Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1584231
MD5:e4988eb723ce5d55a74e5797c22f5d83
SHA1:6440cdb22f83128c928269b09425f030ed158ccf
SHA256:d7e8681893924d22c41513ebf851a219cc2fc08322a9353afaf2b2575c107ae1
Tags:exeuser-jstrosch
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse usering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2144 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E4988EB723CE5D55A74E5797C22F5D83)
    • conhost.exe (PID: 1824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • file.exe (PID: 5336 cmdline: "C:\Users\user\Desktop\file.exe" MD5: E4988EB723CE5D55A74E5797C22F5D83)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "5", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
      • 0xff0dc:$str01: emoji
      • 0x1018d8:$str02: %d-%m-%Y, %H:%M:%S
      • 0x101940:$str03: [UTC
      • 0x10194c:$str04: user_name
      • 0x101970:$str05: computer_name
      • 0x101994:$str06: timezone
      • 0x1018c4:$str07: current_path()
      • 0xff0a8:$str08: [json.exception.
      • 0x11502e:$str09: GDI32.dll
      • 0x1152a0:$str10: GdipGetImageEncoders
      • 0x115318:$str10: GdipGetImageEncoders
      • 0x114948:$str11: GetGeoInfoA
      Process Memory Space: file.exe PID: 5336JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: file.exe PID: 5336JoeSecurity_CredGrabberYara detected CredGrabberJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.file.exe.1407220.1.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.file.exe.1407220.1.raw.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
            • 0xfd6dc:$str01: emoji
            • 0xffed8:$str02: %d-%m-%Y, %H:%M:%S
            • 0xfff40:$str03: [UTC
            • 0xfff4c:$str04: user_name
            • 0xfff70:$str05: computer_name
            • 0xfff94:$str06: timezone
            • 0xffec4:$str07: current_path()
            • 0xfd6a8:$str08: [json.exception.
            • 0x11362e:$str09: GDI32.dll
            • 0x1138a0:$str10: GdipGetImageEncoders
            • 0x113918:$str10: GdipGetImageEncoders
            • 0x112f48:$str11: GetGeoInfoA
            3.2.file.exe.400000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              3.2.file.exe.400000.0.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
              • 0xfd6dc:$str01: emoji
              • 0xffed8:$str02: %d-%m-%Y, %H:%M:%S
              • 0xfff40:$str03: [UTC
              • 0xfff4c:$str04: user_name
              • 0xfff70:$str05: computer_name
              • 0xfff94:$str06: timezone
              • 0xffec4:$str07: current_path()
              • 0xfd6a8:$str08: