF2CDA2A8F00
                                                                                        Function 00007FF65DAE64BC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • HeapAlloc.KERNEL32(?,?,00000028,00007FF65DAF5573,?,?,?,00007FF65DAA10A8), ref: 00007FF65DAE64FA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                                                        • Instruction ID: b27495c76e1a6f0b5cbcb7fd140a993157ceede4120b12dac8756f44d6586a4e
                                                                                        • Opcode Fuzzy Hash: 31f5e82480b86c694179d874989cf1b3d096565e770f3be7cb9178f83f4d8f72
                                                                                        • Instruction Fuzzy Hash: C9F0F8A1F1D24745FAA45AE2EA1167B1190DF887B4F0C5F34D92EEA6C6FE2CE441C260
                                                                                        Function 000002B45B03DEDC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                                                                        • Instruction ID: 01748fda1233d7109772fabe201f4693b5217de915ef42afa614d5288abc362e
                                                                                        • Opcode Fuzzy Hash: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                                                                        • Instruction Fuzzy Hash: 9BF0F895315B459BFA747FB158CE36973A05B64FA0F895B24DD2A862C3DB29C4428330
                                                                                        Function 00007FF65DAA26C0 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                                                        • Instruction ID: 2cd59807b1326af8b35217ee7bb258e05b35bfdb9201b68ba8fd0359a75eae63
                                                                                        • Opcode Fuzzy Hash: bb55d3c25760e0320b4c92f21841f287c01ac31988aa5e77e6438427710fe636
                                                                                        • Instruction Fuzzy Hash: FAE0E576A1CB8586D7208B15F44031BBBB0F799784F204625EACC92B68EF7DC6A48F40

                                                                                        Non-executed Functions

                                                                                        Function 000002B45AFEC820 Relevance: 29.3, APIs: 2, Strings: 14, Instructions: 1339COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000002B45AFEDEA1
                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 000002B45AFEDF4F
                                                                                          • Part of subcall function 000002B45AFCB930: __std_exception_copy.LIBVCRUNTIME ref: 000002B45AFCB973
                                                                                          • Part of subcall function 000002B45B04F198: RtlPcToFileHeader.KERNEL32 ref: 000002B45B04F1E8
                                                                                          • Part of subcall function 000002B45B04F198: RaiseException.KERNEL32 ref: 000002B45B04F229
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
                                                                                        • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                                        • API String ID: 145623376-3561477107
                                                                                        • Opcode ID: 7b48c90d8c43a7aec6eacfb7e85ddc8044e99ba8f5cfae321a50a31fd03d40e1
                                                                                        • Instruction ID: a0e6a380647ccc84d593f5562a392c188fe907ed2b3b9cd0aa778cb1cba7e58c
                                                                                        • Opcode Fuzzy Hash: 7b48c90d8c43a7aec6eacfb7e85ddc8044e99ba8f5cfae321a50a31fd03d40e1
                                                                                        • Instruction Fuzzy Hash: E6D26E62211EC48AEBB1AF25DCD83DC7361F765B98F844112DA6D0BB9ADF74C689C310
                                                                                        Function 00007FF65DAEFF2C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                        • API String ID: 808467561-2761157908
                                                                                        • Opcode ID: f599b05029d98f237293d086c6c8cbc83094781c7e8eddfec9504f7173d138ad
                                                                                        • Instruction ID: d11ed54f7f44f29dffccd25e1ac46e0bed348710c9e27e2260cbc79034cfe7a5
                                                                                        • Opcode Fuzzy Hash: f599b05029d98f237293d086c6c8cbc83094781c7e8eddfec9504f7173d138ad
                                                                                        • Instruction Fuzzy Hash: 5CB2B076A1C2838BE7648EA4D5407FE77A1FB54388F485175DA0DA7AC4EF38A980CB44
                                                                                        Function 000002B45B024740 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                                                                        • String ID: 0
                                                                                        • API String ID: 3636535045-4108050209
                                                                                        • Opcode ID: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                                        • Instruction ID: 68ecfd3b85505abf4caf09abc17c7cc9dda551a7a7fe355586482a1236718b52
                                                                                        • Opcode Fuzzy Hash: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                                                                        • Instruction Fuzzy Hash: D1B2963662AFC48AD7908F69E88165EB7B5F788B88F106215FECD57B18EB38C154C740
                                                                                        Function 00007FF65DAD2B97 Relevance: 12.0, Strings: 9, Instructions: 793COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                        • API String ID: 0-2665694366
                                                                                        • Opcode ID: 8dab440fc9059f63e4ec5b970c608ca424db9a839ae67d8aedf904f713204985
                                                                                        • Instruction ID: 8971007fc597b51f9ec7e17ddecb7c58f5c1dc3927c4b0fb2c1dc6e98fdf051d
                                                                                        • Opcode Fuzzy Hash: 8dab440fc9059f63e4ec5b970c608ca424db9a839ae67d8aedf904f713204985
                                                                                        • Instruction Fuzzy Hash: 0A62D672A086A58BE7A49F55D598B7F37A9FB84340F194139EA4A937C0EF3CD844CB40
                                                                                        Function 00007FF65DAECE44 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                        • String ID: utf8
                                                                                        • API String ID: 3069159798-905460609
                                                                                        • Opcode ID: f952dde8d3cd7788e963193f5ea5aa1e92811ebc708004aabb464cf43692a041
                                                                                        • Instruction ID: adec365ec391a482dd494f217f625b20c9aceccbec9f11326c9bef5853f05f73
                                                                                        • Opcode Fuzzy Hash: f952dde8d3cd7788e963193f5ea5aa1e92811ebc708004aabb464cf43692a041
                                                                                        • Instruction Fuzzy Hash: A4916936A0D78385EB649BA1D4512BA63A4EB84B80F4C8131DA5DE7BC5FF3CE652C341
                                                                                        Function 00007FF65DAED88C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                        • String ID:
                                                                                        • API String ID: 2591520935-0
                                                                                        • Opcode ID: c4ae29048c0868d5221bcf0fbd91c5e5467cd0d186a5bb531500621032177dec
                                                                                        • Instruction ID: eee058a792879c7baa6a39cade7e605fbea87e2a5f0e0a11428777362954ef09
                                                                                        • Opcode Fuzzy Hash: c4ae29048c0868d5221bcf0fbd91c5e5467cd0d186a5bb531500621032177dec
                                                                                        • Instruction Fuzzy Hash: CE714472B1C6838AEF509BA1D8506BA23A0EB49B84F484535CA1DA7BD5FE3CE945C350
                                                                                        Function 000002B45B004710 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy
                                                                                        • String ID: value
                                                                                        • API String ID: 2453523683-494360628
                                                                                        • Opcode ID: c4b045dfa08e55375005722c7c7c9c41e3914718ed03b793bcc59194146a9fc8
                                                                                        • Instruction ID: 96b95737d23a63fe07c906d3f2dd9ee9308fecc8c1bd09f58cd9e3255eb15549
                                                                                        • Opcode Fuzzy Hash: c4b045dfa08e55375005722c7c7c9c41e3914718ed03b793bcc59194146a9fc8
                                                                                        • Instruction Fuzzy Hash: A40291A2614FC486EB60EF74D4C839D7761E7A5BA8F905206FA9D03ADBDF68C185C310
                                                                                        Function 00007FF65DAE1E68 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1239891234-0
                                                                                        • Opcode ID: ce7e3796c7a5bb2387eca005e84a3121ab51e1fc44c73afe5079a6031630cece
                                                                                        • Instruction ID: 88335a506c8cbbda9e7a185aada0ef94b92fb62307c4f44b110ac0417974f62c
                                                                                        • Opcode Fuzzy Hash: ce7e3796c7a5bb2387eca005e84a3121ab51e1fc44c73afe5079a6031630cece
                                                                                        • Instruction Fuzzy Hash: 8931A43661CB8285DB60CF65E8402AE73A1FB89794F580136EA9D97B94FF3CD545CB00
                                                                                        Function 00007FF65DAC30B0 Relevance: 7.0, Strings: 5, Instructions: 719COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0$0$d$d$d
                                                                                        • API String ID: 0-911316061
                                                                                        • Opcode ID: be84b10c0d2d45635747b94c10be12c5baf49aa36d94cf40a0aca8293bbb7e80
                                                                                        • Instruction ID: 278fff7eca451235277bd603b1f2ee0a55e909a47e57c7dcab3bf75ca9319ef0
                                                                                        • Opcode Fuzzy Hash: be84b10c0d2d45635747b94c10be12c5baf49aa36d94cf40a0aca8293bbb7e80
                                                                                        • Instruction Fuzzy Hash: D272057261C6818AE764CF59E4807ABB7A1E7C9754F144126EB8ED3BA8EF3DD4418F00
                                                                                        Function 000002B45B02B68A Relevance: 5.6, Strings: 4, Instructions: 563COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __std_exception_destroy
                                                                                        • String ID: array$object$object key$object separator
                                                                                        • API String ID: 2453523683-2277530871
                                                                                        • Opcode ID: 9c7edec81dc448aff70d24d02dc47a3d94d478b34c0c2cec5b208f141bd3f369
                                                                                        • Instruction ID: 66d52867cedb64bf1cf6758f69be6d5b2d975fac8cb60c20a8e1b8190cc372f5
                                                                                        • Opcode Fuzzy Hash: 9c7edec81dc448aff70d24d02dc47a3d94d478b34c0c2cec5b208f141bd3f369
                                                                                        • Instruction Fuzzy Hash: 2A32C4A2624E8497EB21FF34C4D93ED7321F7A5B88FC01612EA494769BEF64C248C350
                                                                                        Function 00007FF65DAD22E8 Relevance: 5.5, Strings: 4, Instructions: 453COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                                                        • API String ID: 0-4074041902
                                                                                        • Opcode ID: 5fd275a1f547e5e5e246a265f17631c6e5570a77d34065937c2ebc4c447087f8
                                                                                        • Instruction ID: 78de810c26844e333d65ecb89396b208cf121d2356ca0462426b7f05bdd91923
                                                                                        • Opcode Fuzzy Hash: 5fd275a1f547e5e5e246a265f17631c6e5570a77d34065937c2ebc4c447087f8
                                                                                        • Instruction Fuzzy Hash: 44126E72A1C3958AE7A5AF59C098A3B3AA9FF44744F194538DE49A63D0EF38E940C740
                                                                                        Function 000002B45B059480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FormatInfoLocaleMessage
                                                                                        • String ID: !x-sys-default-locale
                                                                                        • API String ID: 4235545615-2729719199
                                                                                        • Opcode ID: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                                                                        • Instruction ID: bba02fc889fbac240660346eb714bb79d1334a1d76bd44eff3f6f6c4317b608d
                                                                                        • Opcode Fuzzy Hash: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                                                                        • Instruction Fuzzy Hash: B30180B2704B8083EB319F12B4D8B9AB7A2F3A6B84F948015DA4547FD6CB3CC944CB10
                                                                                        Function 00007FF65DAEFA90 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcpy_s
                                                                                        • String ID:
                                                                                        • API String ID: 1502251526-0
                                                                                        • Opcode ID: 57a8bb62846f71c15516153ffb7b4828fa003a6834a4406426bc392e6d140f03
                                                                                        • Instruction ID: c3715763196ab10f4bc035f2d9c35aa5d3e38f03309fb2794fdf9881a64f5fb2
                                                                                        • Opcode Fuzzy Hash: 57a8bb62846f71c15516153ffb7b4828fa003a6834a4406426bc392e6d140f03
                                                                                        • Instruction Fuzzy Hash: C8C1D272B1D68687EB248F59E08466AB791F784B84F588135DB4E93784EF3DE901CB40
                                                                                        Function 00007FF65DAED308 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1791019856-0
                                                                                        • Opcode ID: ffb303f14084d201689acfaa42d903f902045a7f0c7723b67fadfb05f0f86b60
                                                                                        • Instruction ID: 2a3d53b39be356d4c31bd5d87a632e6144b9e5379b20d5ae0d5f3ee96e859562
                                                                                        • Opcode Fuzzy Hash: ffb303f14084d201689acfaa42d903f902045a7f0c7723b67fadfb05f0f86b60
                                                                                        • Instruction Fuzzy Hash: 36617A72A0C6838AEB349F51E59026A73A1EB94744F488235CB9EE77D1EE7CE451C740
                                                                                        Function 000002B45B0106A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 2OWqJZldB3s=$port$rXwr2/Mp0kvTmn+hdCWeFmDWltFpcKXkn/UOvH+3cNE=
                                                                                        • API String ID: 0-1454942929
                                                                                        • Opcode ID: a613ea9b7b2d786af87ad58c0f77c7aa6e012e41e5b18d5c1fc65e3f58f575f4
                                                                                        • Instruction ID: 59d3ffc0f1b7145bffce24f18c5752d6b7658874f2a96aaca22537ec6e04a15d
                                                                                        • Opcode Fuzzy Hash: a613ea9b7b2d786af87ad58c0f77c7aa6e012e41e5b18d5c1fc65e3f58f575f4
                                                                                        • Instruction Fuzzy Hash: 2A726FA2629FC486D670DF25E88439EB3A4F7A9784F505216EBDD13B5AEF38C145CB00
                                                                                        Function 00007FF65DAC27B0 Relevance: 4.2, Strings: 3, Instructions: 488COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0$0$d
                                                                                        • API String ID: 0-3608139397
                                                                                        • Opcode ID: 5c76ddb99ef15a809886bb458ee614dacd124281dc7315fd32f47024dea49008
                                                                                        • Instruction ID: f9cc7d4262425a1473f1ba14e48d6df463555d68cda8c89ae9d2e3bd98f1ea60
                                                                                        • Opcode Fuzzy Hash: 5c76ddb99ef15a809886bb458ee614dacd124281dc7315fd32f47024dea49008
                                                                                        • Instruction Fuzzy Hash: F932E57261D6818AE760CB59E0807AAB7A1F7C9754F144126FA8AD3BA8EF7CD445CF00
                                                                                        Function 00007FF65DAD8C30 Relevance: 4.2, Strings: 3, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                        • API String ID: 0-3255898291
                                                                                        • Opcode ID: e5486bf6340005e40ec32ce1de8edf0dcb03f50dc41d0fbeeae64139bd64bd70
                                                                                        • Instruction ID: 5f51373bd7f8240769ee30afcbee11bfb6cb27e404d02c60485940403357a599
                                                                                        • Opcode Fuzzy Hash: e5486bf6340005e40ec32ce1de8edf0dcb03f50dc41d0fbeeae64139bd64bd70
                                                                                        • Instruction Fuzzy Hash: C5F1F772A0C69587DB589F65D45867E7BA2E785784F188139EE8E637C8EE3CD804CB00
                                                                                        Function 00007FF65DADA140 Relevance: 4.2, Strings: 3, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                        • API String ID: 0-3255898291
                                                                                        • Opcode ID: 7a605b2cea8ad5d7cbca8e7681ee519b81b1658c2b26500f27ae4b4ec54e850d
                                                                                        • Instruction ID: 71cd8a53ae4b6ce68018876be5d910a079f3eaf5613d0270730d5971053fb7e0
                                                                                        • Opcode Fuzzy Hash: 7a605b2cea8ad5d7cbca8e7681ee519b81b1658c2b26500f27ae4b4ec54e850d
                                                                                        • Instruction Fuzzy Hash: F7F10472A0C69587DB58DBA5D05867E7BA2E795784F188139EE8E537CCEE3CD804CB00
                                                                                        Function 00007FF65DADCA20 Relevance: 4.0, Strings: 3, Instructions: 252COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $0$@
                                                                                        • API String ID: 0-2347541974
                                                                                        • Opcode ID: eeca5f65d7def711a2938bc2b9d1f084d0224f6aa778e8f803134c364f27b88c
                                                                                        • Instruction ID: 0a9b7ebf4c47764ab05ed7dee63a3bd2109b7f7f44d01f183a73861bfa2e5103
                                                                                        • Opcode Fuzzy Hash: eeca5f65d7def711a2938bc2b9d1f084d0224f6aa778e8f803134c364f27b88c
                                                                                        • Instruction Fuzzy Hash: 3FB1A6A7D28FC641F613873954439B5B311AFFF3D0A24A317FEE4B1652AB68A7818314
                                                                                        Function 000002B45B03E6F8 Relevance: 3.9, Strings: 3, Instructions: 144COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: -$e+000$gfff
                                                                                        • API String ID: 0-2620144452
                                                                                        • Opcode ID: 98053ffb1976fa170abe9b1bb0e1772ad042855cb6c6921980abe163712f36bc
                                                                                        • Instruction ID: 0c4dc4bd170f15a480d614930c465d07950b886733f151e9bb8b6b13a5b4e3ea
                                                                                        • Opcode Fuzzy Hash: 98053ffb1976fa170abe9b1bb0e1772ad042855cb6c6921980abe163712f36bc
                                                                                        • Instruction Fuzzy Hash: 115137A6B14BC487E7359F3598CC759BB91E364F94F88C321CBA84BAC6CB39C4458720
                                                                                        Function 000002B45AFE86D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID: vector<bool> too long
                                                                                        • API String ID: 118556049-842332957
                                                                                        • Opcode ID: 8742353623aa0bcf476d5af90a4760bc0d399eca5e91d255b6d5021fc072ca1c
                                                                                        • Instruction ID: ded9270ee7f41df123c34463f5eee8de3f922f4944c3530c699106ac156e3925
                                                                                        • Opcode Fuzzy Hash: 8742353623aa0bcf476d5af90a4760bc0d399eca5e91d255b6d5021fc072ca1c
                                                                                        • Instruction Fuzzy Hash: 9CC1B463A14F8086EB60EF61E8843AD7760F3A9B98F505316EE6C13B9ADF34C595C740
                                                                                        Function 00007FF65DAE91E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale
                                                                                        • String ID: GetLocaleInfoEx
                                                                                        • API String ID: 2299586839-2904428671
                                                                                        • Opcode ID: 9b4a3f26f7b91ef26a560136e31b55ba1280cb57d4f7cd41046f5acf592c097e
                                                                                        • Instruction ID: 2bd85a38473b23c30a2a16f4891a11dd269941d24c69ee6408bb76c66f0b786d
                                                                                        • Opcode Fuzzy Hash: 9b4a3f26f7b91ef26a560136e31b55ba1280cb57d4f7cd41046f5acf592c097e
                                                                                        • Instruction Fuzzy Hash: 2B018F61B0CB8296EB449B96F5004A6A6A1EF8ABC0F5C4035DE4DA3B95EE3CD541C380
                                                                                        Function 000002B45B016760 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExecuteFileModuleNameShell
                                                                                        • String ID:
                                                                                        • API String ID: 1703432166-0
                                                                                        • Opcode ID: 86a9b4c2f3dc006e725f547b657f6a5f358a7ccb74e6179ca8ceb939b538a3ee
                                                                                        • Instruction ID: fabd13657d9cb067baf9f916e73c6497f49e732775cb2f665748c45492f0593f
                                                                                        • Opcode Fuzzy Hash: 86a9b4c2f3dc006e725f547b657f6a5f358a7ccb74e6179ca8ceb939b538a3ee
                                                                                        • Instruction Fuzzy Hash: 84122A72625FC48AEB50CF29E88469EB3A4F398B98F506215FEDD57B59EB38C150C700
                                                                                        Function 00007FF65DAE8758 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                        • String ID:
                                                                                        • API String ID: 15204871-0
                                                                                        • Opcode ID: a1839167aa180c42619ad643ddb8024cdd347c0831b0529f6c74a26638d682ba
                                                                                        • Instruction ID: 4ffbbba684014d12ce0b287f50f85858741998d725f007f66170a6aac050b947
                                                                                        • Opcode Fuzzy Hash: a1839167aa180c42619ad643ddb8024cdd347c0831b0529f6c74a26638d682ba
                                                                                        • Instruction Fuzzy Hash: 8CB16B73A08B8A8BEB15CF39C84636D3BA0F784B88F198921DA5D937A4DF39D451C701
                                                                                        Function 000002B45B03F7F4 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                        • String ID:
                                                                                        • API String ID: 15204871-0
                                                                                        • Opcode ID: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                                        • Instruction ID: d7376968360aabfcd94cffd449941e796f78a5b5999e29440f54445773b45826
                                                                                        • Opcode Fuzzy Hash: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                                                                        • Instruction Fuzzy Hash: E4B13AB3600F888BE729DF29C4CA3587BA0F354F48F558916DA99877A5CB39C451C710
                                                                                        Function 000002B45B04A438 Relevance: 3.2, APIs: 2, Instructions: 208COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorHeapLast_invalid_parameter_noinfo$AllocFree
                                                                                        • String ID:
                                                                                        • API String ID: 749460637-0
                                                                                        • Opcode ID: e4bbda4b5f8ad799fda78e60f613521156d14bb6a0c8542167753a01ce82eeb7
                                                                                        • Instruction ID: e3fbd2d1cb355ed6b9fe6c3a935d3c03b1f4687056689d292a727d3c078bb7b1
                                                                                        • Opcode Fuzzy Hash: e4bbda4b5f8ad799fda78e60f613521156d14bb6a0c8542167753a01ce82eeb7
                                                                                        • Instruction Fuzzy Hash: CF6128A2305B5143E731BF26A5C87AEB390BBA5FD0F849525EE4947B87EF38C4418720
                                                                                        Function 000002B45B020500 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DevicesDisplayEnum
                                                                                        • String ID:
                                                                                        • API String ID: 2211661463-0
                                                                                        • Opcode ID: 17dc533e7d739a7fa06aa4037ed2d653a9175fe6e40edbdbea4559ce57c4810f
                                                                                        • Instruction ID: f05cba6c474ef0e19e135668cc6ba7decc45d1b0f79b1cb2cb7c90746a9bb32e
                                                                                        • Opcode Fuzzy Hash: 17dc533e7d739a7fa06aa4037ed2d653a9175fe6e40edbdbea4559ce57c4810f
                                                                                        • Instruction Fuzzy Hash: 4381E972614F8486E720DF21E88839EB7A4F398B98F505215EEDD17B99DF78C185C700
                                                                                        Function 00007FF65DAE6CD8 Relevance: 2.6, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: e+000$gfff
                                                                                        • API String ID: 0-3030954782
                                                                                        • Opcode ID: eae3eaedb716b390790cfcc6eb53f328968db58e854ae428f084f307bb2cca52
                                                                                        • Instruction ID: d3ac159259fcdd1d39e6a3e39a8610c9dd411b35541ea545bdb87d31ae14e078
                                                                                        • Opcode Fuzzy Hash: eae3eaedb716b390790cfcc6eb53f328968db58e854ae428f084f307bb2cca52
                                                                                        • Instruction Fuzzy Hash: 4C517773B1C6C646E7248E75D84076AAB91E784B90F4C8A31CBAC8BAC5EF3DE404C700
                                                                                        Function 000002B45AFF55B0 Relevance: 2.0, APIs: 1, Instructions: 455COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: f6da971f6ce2eaabb4101dd2515169c3aea2e8e18f56106eab667444c54b2b22
                                                                                        • Instruction ID: afde3bb357f57aa09c8c80a3e6150fa3e0347cabfa963643a70039e48e23e47b
                                                                                        • Opcode Fuzzy Hash: f6da971f6ce2eaabb4101dd2515169c3aea2e8e18f56106eab667444c54b2b22
                                                                                        • Instruction Fuzzy Hash: CE028D63711F8486EB20EFA1E88839D73A1E358B98F948516DFAD1779ADF34C499C340
                                                                                        Function 00007FF65DAE9CD8 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Info
                                                                                        • String ID:
                                                                                        • API String ID: 1807457897-0
                                                                                        • Opcode ID: f303fb9edb89c9981dcaa8221041ff2017a834cce71cc05f93e29e86dd0c05cc
                                                                                        • Instruction ID: 43c5471e085ee1afb8e90454f385e6b4c41ea3ade7d85e45010701c4c57b8898
                                                                                        • Opcode Fuzzy Hash: f303fb9edb89c9981dcaa8221041ff2017a834cce71cc05f93e29e86dd0c05cc
                                                                                        • Instruction Fuzzy Hash: AA128A32E0CBC286E751CF68D5452FA73A4FB58748F499235EB9D92696EF39E184C300
                                                                                        Function 00007FF65DAEA448 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f25a4eb04e97a1cbd05bf3468fe75687d39b44580424cbd94dd95bbadaa425fa
                                                                                        • Instruction ID: 9510ccf7b7204220aa24a8098c2f04cdd4e322aed239b4222dd5a4761ac8d416
                                                                                        • Opcode Fuzzy Hash: f25a4eb04e97a1cbd05bf3468fe75687d39b44580424cbd94dd95bbadaa425fa
                                                                                        • Instruction Fuzzy Hash: 86E13F36A09B8296E720DBA1E4402EE77A4F754788F444635DF8EA3B96FF38D645C340
                                                                                        Function 000002B45B0454E8 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a1d4f562fad0ae8194edac45898e7cb718dfe290c275f32723fdee9f334670f5
                                                                                        • Instruction ID: d5f7f41e76167e464586ac4663839125cbee45fbb008b12bb9f4edafc9c64b0b
                                                                                        • Opcode Fuzzy Hash: a1d4f562fad0ae8194edac45898e7cb718dfe290c275f32723fdee9f334670f5
                                                                                        • Instruction Fuzzy Hash: 3FE13C72604F8486EB20EB61E4C56EE77A4F7A5B88F804626DF8D53B57EF78C2458310
                                                                                        Function 000002B45B00C600 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                        • String ID:
                                                                                        • API String ID: 118556049-0
                                                                                        • Opcode ID: 257beddd28bebc82d33d810359b184e94764f3e42a1a45445a56447d9751d697
                                                                                        • Instruction ID: f636e57c3dd5805b30dfc8b9f793dd171df7e67dc72ad1278f6c693d7bd13ba5
                                                                                        • Opcode Fuzzy Hash: 257beddd28bebc82d33d810359b184e94764f3e42a1a45445a56447d9751d697
                                                                                        • Instruction Fuzzy Hash: 22A18862A15F988AEB20CFA9D4C43AC77B0F369B58F948116DF8D57B56DB38C095C310
                                                                                        Function 00007FF65DAED550 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastValue$InfoLocale
                                                                                        • String ID:
                                                                                        • API String ID: 673564084-0
                                                                                        • Opcode ID: 1fc60497d60af84bc3a25616b2cbffb7f0d58d90d82e0e4919eba903a1a3e98e
                                                                                        • Instruction ID: 23aad42b4a97313de6ed6381b0ac334baf7f99aaff07e2bbe4eb60d8842e4f2f
                                                                                        • Opcode Fuzzy Hash: 1fc60497d60af84bc3a25616b2cbffb7f0d58d90d82e0e4919eba903a1a3e98e
                                                                                        • Instruction Fuzzy Hash: 6C316932A1C68386EF649B66E4513AA63A1FB88784F488539DA4DE77D5EE3CE441C700
                                                                                        Function 000002B45B047620 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLastValue$InfoLocale
                                                                                        • String ID:
                                                                                        • API String ID: 673564084-0
                                                                                        • Opcode ID: 1d8e405bb44b78bdea7029598407ccfb6a808eb35fd889ed9364ebfb982fc4a2
                                                                                        • Instruction ID: 515989f23e015225344d1d1408285f8c44a104c0b1161df5f13ad950a4b17492
                                                                                        • Opcode Fuzzy Hash: 1d8e405bb44b78bdea7029598407ccfb6a808eb35fd889ed9364ebfb982fc4a2
                                                                                        • Instruction Fuzzy Hash: BD3185B2300B8187EB74EF25E4C53AE73A2F7A9B84F848129DB5983297DF38D5558710
                                                                                        Function 00007FF65DAED1A0 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF65DAE5CB8: GetLastError.KERNEL32 ref: 00007FF65DAE5CC7
                                                                                          • Part of subcall function 00007FF65DAE5CB8: FlsGetValue.KERNEL32 ref: 00007FF65DAE5CDC
                                                                                          • Part of subcall function 00007FF65DAE5CB8: SetLastError.KERNEL32 ref: 00007FF65DAE5D67
                                                                                        • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF65DAED98F,?,00000000,00000092,?,?,00000000,?,00007FF65DAE42C1), ref: 00007FF65DAED23E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                        • String ID:
                                                                                        • API String ID: 3029459697-0
                                                                                        • Opcode ID: 381a7898935054535fb9b37bad717d8d2f933d4e212882dca7d474c99c627ba2
                                                                                        • Instruction ID: f79507ba9c32d650075362b240272fda6da49111ba596b26a1d870977e4a6e19
                                                                                        • Opcode Fuzzy Hash: 381a7898935054535fb9b37bad717d8d2f933d4e212882dca7d474c99c627ba2
                                                                                        • Instruction Fuzzy Hash: 8911D273A0C6868AEF148F9AE0802A977A0FB90FA0F488135D669933C4EE28D5D1C740
                                                                                        Function 00007FF65DAED758 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF65DAE5CB8: GetLastError.KERNEL32 ref: 00007FF65DAE5CC7
                                                                                          • Part of subcall function 00007FF65DAE5CB8: FlsGetValue.KERNEL32 ref: 00007FF65DAE5CDC
                                                                                          • Part of subcall function 00007FF65DAE5CB8: SetLastError.KERNEL32 ref: 00007FF65DAE5D67
                                                                                        • GetLocaleInfoW.KERNEL32(?,?,?,00007FF65DAED502), ref: 00007FF65DAED78F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$InfoLocaleValue
                                                                                        • String ID:
                                                                                        • API String ID: 3796814847-0
                                                                                        • Opcode ID: 453c54bd9860f3c2c2274d73c6c0209dd6e7591276c886d4b974ba9ca7b18a21
                                                                                        • Instruction ID: 93ba756029f417e03108035ae2c84c061253a8f38d5b37eddc4e797fce72ceaa
                                                                                        • Opcode Fuzzy Hash: 453c54bd9860f3c2c2274d73c6c0209dd6e7591276c886d4b974ba9ca7b18a21
                                                                                        • Instruction Fuzzy Hash: C211E732B1C6A342EB748765E040A7F7261EB44764F584631D66DE77C4FF29D882C700
                                                                                        Function 000002B45B047828 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$InfoLocaleValue
                                                                                        • String ID:
                                                                                        • API String ID: 3796814847-0
                                                                                        • Opcode ID: a206680715a2a1e8ed04527063a7d486e32d99efc1662854cd7c3fa16e13c692
                                                                                        • Instruction ID: 44570c5b64296dfb88045aa66dca0fef698239d7e54b0b272448ebb686b8c698
                                                                                        • Opcode Fuzzy Hash: a206680715a2a1e8ed04527063a7d486e32d99efc1662854cd7c3fa16e13c692
                                                                                        • Instruction Fuzzy Hash: F4118072710E5087E776AF25E0C877E7360E7A0F64F944625D765436C7D725C881C320
                                                                                        Function 00007FF65DAED270 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF65DAE5CB8: GetLastError.KERNEL32 ref: 00007FF65DAE5CC7
                                                                                          • Part of subcall function 00007FF65DAE5CB8: FlsGetValue.KERNEL32 ref: 00007FF65DAE5CDC
                                                                                          • Part of subcall function 00007FF65DAE5CB8: SetLastError.KERNEL32 ref: 00007FF65DAE5D67
                                                                                        • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF65DAED94B,?,00000000,00000092,?,?,00000000,?,00007FF65DAE42C1), ref: 00007FF65DAED2EE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                        • String ID:
                                                                                        • API String ID: 3029459697-0
                                                                                        • Opcode ID: a8334e6b54be681260e95f2da46ab40b3b68223c67b0e278abaffbc4ce1ac67b
                                                                                        • Instruction ID: e27d64f5a381fbb2ffb10466be62be96bc2f86063d0f35d652fc4a28823aa165
                                                                                        • Opcode Fuzzy Hash: a8334e6b54be681260e95f2da46ab40b3b68223c67b0e278abaffbc4ce1ac67b
                                                                                        • Instruction Fuzzy Hash: 0701B572E0C6C246EB504F95E4807BA76A1EB407A4F498231D669973C4EF79D481C701
                                                                                        Function 00007FF65DAE8E4C Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF65DAE91AF,?,?,?,?,?,?,?,?,00000000,00007FF65DAEC7F0), ref: 00007FF65DAE8E9B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumLocalesSystem
                                                                                        • String ID:
                                                                                        • API String ID: 2099609381-0
                                                                                        • Opcode ID: 22e6d56a2479983aa24c821f7915748be8a8f683883795b8a980db0dd1babcfa
                                                                                        • Instruction ID: acc02e401316080099eb7c0bdcc107061f99399641e146d474e4340423b17a1b
                                                                                        • Opcode Fuzzy Hash: 22e6d56a2479983aa24c821f7915748be8a8f683883795b8a980db0dd1babcfa
                                                                                        • Instruction Fuzzy Hash: 97F01D75618A4183EB04DB59E9901A93362EB99780F585135DA4DE77A5EE3CD891C300
                                                                                        Function 000002B45B036718 Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Time$FileSystem
                                                                                        • String ID:
                                                                                        • API String ID: 2086374402-0
                                                                                        • Opcode ID: aa8c88728e75ab677f25ee3ee359a5c354dffbd2d49f8684b78d8275cd561a6c
                                                                                        • Instruction ID: ec953ba57492093afda0f1caa2970d35cb0f5f9b8e309eb14deee54ca2bad6b9
                                                                                        • Opcode Fuzzy Hash: aa8c88728e75ab677f25ee3ee359a5c354dffbd2d49f8684b78d8275cd561a6c
                                                                                        • Instruction Fuzzy Hash: 26F027E1B29B8803EE249B59A458394A392AB6CFF0F409321ED3D0E7CEFB1CC1108300
                                                                                        Function 00007FF65DAE6844 Relevance: 1.5, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: gfffffff
                                                                                        • API String ID: 0-1523873471
                                                                                        • Opcode ID: 7f8d784388c29e50a9ea76849624ee7fdd6d3f0132adaebc282318182cf08c6d
                                                                                        • Instruction ID: 39a3e513324b582842435c4ba1f0a4243296ee02d980f3daf1700cdea514c2af
                                                                                        • Opcode Fuzzy Hash: 7f8d784388c29e50a9ea76849624ee7fdd6d3f0132adaebc282318182cf08c6d
                                                                                        • Instruction Fuzzy Hash: 4BA13772A0C78786EB21CF66E0507AA7BA1EB90B84F0C8931DA8D977C5EE3DD501C701
                                                                                        Function 00007FF65DAE02A8 Relevance: 1.5, Strings: 1, Instructions: 247COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: d37ea77a3cce38cd321032bb1ff835da33d935561b5e8104ad0e6f6f8b8a62f8
                                                                                        • Instruction ID: 6f1dd1d5c78b0adcb168493546e4a4d4e6b4a61e1198941d1a556942f3dd1e82
                                                                                        • Opcode Fuzzy Hash: d37ea77a3cce38cd321032bb1ff835da33d935561b5e8104ad0e6f6f8b8a62f8
                                                                                        • Instruction Fuzzy Hash: B0B18C7290C6478BE7648F69C09027E3BA0E749B48F6C5235CB8EA73D5EF29D481C758
                                                                                        Function 00007FF65DAF209C Relevance: 1.4, APIs: 1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32 ref: 00007FF65DAF2141
                                                                                          • Part of subcall function 00007FF65DAE5798: HeapAlloc.KERNEL32(?,?,00000000,00007FF65DAE5E92,?,?,?,00007FF65DAE5929,?,?,?,?,00007FF65DAE650C,?,?,00000028), ref: 00007FF65DAE57ED
                                                                                          • Part of subcall function 00007FF65DAE5810: RtlFreeHeap.NTDLL(?,?,00007FF65DAE5929,00007FF65DAEACD6,?,?,?,00007FF65DAEB053,?,?,00000000,00007FF65DAEB9B9,?,?,?,00007FF65DAEB8EB), ref: 00007FF65DAE5826
                                                                                          • Part of subcall function 00007FF65DAE5810: GetLastError.KERNEL32(?,?,00007FF65DAE5929,00007FF65DAEACD6,?,?,?,00007FF65DAEB053,?,?,00000000,00007FF65DAEB9B9,?,?,?,00007FF65DAEB8EB), ref: 00007FF65DAE5830
                                                                                          • Part of subcall function 00007FF65DAF4700: _invalid_parameter_noinfo.LIBCMT ref: 00007FF65DAF4733
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 916656526-0
                                                                                        • Opcode ID: 053a47b18b98772e483d4cb8cedf15fedaac31aca4fa50d076ed251903ccc722
                                                                                        • Instruction ID: 71d4492d234b8caf95fc835ae2c57df78f45983d01cd8e2f9831e1a3e65a1d21
                                                                                        • Opcode Fuzzy Hash: 053a47b18b98772e483d4cb8cedf15fedaac31aca4fa50d076ed251903ccc722
                                                                                        • Instruction Fuzzy Hash: 6E41C135B0D24342FA605AA6B8517BBA690AF85BC0F885535EE4DEBBC5FE3DE401C704
                                                                                        Function 00007FF65DAB66E0 Relevance: 1.0, Instructions: 996COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9a24e7cebadb25e1a1071a985e3153bb70c692dd492349961dac4431c1ac8243
                                                                                        • Instruction ID: 5248fcc4f42f7d0c696c2ccaa3de6ebd7df7898b02fbff8892e1af9dcf9dfcfc
                                                                                        • Opcode Fuzzy Hash: 9a24e7cebadb25e1a1071a985e3153bb70c692dd492349961dac4431c1ac8243
                                                                                        • Instruction Fuzzy Hash: 24A28BF6304A4087DB08CA9DE0A572AB766E3C8B90F44513AE75B877E8DE7CD855CB04
                                                                                        Function 00007FF65DAB6730 Relevance: .9, Instructions: 934COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3cca1694c4598a210c22f8f475ca8cb19f43e7237f1ec9f88dcea8dcebb1f8f2
                                                                                        • Instruction ID: 7ac743e5503d2a92b98b510a331ecf86e1ec99fe0d106a191949e498180b5705
                                                                                        • Opcode Fuzzy Hash: 3cca1694c4598a210c22f8f475ca8cb19f43e7237f1ec9f88dcea8dcebb1f8f2
                                                                                        • Instruction Fuzzy Hash: 8F926AF5304A4087DB08CA9DE0A572AB766E3C8BA0F44513AE75B877E8DE7CD855CB04
                                                                                        Function 000002B45AFC5520 Relevance: .8, Instructions: 792COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6968eee794167bb469fcde250685dac60b8ede26a19f14c3bf6bd3d26f4c9c17
                                                                                        • Instruction ID: 2e68274a99639a6f9ef331e7a333c3922df3c96bf70003c32cf634336bc711b6
                                                                                        • Opcode Fuzzy Hash: 6968eee794167bb469fcde250685dac60b8ede26a19f14c3bf6bd3d26f4c9c17
                                                                                        • Instruction Fuzzy Hash: 2792C633915FC88AD7718F25E88129AB7A8F79D788F505315EACC26B59EB38C394C704
                                                                                        Function 00007FF65DAE23EC Relevance: .5, Instructions: 535COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 84c0cb83c689dd070a6176691960342bf1b6f8408e44a1f4b5d5845a74465e3e
                                                                                        • Instruction ID: b2bd3a04df824c51bef88bbbc7c49f01b6b4fd864891bf1ead3ecf85d4c48a12
                                                                                        • Opcode Fuzzy Hash: 84c0cb83c689dd070a6176691960342bf1b6f8408e44a1f4b5d5845a74465e3e
                                                                                        • Instruction Fuzzy Hash: 3D4280A1D2DE56CAE6538B75E8125366726BF533C1F488337E80EB66D0FF6CA4429700
                                                                                        Function 00007FF65DAD81D0 Relevance: .5, Instructions: 490COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0cbc041faab4c4b85c301c09ae377af77968fd4b1b396d05bf3904191bd81879
                                                                                        • Instruction ID: c98cf624a3f62063598f497691c03b8f4ae4139b322ff78dbee57c7126f36353
                                                                                        • Opcode Fuzzy Hash: 0cbc041faab4c4b85c301c09ae377af77968fd4b1b396d05bf3904191bd81879
                                                                                        • Instruction Fuzzy Hash: D012E2723101644BEA44DB6AE86C4BA37D2F79C78E7C56027FF894F389C62DA504D721
                                                                                        Function 00007FF65DAD4C30 Relevance: .5, Instructions: 459COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b6634bdd44a1fa22541afa8fe710b752d6f9a0eae90cea3df49b852092a4059f
                                                                                        • Instruction ID: 56e492d34d83cd3ad04823dffb711642d1afde9bfb8f7a99ba37b3156e315e97
                                                                                        • Opcode Fuzzy Hash: b6634bdd44a1fa22541afa8fe710b752d6f9a0eae90cea3df49b852092a4059f
                                                                                        • Instruction Fuzzy Hash: CA128032B1C2928BD7289B66D1406BAB7A1FB45781F484031EFCA977C4EF7DE5609B40
                                                                                        Function 00007FF65DAB39E0 Relevance: .5, Instructions: 456COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 642dc4f14b60206c0f6215a59d388f5b7023f11b53123760bd48b8ccc2892c3b
                                                                                        • Instruction ID: bd7d978619a99140d843e33b321c662433c8e25bb82e66bfbe5c1d575e608d03
                                                                                        • Opcode Fuzzy Hash: 642dc4f14b60206c0f6215a59d388f5b7023f11b53123760bd48b8ccc2892c3b
                                                                                        • Instruction Fuzzy Hash: 5B22FA7261C2858FE364CA69E05076BBBE2E7C9304F148139F689D3AD9EE7DD9058F00
                                                                                        Function 000002B45AFF66A0 Relevance: .4, Instructions: 361COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                                        • Instruction ID: 1c186ebfb3eaa5d73c9bb173b6358bd4323795fb0abdd67c885765b1a81bbc87
                                                                                        • Opcode Fuzzy Hash: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                                                                        • Instruction Fuzzy Hash: 7DC13A73724AE487E766CF56D988669B762F3E4BD0F85C126DE5607B48DB38C806C700
                                                                                        Function 000002B45AFA6610 Relevance: .3, Instructions: 346COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 21d27a1ba367a1fe37dc4cc43352571a4c841e483461c4efcd34cb87c067d70b
                                                                                        • Instruction ID: 7a4f0b289321cd976b811bcc9bd312cf3906db64890af91e324fca5037b2e7d7
                                                                                        • Opcode Fuzzy Hash: 21d27a1ba367a1fe37dc4cc43352571a4c841e483461c4efcd34cb87c067d70b
                                                                                        • Instruction Fuzzy Hash: F312D632615FC88AD7718F29E88139AB3A4F79D788F505315EACC57B59EB38C294CB04
                                                                                        Function 00007FF65DAE07B4 Relevance: .3, Instructions: 327COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec41fcf7318b3fdb136675af6d95facf500f9601c2ec072af153a2977cac78c0
                                                                                        • Instruction ID: 93cf32307b6ba14261a805429c84b131d62267fbd7924d5e9e987566c8fdbb59
                                                                                        • Opcode Fuzzy Hash: ec41fcf7318b3fdb136675af6d95facf500f9601c2ec072af153a2977cac78c0
                                                                                        • Instruction Fuzzy Hash: 70D18C32A0C64787EB688EA9C45027F36A0FB45B48F1C5235CE4DA76D5EF39E881C784
                                                                                        Function 000002B45AFC6510 Relevance: .3, Instructions: 314COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                                                                        • Instruction ID: cb41dcdfd6754eb4b25f8c602775d244873544f39e667e3a7ebfd02d34734acc
                                                                                        • Opcode Fuzzy Hash: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                                                                        • Instruction Fuzzy Hash: 6D02D533915FC489D7628F39E8813D977A4F7AD788F505216EACC2AB59EBB4C294C700
                                                                                        Function 00007FF65DAE4110 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 4023145424-0
                                                                                        • Opcode ID: ccdc4cc223566a9e700b4a92f04d3f31291b7a6cb77f8d2068ca2b5d0f3811b7
                                                                                        • Instruction ID: bdd593684241ffb0b57da2e227379c144c7a8552ef7ccfd884317dceabd04712
                                                                                        • Opcode Fuzzy Hash: ccdc4cc223566a9e700b4a92f04d3f31291b7a6cb77f8d2068ca2b5d0f3811b7
                                                                                        • Instruction Fuzzy Hash: 37C18076A0C68386EB609BA2D4107BB27A8FB94788F484135DE4DE7AD5FE7CD545C300
                                                                                        Function 00007FF65DADC550 Relevance: .3, Instructions: 280COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 46f11c4fce7bcea95ba431acbf49a59f23e7ae597986c30c574894197be224cf
                                                                                        • Instruction ID: e64b3d5a34581ec6cfe2bda67e52fae16c3b1852ea9dd3c64cfa9f5d2c5d5676
                                                                                        • Opcode Fuzzy Hash: 46f11c4fce7bcea95ba431acbf49a59f23e7ae597986c30c574894197be224cf
                                                                                        • Instruction Fuzzy Hash: 3BB1B5A6D28FC601F713873D90425B6F311AFFF790A69E323FDE470655AF54A2858214
                                                                                        Function 00007FF65DAEC8B4 Relevance: .3, Instructions: 271COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Value_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1500699246-0
                                                                                        • Opcode ID: 016909b738e5124339fad153d3415a28628c645a638055c2929be9a92ab91f6c
                                                                                        • Instruction ID: b0c7855da5f3becc6d77eb607d498e0bee640bd21dd70e5d1b3773ac8f9389c1
                                                                                        • Opcode Fuzzy Hash: 016909b738e5124339fad153d3415a28628c645a638055c2929be9a92ab91f6c
                                                                                        • Instruction Fuzzy Hash: A6B1AE72A1C64786FB64DFA1D4116BB33A1EB84B88F484231DA59E36C9EF3CE551C340
                                                                                        Function 00007FF65DB03DA0 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: d98f4d47e0a857b1cf393355eb1c2583f24a2c3040599a4cd7810a84d3a9fbd0
                                                                                        • Instruction ID: 7eb3038c82997bc8b98c66fd8ddd0724da0576ac784ae55527515f663e5a1f75
                                                                                        • Opcode Fuzzy Hash: d98f4d47e0a857b1cf393355eb1c2583f24a2c3040599a4cd7810a84d3a9fbd0
                                                                                        • Instruction Fuzzy Hash: 47818C72A08A1286EB64CF65D58537923A1FB49BD8F488636EF1EA77C5EF38D041C340
                                                                                        Function 00007FF65DAD9C10 Relevance: .2, Instructions: 204COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 976ad66ee5da2cf88b50c9bfd367b15b8b9c24bdb5795f368fa9833ed7feb0ee
                                                                                        • Instruction ID: 9802585bbfdc3ef51fc8efc97bc0b1a3a9f50d5be820b7f5ab635f46aa92953f
                                                                                        • Opcode Fuzzy Hash: 976ad66ee5da2cf88b50c9bfd367b15b8b9c24bdb5795f368fa9833ed7feb0ee
                                                                                        • Instruction Fuzzy Hash: 11712762E3C7C186E716473CA4022B29659AFE23C5F54E336FD8976AD6FF29D1428304
                                                                                        Function 00007FF65DAE7358 Relevance: .2, Instructions: 198COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 47cc90599417af31cb42002b1ceffe57e88da7026f26894e3c97641a83985020
                                                                                        • Instruction ID: 7b36f8dc2fc661f7a8f4a542091794a89a204936b15adb0523951ff99780b6fa
                                                                                        • Opcode Fuzzy Hash: 47cc90599417af31cb42002b1ceffe57e88da7026f26894e3c97641a83985020
                                                                                        • Instruction Fuzzy Hash: 9181D172A0C78286E7B5CB69E44037B6A90FB85794F584235DA9D97BD9EF3DD400CB00
                                                                                        Function 00007FF65DAD7F90 Relevance: .2, Instructions: 160COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e6fef933332038a432e0cbe0650c9c98f510f7709ea3c3125d6e13103ebde481
                                                                                        • Instruction ID: 359714a3c5540f35ae249280453526515d971df120c9c3bb8e9754248fa8f856
                                                                                        • Opcode Fuzzy Hash: e6fef933332038a432e0cbe0650c9c98f510f7709ea3c3125d6e13103ebde481
                                                                                        • Instruction Fuzzy Hash: C251AEB2F580E10BDFAC433DE825B792DD58B86351B0DE039E595DAAD7F41E8102EB44
                                                                                        Function 00007FF65DADF9F0 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                        • Instruction ID: c678604a09665d893db17abc06924f0136c12d30859298c7118cdda2201ffccc
                                                                                        • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                        • Instruction Fuzzy Hash: D3516076A1CA9186E7249B69C05026F37A1EB85F58F2C4131CE4DA77E4EF3AED42C740
                                                                                        Function 00007FF65DADFBF4 Relevance: .1, Instructions: 145COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                        • Instruction ID: d08763df0d1d8a151263bf085aacd3fa97fc4eaf288bb2e92563d19c53ed0433
                                                                                        • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                        • Instruction Fuzzy Hash: 3E515E76A1C69186E7649B69C04436B37A0EB45F5CF284131CE8DA77E4EF3AE852C740
                                                                                        Function 00007FF65DADF7EC Relevance: .1, Instructions: 145COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                        • Instruction ID: ec386a13e785900942d155f7ee10375b82891608f9f1e23501e05fd11e9d0ab9
                                                                                        • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                        • Instruction Fuzzy Hash: C8516D76A1CA9186E7249F69C45022F27A0EB44F58F388131CE8DA77D4EF3AE843C740
                                                                                        Function 000002B45B0347FC Relevance: .1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                        • Instruction ID: 64f82886eca2d85151d2cbb8651f02fc40773a1e3a27425a90d8172860e72505
                                                                                        • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                                        • Instruction Fuzzy Hash: FD516FB6610F9087E7B49F29C0EC36C37A0E765F58F644112CA895B7A6CB36C853C750
                                                                                        Function 000002B45B0345F8 Relevance: .1, Instructions: 145COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                        • Instruction ID: 4960e62522b2640823fa919b8e93c1502ab0880c871bd3480c1de69bb31778d5
                                                                                        • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                        • Instruction Fuzzy Hash: A1515CB6220B508BE7B49F29D0CC32C37A1E765F98FA48111CA495B7A6D736DC92C790
                                                                                        Function 00007FF65DAF28CC Relevance: .1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 485612231-0
                                                                                        • Opcode ID: 252e97116b409d639cb7cf3346977e6c479a1c19db0d37f8eb51e4ebf816e3a9
                                                                                        • Instruction ID: 01051376314da6946a13aa6316d2b2883568edbba79c6457a16e833798d33d33
                                                                                        • Opcode Fuzzy Hash: 252e97116b409d639cb7cf3346977e6c479a1c19db0d37f8eb51e4ebf816e3a9
                                                                                        • Instruction Fuzzy Hash: A341B136718A5582EF14CF6AD95416AA3A1BB48FD0B4D9132DE4DE7B98EE3DD0428300
                                                                                        Function 00007FF65DADCFA0 Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3993780a94f75fabcfaabf439322e03bb81cee0a4827234de154ef40bcba7dd
                                                                                        • Instruction ID: 8fd2582d77e4524dcb802f1b60712f5e43f328399911e8dc1ef4bb959400d85d
                                                                                        • Opcode Fuzzy Hash: e3993780a94f75fabcfaabf439322e03bb81cee0a4827234de154ef40bcba7dd
                                                                                        • Instruction Fuzzy Hash: D231B9A6D1DB8945E6029B79A882235F3A1BFEF790F949321EDE4B0551EF2CE1444704
                                                                                        Function 00007FF65DADAF56 Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e816ee9afbbd517afeac584de8933918a4fef5f7729cbd70fe33994d3c5995a
                                                                                        • Instruction ID: 6a71deaa3dfd48c742c82e858d410b633aeb52c248df6d3020bf0b9936e1d616
                                                                                        • Opcode Fuzzy Hash: 3e816ee9afbbd517afeac584de8933918a4fef5f7729cbd70fe33994d3c5995a
                                                                                        • Instruction Fuzzy Hash: 032191D6C1DB8946E6029B3AA882126E361BFEF290F68D321EDF4B0451BF18B1844708
                                                                                        Function 00007FF65DADCEB2 Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 93c464e3852cc5915b9151c8cba22a9675c3ba6e6f19de27809d4dbd020f5729
                                                                                        • Instruction ID: ea3edc2cbc89589900697401b981085a4987681036198d130a60e1c5e8e7fe06
                                                                                        • Opcode Fuzzy Hash: 93c464e3852cc5915b9151c8cba22a9675c3ba6e6f19de27809d4dbd020f5729
                                                                                        • Instruction Fuzzy Hash: 361182C6C5EB8D45EA039B3E9882060F261AFAB495E78D362EDF074161FF2571984318
                                                                                        Function 00007FF65DAE9AA0 Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 31e39b6c27bf28f0e056e49cbc12428bf1b6f050c7fc376ff2e6193081efeec9
                                                                                        • Instruction ID: ea2d2968040bff0602adec8b941c94ea1a0dbf857e6791512397615ef3eee6d8
                                                                                        • Opcode Fuzzy Hash: 31e39b6c27bf28f0e056e49cbc12428bf1b6f050c7fc376ff2e6193081efeec9
                                                                                        • Instruction Fuzzy Hash: D5F0687172C2568BDB98CF28AD02A2977D0F708380F549239E58DC3B58EE3C90508F04
                                                                                        Function 000002B45B0726E0 Relevance: .0, Instructions: 5COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                                                                        • Instruction ID: c2ef8f188880444424d246751fccdef854ea8404f66adf137d4fd9589eb60a77
                                                                                        • Opcode Fuzzy Hash: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                                                                        • Instruction Fuzzy Hash: F3A01297708490CBF1130E10048D1443750E763A00BC98040C90002403C115040D8B10
                                                                                        Function 00007FF65DAA4C00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Yarn$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 3904239083-1405518554
                                                                                        • Opcode ID: fdf93c7b3725d3de9480c70fc984c330f16ff8bafd09a5e6a50b7f6b76af3ea8
                                                                                        • Instruction ID: 37f9dc133d86320fccafeb55f33347c9eba3b3f9cf265ac53a55d766018e91b6
                                                                                        • Opcode Fuzzy Hash: fdf93c7b3725d3de9480c70fc984c330f16ff8bafd09a5e6a50b7f6b76af3ea8
                                                                                        • Instruction Fuzzy Hash: C7112B65A0EB4642D900E7AAE48126FA370FFC7B84F580131EA8D637E7EE3DD4118B04
                                                                                        Function 00007FF65DAA35B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 181COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleHeaderImageModule
                                                                                        • String ID: .data$.mrdata$ntdll.dll
                                                                                        • API String ID: 1307054163-825320017
                                                                                        • Opcode ID: 540e6d451a2b33d2f7aa5391ba2a9d0ff351769d0afe938c76c5a5a31751ba7e
                                                                                        • Instruction ID: a2300d8e8bb2a01f351a59dad3199995b664f97c194e46ccee351030974f53dd
                                                                                        • Opcode Fuzzy Hash: 540e6d451a2b33d2f7aa5391ba2a9d0ff351769d0afe938c76c5a5a31751ba7e
                                                                                        • Instruction Fuzzy Hash: CBA1DC3661DB8586E7A0CB95E44036BB7A4FB88794F544235EA8D97FA8EF3CD444CB00
                                                                                        Function 00007FF65DAE8EC8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF65DAE95D0,?,?,?,?,00007FF65DAEDBCD,?,?,?,?,00007FF65DAFB3F8), ref: 00007FF65DAE9044
                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF65DAE95D0,?,?,?,?,00007FF65DAEDBCD,?,?,?,?,00007FF65DAFB3F8), ref: 00007FF65DAE9050
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeLibraryProc
                                                                                        • String ID: api-ms-$ext-ms-
                                                                                        • API String ID: 3013587201-537541572
                                                                                        • Opcode ID: 88c23d9036aded5f7076838acfe0058b8650966d7edef86c05992df23181fc12
                                                                                        • Instruction ID: 9f2ca2cedf03bb2372a0a3472ab146f93bf2e31cd98589d34ef9c643dec4e02f
                                                                                        • Opcode Fuzzy Hash: 88c23d9036aded5f7076838acfe0058b8650966d7edef86c05992df23181fc12
                                                                                        • Instruction Fuzzy Hash: 8641CD31B1DA1382EA168BA6E8205666296FF45B90F4C4235DD0EE77D4FE3CE846C304
                                                                                        Function 00007FF65DAE146C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: f$p$p
                                                                                        • API String ID: 3215553584-1995029353
                                                                                        • Opcode ID: 35f128cec712ba658e9c7200868182dc03db665a37542de7a91c1d423a514665
                                                                                        • Instruction ID: 62dee26a5da47410903a0587ceabab3b50252b9e6fdedd3f6c1e6ab03902ebd4
                                                                                        • Opcode Fuzzy Hash: 35f128cec712ba658e9c7200868182dc03db665a37542de7a91c1d423a514665
                                                                                        • Instruction Fuzzy Hash: 6912A332E0E16386FB249B99E0546BB76A1FB50750F8C4535D68AAB6C4FF3CE580CB50
                                                                                        Function 00007FF65DAF35B8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 2111bb826fba5276a3a9dd84415bba117cbc3f7a0067bdd87d396387dbaf4657
                                                                                        • Instruction ID: 56911e02b8d757e570b20239fd551ae9e4a8452c09b9ecc58bb6238f12e756b7
                                                                                        • Opcode Fuzzy Hash: 2111bb826fba5276a3a9dd84415bba117cbc3f7a0067bdd87d396387dbaf4657
                                                                                        • Instruction Fuzzy Hash: 93C1CE3AA0C68791E7609B95D4502BF7BA1EF80B90F5D4175EA8EA33D1EE7CE845C340
                                                                                        Function 00007FF65DABEFC0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 241COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fence64Read
                                                                                        • String ID: +$0123456789abcdefghijklmnopqrstuvwxyz$4$4$d
                                                                                        • API String ID: 3999070443-264949567
                                                                                        • Opcode ID: 1743ddae81d6ea49377a863fa6a1ec82f2316a6d258534a902e75a0a57e9bff6
                                                                                        • Instruction ID: 98b75065802334ff474cf0cba41dae0565995ef31ed08951a6af37799e63ad17
                                                                                        • Opcode Fuzzy Hash: 1743ddae81d6ea49377a863fa6a1ec82f2316a6d258534a902e75a0a57e9bff6
                                                                                        • Instruction Fuzzy Hash: 5EC1B63250DBC88ADAA1CB59F4803AAB7A0F799790F144125EADD83B98DF7DD495CF00
                                                                                        Function 00007FF65DAFAF88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF65DAFB18F,?,?,00000000,00007FF65DAF7CE2,?,?,?,00007FF65DB074ED), ref: 00007FF65DAFB00D
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF65DAFB18F,?,?,00000000,00007FF65DAF7CE2,?,?,?,00007FF65DB074ED), ref: 00007FF65DAFB01B
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF65DAFB18F,?,?,00000000,00007FF65DAF7CE2,?,?,?,00007FF65DB074ED), ref: 00007FF65DAFB045
                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF65DAFB18F,?,?,00000000,00007FF65DAF7CE2,?,?,?,00007FF65DB074ED), ref: 00007FF65DAFB0B3
                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF65DAFB18F,?,?,00000000,00007FF65DAF7CE2,?,?,?,00007FF65DB074ED), ref: 00007FF65DAFB0BF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                        • String ID: api-ms-
                                                                                        • API String ID: 2559590344-2084034818
                                                                                        • Opcode ID: 0d0ac073453aeb45f407a3059d888d0c76c4a1015270bd98423673d19d5896fd
                                                                                        • Instruction ID: d96bfd578e67a2803d3fb7711c6c22a08e10cb8069581b40f11fd6cfd2fe3838
                                                                                        • Opcode Fuzzy Hash: 0d0ac073453aeb45f407a3059d888d0c76c4a1015270bd98423673d19d5896fd
                                                                                        • Instruction Fuzzy Hash: B631AF35A1E64391EE12DB96E40057663A8FF49BA2F4D4535DD2EAA3D4FF3CE4458300
                                                                                        Function 00007FF65DAE5CB8 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: 0e9a261044974c98fe15c55c3d55f2b3032747381efac69e6f322ca96625eeb5
                                                                                        • Instruction ID: 2314e5f24246a043fe5ad3e4e46c78a96d1e95d4fd6e994af9142f80b584ec69
                                                                                        • Opcode Fuzzy Hash: 0e9a261044974c98fe15c55c3d55f2b3032747381efac69e6f322ca96625eeb5
                                                                                        • Instruction Fuzzy Hash: FB213331A0D64382FA58A7A1E69917B5292DF487B1F5C4B34D83EE76D6FD6CA441C300
                                                                                        Function 00007FF65DAF49EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                        • String ID: CONOUT$
                                                                                        • API String ID: 3230265001-3130406586
                                                                                        • Opcode ID: 143c3a3f26d5e4478db14557210d9b5f5d56c35c52044c9f27410f3b50e0fd75
                                                                                        • Instruction ID: ab5cb33af55143b5d6541480db6f498496cdf465681d3cee18e7f7d94b58f43c
                                                                                        • Opcode Fuzzy Hash: 143c3a3f26d5e4478db14557210d9b5f5d56c35c52044c9f27410f3b50e0fd75
                                                                                        • Instruction Fuzzy Hash: 6C118131A1CA4286E3508B52E84432966A1FB89BE5F084334EA5DD7BE4EF7CD4048748
                                                                                        Function 000002B45B04ABDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                        • String ID: CONOUT$
                                                                                        • API String ID: 3230265001-3130406586
                                                                                        • Opcode ID: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                                        • Instruction ID: 52b299079e7f16a9a8dbc5feeec645d1a0ce3a0c9ebbba2a93009756f8e8dc68
                                                                                        • Opcode Fuzzy Hash: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                                                                        • Instruction Fuzzy Hash: BA11B2B1310E8087E760AF46E8D9319B3A0F3A9FE4F804214EE59877A6CF38C4448754
                                                                                        Function 000002B45B05B73C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$CompareInfoString
                                                                                        • String ID:
                                                                                        • API String ID: 2984826149-0
                                                                                        • Opcode ID: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                                                                        • Instruction ID: 677e07d4cc42b4587d9997673bbaed013b894ebefe6bcbd0474957d013e9d29a
                                                                                        • Opcode Fuzzy Hash: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                                                                        • Instruction Fuzzy Hash: 22A18FA2600B808BEB31BF2594D83A97791F767FA8F948611DA5807FC6DB38D845C360
                                                                                        Function 00007FF65DAC8020 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 458COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: &$e$nan
                                                                                        • API String ID: 0-1192993855
                                                                                        • Opcode ID: 07c1dcf7fe85bbc1e067f6de4f926c6fb306207c60ad19f74a8bddca7f9c4e8f
                                                                                        • Instruction ID: 9438f3137c88bab6173d8e0a5b6bb4d98b29d5b1dfcf339815f5380f5939b35e
                                                                                        • Opcode Fuzzy Hash: 07c1dcf7fe85bbc1e067f6de4f926c6fb306207c60ad19f74a8bddca7f9c4e8f
                                                                                        • Instruction Fuzzy Hash: 6E42D23260CAC689D6B18B65E4903EFB7A4F788750F484126DACD93BA9EF3CD544CB41
                                                                                        Function 00007FF65DAC9120 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 457COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: &$e$nan
                                                                                        • API String ID: 0-1192993855
                                                                                        • Opcode ID: 7952403a15a35431d6767a2053f8123c38403e361d52805be08b9de745fd9cb8
                                                                                        • Instruction ID: b93df914376a4440eee966921ec834dc8c2fa51014f5532fff85399c5bd2520f
                                                                                        • Opcode Fuzzy Hash: 7952403a15a35431d6767a2053f8123c38403e361d52805be08b9de745fd9cb8
                                                                                        • Instruction Fuzzy Hash: 8142D23260CAC689D6B18B55E4903EFB7A4F788790F484126DACD93BA9EF3CD545CB40
                                                                                        Function 00007FF65DAC9C20 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 457COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: &$e$nan
                                                                                        • API String ID: 0-1192993855
                                                                                        • Opcode ID: 5bed7973e5487bab54717232cb26603583bcbfed259e19c44ec6817ed4f113ea
                                                                                        • Instruction ID: ac764afc0b36f36b175057727fce5dd37357e381d080e6085a82fe5dbb788ec9
                                                                                        • Opcode Fuzzy Hash: 5bed7973e5487bab54717232cb26603583bcbfed259e19c44ec6817ed4f113ea
                                                                                        • Instruction Fuzzy Hash: 3A42E23260DAC589D6B1CA55E4903EFB7A4F788790F488126DACD93BA9EF3CD544CB40
                                                                                        Function 00007FF65DAFD26C Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiStringWide
                                                                                        • String ID:
                                                                                        • API String ID: 2829165498-0
                                                                                        • Opcode ID: 2b2fdd1503a79b380a1020f4e969409d4e922ebcf1c0befb99e6f4eb1a253c2d
                                                                                        • Instruction ID: 894d4a16f413ea34c0fb5dc9366c88022ecd75088a1ea828024527664fff4edf
                                                                                        • Opcode Fuzzy Hash: 2b2fdd1503a79b380a1020f4e969409d4e922ebcf1c0befb99e6f4eb1a253c2d
                                                                                        • Instruction Fuzzy Hash: FE819176A0C78286EF218F55E44026A77A6FF847E8F184631EA5DA7BD8EF7CD4048700
                                                                                        Function 00007FF65DAE5E30 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF65DAE5929,?,?,?,?,00007FF65DAE650C,?,?,00000028,00007FF65DAF5573), ref: 00007FF65DAE5E3F
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE5929,?,?,?,?,00007FF65DAE650C,?,?,00000028,00007FF65DAF5573), ref: 00007FF65DAE5E75
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE5929,?,?,?,?,00007FF65DAE650C,?,?,00000028,00007FF65DAF5573), ref: 00007FF65DAE5EA2
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE5929,?,?,?,?,00007FF65DAE650C,?,?,00000028,00007FF65DAF5573), ref: 00007FF65DAE5EB3
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE5929,?,?,?,?,00007FF65DAE650C,?,?,00000028,00007FF65DAF5573), ref: 00007FF65DAE5EC4
                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF65DAE5929,?,?,?,?,00007FF65DAE650C,?,?,00000028,00007FF65DAF5573), ref: 00007FF65DAE5EDF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: cf8115dcaa5ee2122fb104c4df6f54fc23ab72e4ca67caacefd1d5263795953b
                                                                                        • Instruction ID: fb2b475b3a04523d58b21762734a3e72a0ecd82395095a8ad8b795fce27db7ff
                                                                                        • Opcode Fuzzy Hash: cf8115dcaa5ee2122fb104c4df6f54fc23ab72e4ca67caacefd1d5263795953b
                                                                                        • Instruction Fuzzy Hash: 74112130E0C64382FA5893B1E65517A6292DF487B1F5C4734D83EE76D6FE6CA401C700
                                                                                        Function 00007FF65DABDB90 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 272COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load_relaxed_4std::_
                                                                                        • String ID: %$e$o$u
                                                                                        • API String ID: 1853752696-1884988985
                                                                                        • Opcode ID: 5fa3bfed00eb7f098b7cf37669c34e1e722c137927b02883ea76b391b0f2ab52
                                                                                        • Instruction ID: b195c239a885ab89eaa92fd8a54aa73302bf9a26f2c518aab3f58562f3dbc26e
                                                                                        • Opcode Fuzzy Hash: 5fa3bfed00eb7f098b7cf37669c34e1e722c137927b02883ea76b391b0f2ab52
                                                                                        • Instruction Fuzzy Hash: 9CE1E63260CBC985DA61CB55E4903EBB7A0F788784F544126EA8E93BA9EF7CD445CB40
                                                                                        Function 00007FF65DAC8B30 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 260COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mpunct
                                                                                        • String ID: .$0$0
                                                                                        • API String ID: 4240859931-1691970187
                                                                                        • Opcode ID: e9687b47ea457237dee4bdc78be1e40fba84c5c64e038008681aa2fe3be40f6b
                                                                                        • Instruction ID: c7354dcd0fbfc549f8ab5ce590375d9ba5b6e890a7f94dc3de7a52f46370d98a
                                                                                        • Opcode Fuzzy Hash: e9687b47ea457237dee4bdc78be1e40fba84c5c64e038008681aa2fe3be40f6b
                                                                                        • Instruction Fuzzy Hash: D0D1BA36609BC995DA61DB5AE4902EEB760F7C8B94F448022DF8D93B69EF3CC545CB00
                                                                                        Function 00007FF65DAA2020 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 224COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • allocator.LIBCONCRTD ref: 00007FF65DAA23D2
                                                                                          • Part of subcall function 00007FF65DAA66C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF65DAA66DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
                                                                                        • String ID: eax$ebx$rax$rbx
                                                                                        • API String ID: 1755220593-2388916327
                                                                                        • Opcode ID: c01962a9961ff03dcf299c024bebee3a4452aa249518325b59cd457b6bb118a3
                                                                                        • Instruction ID: 47822a600442ffcb3289624f9bdeb930d0311e8d43aeb4da9f200c4fd810a56f
                                                                                        • Opcode Fuzzy Hash: c01962a9961ff03dcf299c024bebee3a4452aa249518325b59cd457b6bb118a3
                                                                                        • Instruction Fuzzy Hash: E6D1F06791CBC189E321CF78DC413E977A1FBAA748F045325EAC896E5AEF789244C341
                                                                                        Function 00007FF65DABB1E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fence64Read
                                                                                        • String ID: inf$nan$nan(ind)$nan(snan)
                                                                                        • API String ID: 3999070443-3276396208
                                                                                        • Opcode ID: e246f93cfd8b01a24d44e219b48bef0b546a2f143c45bedcdc11885149c42856
                                                                                        • Instruction ID: c8f850370739ffd281934bdd4ee8b131563af24ae47124983702f3adb0923ed7
                                                                                        • Opcode Fuzzy Hash: e246f93cfd8b01a24d44e219b48bef0b546a2f143c45bedcdc11885149c42856
                                                                                        • Instruction Fuzzy Hash: 56A1EE3661DBC585EA70CB55E8903ABA7A0F784790F544236EA8E93BD8EF3CD445CB00
                                                                                        Function 00007FF65DABD630 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fence64Read
                                                                                        • String ID: 0123456789abcdefghijklmnopqrstuvwxyz$0p+0$1$4
                                                                                        • API String ID: 3999070443-1197085086
                                                                                        • Opcode ID: 22605e3e1ccf5c9f3454907df50a8bf921d3aa5bdd4aa9ee1894e77eaf097de2
                                                                                        • Instruction ID: 0a67ff6f6efbcef700ff56e6e98e9c8db7b96b084c9c0536c413fcc4ea0fe6d9
                                                                                        • Opcode Fuzzy Hash: 22605e3e1ccf5c9f3454907df50a8bf921d3aa5bdd4aa9ee1894e77eaf097de2
                                                                                        • Instruction Fuzzy Hash: B5A1973650DBC885EBA0CB59F4903AAB7A5F384B94F144125EA8E87BA8DF7CD445CB01
                                                                                        Function 00007FF65DABAE00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load_relaxed_4std::_
                                                                                        • String ID: inf$nan$nan(ind)$nan(snan)
                                                                                        • API String ID: 1853752696-3276396208
                                                                                        • Opcode ID: 464d97ded6cad5ea3cc5b8df829cfb978308b82cca82f5cc6969c81aa40300fb
                                                                                        • Instruction ID: 2ae1b2dc6b0fbca20dee3092c1ac2c4fea229bfb2ce88b0f8abbdd1e7b1621b5
                                                                                        • Opcode Fuzzy Hash: 464d97ded6cad5ea3cc5b8df829cfb978308b82cca82f5cc6969c81aa40300fb
                                                                                        • Instruction Fuzzy Hash: CAA1C63650DAC585EBB0CB55E8807AAB7A0F789780F549126EA8D93BD8EF7CD445CB00
                                                                                        Function 00007FF65DABAAC0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fence64Read
                                                                                        • String ID: inf$nan$nan(ind)$nan(snan)
                                                                                        • API String ID: 3999070443-3276396208
                                                                                        • Opcode ID: d5b88743fa5b3b07afb4db1eeea1c002ad18bbf23253e37765dc3445f34048a6
                                                                                        • Instruction ID: 97bd43ca5d78057b21b47d27875ef8e6510a7e6a47b95a5e854eb2884ee3c3f4
                                                                                        • Opcode Fuzzy Hash: d5b88743fa5b3b07afb4db1eeea1c002ad18bbf23253e37765dc3445f34048a6
                                                                                        • Instruction Fuzzy Hash: 0481F83260CBC985EAA0CB55E49036BB7A0FB85790F544126EACE87BD8EF7CD445CB01
                                                                                        Function 00007FF65DABA7D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 144COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load_relaxed_4std::_
                                                                                        • String ID: inf$nan$nan(ind)$nan(snan)
                                                                                        • API String ID: 1853752696-3276396208
                                                                                        • Opcode ID: 72cc235c785df8f3571cec6a84209a645bb403642a45b9f3071a678ad278a7e8
                                                                                        • Instruction ID: 9baa855f2580392f272f004e1ff1e814eb75abc5805378c8693f18cf7adc7563
                                                                                        • Opcode Fuzzy Hash: 72cc235c785df8f3571cec6a84209a645bb403642a45b9f3071a678ad278a7e8
                                                                                        • Instruction Fuzzy Hash: 4471D73261CBC989EA60CB55E4803ABB7A1F785780F545026EACE93BD8EF7CD445CB01
                                                                                        Function 00007FF65DABA4E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fence64Read
                                                                                        • String ID: inf$nan$nan(ind)$nan(snan)
                                                                                        • API String ID: 3999070443-3276396208
                                                                                        • Opcode ID: 70d59d2c9d76d07b0f33b11adfc2aa066c03e6bbcb9822e25dfa6d8139c5e202
                                                                                        • Instruction ID: b5cc66946c1446ffbd30597f4b50740d000f154c3fd98c4d32841d8523531c0d
                                                                                        • Opcode Fuzzy Hash: 70d59d2c9d76d07b0f33b11adfc2aa066c03e6bbcb9822e25dfa6d8139c5e202
                                                                                        • Instruction Fuzzy Hash: 7071083660CBC989EA60CB56E49036AB7A0F785794F544136EACE87BD9EF7CD444CB00
                                                                                        Function 00007FF65DABA250 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load_relaxed_4std::_
                                                                                        • String ID: inf$nan$nan(ind)$nan(snan)
                                                                                        • API String ID: 1853752696-3276396208
                                                                                        • Opcode ID: d5adf79395b74f9d5280ca903bbc3249ff26270c4855bacc272925e682a68ccf
                                                                                        • Instruction ID: 8741f7ad5f8ec45d0303005a1b3e942cb169e041badb80cda345c21dc46a13c5
                                                                                        • Opcode Fuzzy Hash: d5adf79395b74f9d5280ca903bbc3249ff26270c4855bacc272925e682a68ccf
                                                                                        • Instruction Fuzzy Hash: F861F43660CBC589EB60CB55F4803AAB7A0F785784F545026EACE97BA9EF7CD445CB00
                                                                                        Function 00007FF65DAC75D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fac_nodeFac_node::_allocatorstd::_
                                                                                        • String ID: Invalid format string.$^$invalid fill character '{'
                                                                                        • API String ID: 598859312-3800272876
                                                                                        • Opcode ID: ad42ce789a6cde225e893fa38872b060042fd1935f330b2a9c7aacee0af1ed30
                                                                                        • Instruction ID: 939b06d93da4e0de27adb10d7149942d3e4301e8ae439ed05ae191a6f142d32b
                                                                                        • Opcode Fuzzy Hash: ad42ce789a6cde225e893fa38872b060042fd1935f330b2a9c7aacee0af1ed30
                                                                                        • Instruction Fuzzy Hash: 28414D3250DBC5C9E6718B69E48036BABA0F7C9794F580535E6CD93BEAEF6CD5408B00
                                                                                        Function 00007FF65DAEDE14 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                        • API String ID: 4061214504-1276376045
                                                                                        • Opcode ID: b098b623c8c7801e5285911e96efcdbd3b420d839b436883500a26a7c39cdebe
                                                                                        • Instruction ID: 38fb13b3e1c61dae4d47f3971997bfecf6776d3a3e40a085466924d655124d69
                                                                                        • Opcode Fuzzy Hash: b098b623c8c7801e5285911e96efcdbd3b420d839b436883500a26a7c39cdebe
                                                                                        • Instruction Fuzzy Hash: 27F04FA5A1C70681FB148B64E45977A6331EF4ABA1F581235D56E953E4EF3CD448C304
                                                                                        Function 00007FF65DAE843C Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _set_statfp
                                                                                        • String ID:
                                                                                        • API String ID: 1156100317-0
                                                                                        • Opcode ID: 7ad41c2085167253e11841c847abdc28045ab084f43f852668cbe7a267bd0bec
                                                                                        • Instruction ID: ea1d444913ca433d2c28d3bae6d9075e335e5e82c44c6ad4990970ddbf98c63b
                                                                                        • Opcode Fuzzy Hash: 7ad41c2085167253e11841c847abdc28045ab084f43f852668cbe7a267bd0bec
                                                                                        • Instruction Fuzzy Hash: B981D33290CA4786F2628B74E45037B6290EF95394F4C4331EA5EB65E4FF3CE581CA42
                                                                                        Function 000002B45B03F4D8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _set_statfp
                                                                                        • String ID:
                                                                                        • API String ID: 1156100317-0
                                                                                        • Opcode ID: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                                                                        • Instruction ID: 84439160ae124d16e19204596b86a7647767b7574a3107cdea8b086ddf9b555a
                                                                                        • Opcode Fuzzy Hash: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                                                                        • Instruction Fuzzy Hash: BE81E492110F4487F272AF35A5CD3AEB7A0BB75F98F948301EE56265E7D738C5818720
                                                                                        Function 00007FF65DAE9894 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _set_statfp
                                                                                        • String ID:
                                                                                        • API String ID: 1156100317-0
                                                                                        • Opcode ID: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
                                                                                        • Instruction ID: 8352b962427c41793df8e95d872f700ea66510ba0897b7e4bc65961b26b384b5
                                                                                        • Opcode Fuzzy Hash: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
                                                                                        • Instruction Fuzzy Hash: AB118F32E1CB0381FA9512B9D99137B1141EFA4364F1D0634EAAEA76F6AF1CA941C101
                                                                                        Function 00007FF65DAE5EF8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF65DAE1DF7,?,?,00000000,00007FF65DAE2092,?,?,?,?,?,00007FF65DAE201E), ref: 00007FF65DAE5F17
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE1DF7,?,?,00000000,00007FF65DAE2092,?,?,?,?,?,00007FF65DAE201E), ref: 00007FF65DAE5F36
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE1DF7,?,?,00000000,00007FF65DAE2092,?,?,?,?,?,00007FF65DAE201E), ref: 00007FF65DAE5F5E
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE1DF7,?,?,00000000,00007FF65DAE2092,?,?,?,?,?,00007FF65DAE201E), ref: 00007FF65DAE5F6F
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF65DAE1DF7,?,?,00000000,00007FF65DAE2092,?,?,?,?,?,00007FF65DAE201E), ref: 00007FF65DAE5F80
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: 599f45f996d19451c8b2a229de22a9c688dca7130503bd761d5e478bd2defdca
                                                                                        • Instruction ID: cfb07f84120c01b028f3e0bc6ae29eb4b4f1a7b7490a66b0f2d812c3d452c990
                                                                                        • Opcode Fuzzy Hash: 599f45f996d19451c8b2a229de22a9c688dca7130503bd761d5e478bd2defdca
                                                                                        • Instruction Fuzzy Hash: 3B111F70E0D64381FA5857A6EA5517BA281DF887B1F5C4738E92DE6AD6FE2CE401C300
                                                                                        Function 000002B45B03843C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FlsGetValue.KERNEL32(?,?,?,000002B45B02F8AF,?,?,00000000,000002B45B02FB4A,?,?,?,?,-2891666E48DAA7FF,000002B45B02FAD6), ref: 000002B45B03845B
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002B45B02F8AF,?,?,00000000,000002B45B02FB4A,?,?,?,?,-2891666E48DAA7FF,000002B45B02FAD6), ref: 000002B45B03847A
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002B45B02F8AF,?,?,00000000,000002B45B02FB4A,?,?,?,?,-2891666E48DAA7FF,000002B45B02FAD6), ref: 000002B45B0384A2
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002B45B02F8AF,?,?,00000000,000002B45B02FB4A,?,?,?,?,-2891666E48DAA7FF,000002B45B02FAD6), ref: 000002B45B0384B3
                                                                                        • FlsSetValue.KERNEL32(?,?,?,000002B45B02F8AF,?,?,00000000,000002B45B02FB4A,?,?,?,?,-2891666E48DAA7FF,000002B45B02FAD6), ref: 000002B45B0384C4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: 64b21c8772d4c2280a2575dd52794ef6fbd465c186315b0bb9d8ae0d08d06aa7
                                                                                        • Instruction ID: a778a84851293ec0c8fab4a0e4f20e2b94429ab3c69f08394025f1581a92609e
                                                                                        • Opcode Fuzzy Hash: 64b21c8772d4c2280a2575dd52794ef6fbd465c186315b0bb9d8ae0d08d06aa7
                                                                                        • Instruction Fuzzy Hash: C0116DA0205F4043FAB9BB2666DE33973415BA4BB4F944765E93A46AD7DF28D4018320
                                                                                        Function 00007FF65DAE5D8C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: b77b770852fc01411a0c66b1882f58713974e64d821ee1e4b1b057d686c5eaee
                                                                                        • Instruction ID: 721b41fca2055efa7928af50e56e3d0f09f9cf9706f5e9a519f28e65108d56a6
                                                                                        • Opcode Fuzzy Hash: b77b770852fc01411a0c66b1882f58713974e64d821ee1e4b1b057d686c5eaee
                                                                                        • Instruction Fuzzy Hash: CD11EC35E0D20381FA98A3A5E95A1BB1282CF49371F5C0B34D93EEA2D6FD2CB451C250
                                                                                        Function 00007FF65DAAAFD0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mpunct$std::ios_base::width
                                                                                        • String ID: @
                                                                                        • API String ID: 1355946870-2766056989
                                                                                        • Opcode ID: 23e837240074d2248eaa6e84e28edfd629583ca9120122449e8306abbf3755b7
                                                                                        • Instruction ID: 2c76c99648b672475998d7e9de3653d3f3305a434a13f81e4fcba55ce39b046e
                                                                                        • Opcode Fuzzy Hash: 23e837240074d2248eaa6e84e28edfd629583ca9120122449e8306abbf3755b7
                                                                                        • Instruction Fuzzy Hash: 0F12073260DAC585DAA09B55E4943EFA7A1F7C8780F484236DACD93BA9EF3CD545CB00
                                                                                        Function 000002B45AFE6510 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 1287851536-1405518554
                                                                                        • Opcode ID: c4a847eda672c2f6d933a7603187572b8b3689bbfda00f825ba7d637fb08f02a
                                                                                        • Instruction ID: f49eeae8632b9d1cd50fb3f54a5616febad3610da8704810e169c8cef56f7e50
                                                                                        • Opcode Fuzzy Hash: c4a847eda672c2f6d933a7603187572b8b3689bbfda00f825ba7d637fb08f02a
                                                                                        • Instruction Fuzzy Hash: D4918F62702F448BEBA4EFB5D8D439C7362EB64B88F844126DB591BA9ADF34C4558340
                                                                                        Function 00007FF65DABE280 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 231COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load_relaxed_4std::_
                                                                                        • String ID: +$0123456789abcdefghijklmnopqrstuvwxyz$d
                                                                                        • API String ID: 1853752696-121654361
                                                                                        • Opcode ID: 114d9d9c213bd84ef5e71c4c351011e52d5e67b59f85d736c31e102dd82b51f1
                                                                                        • Instruction ID: 8359c5eaedfe5fd08e845d9c88e2077f017265285ad93fe12e30a34aa927fa53
                                                                                        • Opcode Fuzzy Hash: 114d9d9c213bd84ef5e71c4c351011e52d5e67b59f85d736c31e102dd82b51f1
                                                                                        • Instruction Fuzzy Hash: B9C1D27261C6C58AE7A0CB59F08076EBBA0F388740F14412AE6DE97B99EB7CD445CF10
                                                                                        Function 00007FF65DABD260 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 186COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load_relaxed_4std::_
                                                                                        • String ID: 0123456789abcdefghijklmnopqrstuvwxyz$0p+0$1
                                                                                        • API String ID: 1853752696-64391948
                                                                                        • Opcode ID: 87ffbadd58718491a0f75fa8edb27ea73874d19d2365bb681a35b88d33976b5c
                                                                                        • Instruction ID: 68234773ba4ac188fe275026de30766ee4ec101428da62b895a699e668e47077
                                                                                        • Opcode Fuzzy Hash: 87ffbadd58718491a0f75fa8edb27ea73874d19d2365bb681a35b88d33976b5c
                                                                                        • Instruction Fuzzy Hash: FEA1943661CBC889DBA0CB59E49039AB7A0F785B84F545025EACE87B98DF7CD445CB01
                                                                                        Function 00007FF65DAA5820 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • std::make_error_code.LIBCPMTD ref: 00007FF65DAA58D8
                                                                                          • Part of subcall function 00007FF65DAF77D4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF65DAF651B), ref: 00007FF65DAF7824
                                                                                          • Part of subcall function 00007FF65DAF77D4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF65DAF651B), ref: 00007FF65DAF7865
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFileHeaderRaisestd::make_error_code
                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                        • API String ID: 504923140-1866435925
                                                                                        • Opcode ID: 37625c85163a6a2edd9043ea699a6532f1f35351b076ec396d6e3d08002ad281
                                                                                        • Instruction ID: 5e63814e8f57c2601c95b63ed861aebf224a610f3730c13e35dadab58295c76a
                                                                                        • Opcode Fuzzy Hash: 37625c85163a6a2edd9043ea699a6532f1f35351b076ec396d6e3d08002ad281
                                                                                        • Instruction Fuzzy Hash: E6212832A1C78286E761CB14E84126B77A0FB88344F984235E6CDD7BE9EF2CE544CB04
                                                                                        Function 000002B45B059520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: GetTempPath2W$kernel32.dll
                                                                                        • API String ID: 1646373207-1846531799
                                                                                        • Opcode ID: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                                                                        • Instruction ID: 9f79a25bf512b0adfaffe1c1623752945ee1721bcc071e5efae73293afd41be5
                                                                                        • Opcode Fuzzy Hash: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                                                                        • Instruction Fuzzy Hash: 98E0C9A1310E4483EE14BF11F9C8569B361F7A9F85F985025D90E07236DF28C4458710
                                                                                        Function 000002B45B00F480 Relevance: 6.5, APIs: 4, Instructions: 478COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 1562318730-0
                                                                                        • Opcode ID: 72b49010517826a4bc1718730da808a27341e03ca3287bc81b5c6f812749a859
                                                                                        • Instruction ID: 6f8a649a0e84fa4ffacf1e5b03ee869b1fac577d7893da89dc6dc2d1142f3d43
                                                                                        • Opcode Fuzzy Hash: 72b49010517826a4bc1718730da808a27341e03ca3287bc81b5c6f812749a859
                                                                                        • Instruction Fuzzy Hash: 2C22B1A2614F8487FB20EF68D4D839D3761E7A1BA8FD05201EA6D06ADBDF78C484D710
                                                                                        Function 00007FF65DAEE294 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                        • String ID:
                                                                                        • API String ID: 2718003287-0
                                                                                        • Opcode ID: 8006df4a7e49d247def26c2c7127d35bc6642300e1a35ffac0c40609046d0867
                                                                                        • Instruction ID: 6b364d1490b9bffbfb5bfa5ce1ee0c59e2b2bcc1d4b7a8589b46ec41efba81c4
                                                                                        • Opcode Fuzzy Hash: 8006df4a7e49d247def26c2c7127d35bc6642300e1a35ffac0c40609046d0867
                                                                                        • Instruction Fuzzy Hash: 4BD1C032B18A828AE711CFB9D4402AD37B1FB44798B484235CE5DE7BDAEE38D516C740
                                                                                        Function 00007FF65DAEEBBC Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65DAEEBA7), ref: 00007FF65DAEECD8
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF65DAEEBA7), ref: 00007FF65DAEED63
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleErrorLastMode
                                                                                        • String ID:
                                                                                        • API String ID: 953036326-0
                                                                                        • Opcode ID: 105dd8715a37432a8ca5a6fa959f0c984e635dbff9f10a33cd2e20e3aea9f4a0
                                                                                        • Instruction ID: a218029a842a4129f943218273087d5ae20368a082d489ef232f76d48d795876
                                                                                        • Opcode Fuzzy Hash: 105dd8715a37432a8ca5a6fa959f0c984e635dbff9f10a33cd2e20e3aea9f4a0
                                                                                        • Instruction Fuzzy Hash: 8C917072B1C65395F7609FA5D4802BE2BA0EB44B88F184139DE0EB76D6EF38D582C700
                                                                                        Function 00007FF65DAA7520 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWork
                                                                                        • String ID:
                                                                                        • API String ID: 4081100948-0
                                                                                        • Opcode ID: 433dcc4501cc22be7c96191e04221bbceba203970fa6bf234e56f01351b521ae
                                                                                        • Instruction ID: 4f56bc20d878723c1bb708830e2ea4fa9de7384a391bc1ca82d453dd6998beca
                                                                                        • Opcode Fuzzy Hash: 433dcc4501cc22be7c96191e04221bbceba203970fa6bf234e56f01351b521ae
                                                                                        • Instruction Fuzzy Hash: 0091E43261DAC585EA719B55E8503EFA7A1FBC8780F840136DACD93BA9EF2CD541CB40
                                                                                        Function 000002B45B059704 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 203985260-0
                                                                                        • Opcode ID: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                                                                        • Instruction ID: 071664b0aa3d3b97d39994d9a0c8cdf0837b83ecabae4fa951c83f853eef2162
                                                                                        • Opcode Fuzzy Hash: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                                                                        • Instruction Fuzzy Hash: CD2133B6624F44C7F7209F21E48831EB7B8F3AAF94F944125DB8557B55DB39C4418B10
                                                                                        Function 000002B45B059BF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                                                                        • String ID:
                                                                                        • API String ID: 156590933-0
                                                                                        • Opcode ID: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                                        • Instruction ID: 86fbdfa52f2319e6312105fc84602156e67e79ffca24362864ab712a1c8c6086
                                                                                        • Opcode Fuzzy Hash: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                                                                        • Instruction Fuzzy Hash: 961186A1214E4047EE706F65A0CC32A7B91E766FF0F949614EA6746EE6DB38C4408F10
                                                                                        Function 00007FF65DAF6530 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                        • String ID:
                                                                                        • API String ID: 2933794660-0
                                                                                        • Opcode ID: a6819c37be0477cab6629fe85bd40332cbc882bfc7744020e340a307dd6c19ab
                                                                                        • Instruction ID: becdbc591a1c2d5632c9137df7daf86a48ce403585116d8aa22db2ebaa8c5d62
                                                                                        • Opcode Fuzzy Hash: a6819c37be0477cab6629fe85bd40332cbc882bfc7744020e340a307dd6c19ab
                                                                                        • Instruction Fuzzy Hash: 63115A26B18F068AEB00CF60E8542B933B4FB59759F080E31DA6D96BA4EF38D158C340
                                                                                        Function 00007FF65DAA8830 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 356COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mpunctstd::ios_base::width
                                                                                        • String ID: @
                                                                                        • API String ID: 1954291571-2766056989
                                                                                        • Opcode ID: 03687c50ff717027d4cbf97da90ce4cd140f58e9f754c6eefb8b4b0b970cbde7
                                                                                        • Instruction ID: 7ac211f0bd1d21f8ccc11541fe489e126398d415458f46d0ab5d415735328b2e
                                                                                        • Opcode Fuzzy Hash: 03687c50ff717027d4cbf97da90ce4cd140f58e9f754c6eefb8b4b0b970cbde7
                                                                                        • Instruction Fuzzy Hash: 2A02183260DAC585DAB09B55E8943EFA7A1F7C8780F484132DACD93BA9EE7CC545CB00
                                                                                        Function 00007FF65DABE860 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 274COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fence64Read
                                                                                        • String ID: B$e
                                                                                        • API String ID: 3999070443-1081078989
                                                                                        • Opcode ID: c5527d5727164a535ea70a8198cdfd9bb409c33ca9616b643965ae659df559ff
                                                                                        • Instruction ID: 028d7ec3264793be9f79190cb09c70d10dee4ab7d21211697963f127c2a24241
                                                                                        • Opcode Fuzzy Hash: c5527d5727164a535ea70a8198cdfd9bb409c33ca9616b643965ae659df559ff
                                                                                        • Instruction Fuzzy Hash: E2E1F27261DAC989EA60CB55E4903ABB7A0F788784F544126EBCD83B99EF7CD1458B00
                                                                                        Function 00007FF65DACB990 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 265COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Ptr_base.LIBCMTD ref: 00007FF65DACBBD3
                                                                                          • Part of subcall function 00007FF65DAAB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF65DAAB84F
                                                                                          • Part of subcall function 00007FF65DAAB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF65DAAB87C
                                                                                          • Part of subcall function 00007FF65DAB86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF65DAB86DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                                                        • String ID: integral cannot be stored in char$x
                                                                                        • API String ID: 221360887-211560653
                                                                                        • Opcode ID: 37da2e45b0d7b3146df98e9d44cab3b08f691e1043df3819007dde9a53eafa5e
                                                                                        • Instruction ID: d9922b5ba523581a11cc22fe4c7e4d0646536ec86bbdc4829b45462164a64613
                                                                                        • Opcode Fuzzy Hash: 37da2e45b0d7b3146df98e9d44cab3b08f691e1043df3819007dde9a53eafa5e
                                                                                        • Instruction Fuzzy Hash: 8AE1083260CBC595E6B19B55E4943EBBBA0F785740F884136EACC93BA9EF2DD544CB00
                                                                                        Function 00007FF65DACDDF0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Ptr_base.LIBCMTD ref: 00007FF65DACE038
                                                                                          • Part of subcall function 00007FF65DAAB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF65DAAB84F
                                                                                          • Part of subcall function 00007FF65DAAB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF65DAAB87C
                                                                                          • Part of subcall function 00007FF65DAB86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF65DAB86DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                                                        • String ID: integral cannot be stored in char$x
                                                                                        • API String ID: 221360887-211560653
                                                                                        • Opcode ID: 1596abfdd457b49d8574ff87fe7b334aa10946dc342344dab65ebbd4e4ec0ae5
                                                                                        • Instruction ID: a74452373b81f0de2228de4c9061d1a9c938f0be997826f19a1e4480cd1c0c93
                                                                                        • Opcode Fuzzy Hash: 1596abfdd457b49d8574ff87fe7b334aa10946dc342344dab65ebbd4e4ec0ae5
                                                                                        • Instruction Fuzzy Hash: ECE1193260CAC599EA719B55E4943EBB7A4F7C5740F884126EACC93BA9EF3CD544CB00
                                                                                        Function 00007FF65DACCC20 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Ptr_base.LIBCMTD ref: 00007FF65DACCE5E
                                                                                          • Part of subcall function 00007FF65DAAB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF65DAAB84F
                                                                                          • Part of subcall function 00007FF65DAAB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF65DAAB87C
                                                                                          • Part of subcall function 00007FF65DAB86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF65DAB86DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                                                        • String ID: integral cannot be stored in char$x
                                                                                        • API String ID: 221360887-211560653
                                                                                        • Opcode ID: f68e61a9b24bcdbe501b4cb4a8be31105e4a74e301578b4c8d38f57891bf8768
                                                                                        • Instruction ID: 55333c7e960aacaf13aa980d12124db53db0badefeb2ea609a5c16d96dd2e187
                                                                                        • Opcode Fuzzy Hash: f68e61a9b24bcdbe501b4cb4a8be31105e4a74e301578b4c8d38f57891bf8768
                                                                                        • Instruction Fuzzy Hash: ECE1F73260CBC595EAB1DB55E4843EBB7A0F785740F484126EACD93BA9EF2CD544CB00
                                                                                        Function 00007FF65DACD500 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Ptr_base.LIBCMTD ref: 00007FF65DACD748
                                                                                          • Part of subcall function 00007FF65DAAB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF65DAAB84F
                                                                                          • Part of subcall function 00007FF65DAAB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF65DAAB87C
                                                                                          • Part of subcall function 00007FF65DAB86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF65DAB86DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                                                        • String ID: integral cannot be stored in char$x
                                                                                        • API String ID: 221360887-211560653
                                                                                        • Opcode ID: 4b244738b26a5789b77ad3fd3cb99100bb612cdf3abe259f1d14dde2a12ef4b0
                                                                                        • Instruction ID: 57a26fad79d84ee18da8ca772f3aa189639ae69d42a1ff1578d2b6c48bbc9df2
                                                                                        • Opcode Fuzzy Hash: 4b244738b26a5789b77ad3fd3cb99100bb612cdf3abe259f1d14dde2a12ef4b0
                                                                                        • Instruction Fuzzy Hash: 20E1083260CAC599EA719B55E4943EBB7A4F7C9740F884126DACC93BA9EF3CD544CB00
                                                                                        Function 00007FF65DACC340 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _Ptr_base.LIBCMTD ref: 00007FF65DACC57E
                                                                                          • Part of subcall function 00007FF65DAAB830: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF65DAAB84F
                                                                                          • Part of subcall function 00007FF65DAAB830: std::locale::_Getfacet.LIBCPMTD ref: 00007FF65DAAB87C
                                                                                          • Part of subcall function 00007FF65DAB86A0: std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF65DAB86DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: std::_$Fac_nodeFac_node::_GetfacetListLockitLockit::_Ptr_basestd::locale::_
                                                                                        • String ID: integral cannot be stored in char$x
                                                                                        • API String ID: 221360887-211560653
                                                                                        • Opcode ID: 1077f688a18f0bb061bb1737b16c4c955e09df886ced37da15a21ec57a8cb352
                                                                                        • Instruction ID: 4ba42eb35d92ba225ed29896360099389be1675da22e67c1d03fe854c3cf452d
                                                                                        • Opcode Fuzzy Hash: 1077f688a18f0bb061bb1737b16c4c955e09df886ced37da15a21ec57a8cb352
                                                                                        • Instruction Fuzzy Hash: 75E1F53660CBC589E6B1DB55E4843EBB7A0F785744F884126EACD93BA9EF2CD544CB00
                                                                                        Function 000002B45AFCEAA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: [json.exception.
                                                                                        • API String ID: 0-791563284
                                                                                        • Opcode ID: 592879274f2377c88e15551e45b0d898f1beb6016a4ce4fa7b521ea37185a7f5
                                                                                        • Instruction ID: 2bdc137a31124e5afb3d3cab2f5e5ea9251905f80076e674002d0b51dd318d36
                                                                                        • Opcode Fuzzy Hash: 592879274f2377c88e15551e45b0d898f1beb6016a4ce4fa7b521ea37185a7f5
                                                                                        • Instruction Fuzzy Hash: E871E263B10F9086F720EF7AD89439D37A1E7A5B94F944216DEA917B9BCB78C085C340
                                                                                        Function 00007FF65DAE3E7C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: .$_.,
                                                                                        • API String ID: 3215553584-3384562259
                                                                                        • Opcode ID: 5005c32137a548dfb07fd7f872a37727fbf1990c54d12e514ca1fba1ab344483
                                                                                        • Instruction ID: 23264b4b60d4587ca2ed5eb941e55289ea1fb68f19269c50aa9e7b7260008c3c
                                                                                        • Opcode Fuzzy Hash: 5005c32137a548dfb07fd7f872a37727fbf1990c54d12e514ca1fba1ab344483
                                                                                        • Instruction Fuzzy Hash: 3C41D232E0D24385EB758AA5D4416BBA3A1EF407A1F5C0635DA1DABAC1FF7CE995C200
                                                                                        Function 000002B45AFF4780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1887518461.000002B45AFA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002B45AFA0000, based on PE: true
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_2b45afa0000_apilibx64.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 3988782225-1405518554
                                                                                        • Opcode ID: a58eb3bf0f302d7abd68863794c76069cb31983c6482653a656e5a68ed28bb2b
                                                                                        • Instruction ID: 0e0d51571e45166ff0fdc8fe35d4b080a5ae15111b7cfdb3f0e6fed67761842e
                                                                                        • Opcode Fuzzy Hash: a58eb3bf0f302d7abd68863794c76069cb31983c6482653a656e5a68ed28bb2b
                                                                                        • Instruction Fuzzy Hash: 47513A73302E408AFB60EFA0D8D43AC33A4FB64B48F844026EB5967A96DB34C519C314
                                                                                        Function 00007FF65DAC80FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: isnan
                                                                                        • String ID: nan$p
                                                                                        • API String ID: 3207536064-2149505255
                                                                                        • Opcode ID: 9322a994478f8a1e71212c7b64208aeab5a97f826a7379df3ff919e47543f4b3
                                                                                        • Instruction ID: 1014f2f7b0dc5a58127839d68dbb58d08dad626d209d87042401016531ca6ab3
                                                                                        • Opcode Fuzzy Hash: 9322a994478f8a1e71212c7b64208aeab5a97f826a7379df3ff919e47543f4b3
                                                                                        • Instruction Fuzzy Hash: AB51B33260DBC988E6B18B65E4403EFB6A4F789B50F484026DACC96B99EF7CD144CF11
                                                                                        Function 00007FF65DAC9CFF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: isnan
                                                                                        • String ID: nan$p
                                                                                        • API String ID: 3207536064-2149505255
                                                                                        • Opcode ID: 9481a30ab3fd2cd97439ded438629b95f0626152fff0811fa843788489d09e16
                                                                                        • Instruction ID: 4046d82a118bdb27774c23896ea74b3a633ab77e34e792e12c9695f0b247ea02
                                                                                        • Opcode Fuzzy Hash: 9481a30ab3fd2cd97439ded438629b95f0626152fff0811fa843788489d09e16
                                                                                        • Instruction Fuzzy Hash: B351AF3261DBC588E7B1CA65E4503EFB6A8FB85790F484126DACD96B99EF3CD140CB10
                                                                                        Function 00007FF65DAC91FF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: isnan
                                                                                        • String ID: nan$p
                                                                                        • API String ID: 3207536064-2149505255
                                                                                        • Opcode ID: 212ba282b589994af6719a8786fa105b4abc7be932bc5a6e8be15af795549e72
                                                                                        • Instruction ID: 1bb798d3cd123fd432120cc8870dea76550ec51fed396533b9add7b6ee084331
                                                                                        • Opcode Fuzzy Hash: 212ba282b589994af6719a8786fa105b4abc7be932bc5a6e8be15af795549e72
                                                                                        • Instruction Fuzzy Hash: CA51B13260DBC588E6B18B65E4503EFB6A8FB85751F484126DACD96B99EF3CD144CB00
                                                                                        Function 00007FF65DAEE92C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastWrite
                                                                                        • String ID: U
                                                                                        • API String ID: 442123175-4171548499
                                                                                        • Opcode ID: 803ea60b07f2bfd039fe1532e5b1b15e9d3e37eaacb6a5ccb339d6080fddc9c5
                                                                                        • Instruction ID: b8e71c01355d76277a29d95d70ee4b039ca1b434e62eeb4eb0bce616e61e9d4a
                                                                                        • Opcode Fuzzy Hash: 803ea60b07f2bfd039fe1532e5b1b15e9d3e37eaacb6a5ccb339d6080fddc9c5
                                                                                        • Instruction Fuzzy Hash: 49418E72A1CA4282EB609F65E8443AAB6A1FB98784F484135EA4DD77D9EF3CD501C740
                                                                                        Function 00007FF65DAC78B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::details::_SchedulerScheduler::_
                                                                                        • String ID: Invalid format string.$Missing precision specifier.
                                                                                        • API String ID: 2780765137-617221873
                                                                                        • Opcode ID: 4ca59656c3cc1c0764987cb03f835006a52b7bc3725c2088db24ddf1b17c7d77
                                                                                        • Instruction ID: 5e52e40fcf72325c016841630433b3ab2db5ba0301eb75ea5fcd017fbc0501a7
                                                                                        • Opcode Fuzzy Hash: 4ca59656c3cc1c0764987cb03f835006a52b7bc3725c2088db24ddf1b17c7d77
                                                                                        • Instruction Fuzzy Hash: 0C31393251DAC585DA51CB95E48012FFBA4F7897A0F481532F6CDD3BA9EFACD5018B00
                                                                                        Function 00007FF65DAD0060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ptr_base
                                                                                        • String ID: x
                                                                                        • API String ID: 897191226-2363233923
                                                                                        • Opcode ID: a98be8c2056132d05dbec4f152304ae5764991d5042131e464acb9f7d0bc06b8
                                                                                        • Instruction ID: 8624eddbf38c7c75592c4d16af7a1a6884e4a98d31d408892a2a45df842f5163
                                                                                        • Opcode Fuzzy Hash: a98be8c2056132d05dbec4f152304ae5764991d5042131e464acb9f7d0bc06b8
                                                                                        • Instruction Fuzzy Hash: F6314F21A0D58181F720A755E84413B6B70BB86784F984132FBCD97AEAEF1DD945CB08
                                                                                        Function 00007FF65DAC7761 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fac_nodeFac_node::_std::_
                                                                                        • String ID: ^$invalid fill character '{'
                                                                                        • API String ID: 1114552684-1467272599
                                                                                        • Opcode ID: 719a7894ea2433418be1f6a2a8793a54ba95e5472bef42d9267058544f7ac8f4
                                                                                        • Instruction ID: 30a6d1f3fe62ae6375d6167f1f8d28c67926bc65edfa037388b1b253f5e84e9c
                                                                                        • Opcode Fuzzy Hash: 719a7894ea2433418be1f6a2a8793a54ba95e5472bef42d9267058544f7ac8f4
                                                                                        • Instruction Fuzzy Hash: F521322260DBC984E6718B99E48037BA794E7C5794F481431EACD92BEADF6CD540CB00
                                                                                        Function 00007FF65DAD0920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ptr_base
                                                                                        • String ID: x
                                                                                        • API String ID: 897191226-2363233923
                                                                                        • Opcode ID: 7016c2d3df3c20257f2f836e6a0a8dc63c202ef464d6a10d065f226a5f5ba269
                                                                                        • Instruction ID: ee4f99e85cbc9089d3cd9976d99265c03065aa37ffd7fbf2892831c8a4037556
                                                                                        • Opcode Fuzzy Hash: 7016c2d3df3c20257f2f836e6a0a8dc63c202ef464d6a10d065f226a5f5ba269
                                                                                        • Instruction Fuzzy Hash: 68315021A1DA8185F720A765E08423BA770FB81784F584532FB8D97AEADF2DD945CB04
                                                                                        Function 00007FF65DAD03B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ptr_base
                                                                                        • String ID: x
                                                                                        • API String ID: 897191226-2363233923
                                                                                        • Opcode ID: 9bfe9e957daf48727a13c624664f7626c2dd4fb6e28bca9134fae2d2c54b9db9
                                                                                        • Instruction ID: 36c7a85d6a9e3ae06c6c9efd602f863ad85f36aac3d5c104e6a42e98b821ac14
                                                                                        • Opcode Fuzzy Hash: 9bfe9e957daf48727a13c624664f7626c2dd4fb6e28bca9134fae2d2c54b9db9
                                                                                        • Instruction Fuzzy Hash: F1319171A0D68181F720A755E04467B6B70FB81384F984132FACD97AEAEF2DD946CB44
                                                                                        Function 00007FF65DAF77D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF65DAF651B), ref: 00007FF65DAF7824
                                                                                        • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF65DAF651B), ref: 00007FF65DAF7865
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1888014001.00007FF65DAA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF65DAA0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1887987009.00007FF65DAA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DB0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888075482.00007FF65DDBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888308048.00007FF65DDC9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1888326292.00007FF65DDCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff65daa0000_apilibx64.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                        • String ID: csm
                                                                                        • API String ID: 2573137834-1018135373
                                                                                        • Opcode ID: c503307943bf2825cf6e1cf168de274f8e029fc4329f5c4f3fb9745047db57ca
                                                                                        • Instruction ID: 1d4762754f0b436f30dbcc4f1c48188b075fce3c371017e5c51c9c71aa5aeeee
                                                                                        • Opcode Fuzzy Hash: c503307943bf2825cf6e1cf168de274f8e029fc4329f5c4f3fb9745047db57ca
                                                                                        • Instruction Fuzzy Hash: D6115B3661CB8182EB618F15E44026A77E5FB88B85F584634EE8C577A8EF3CC591CB40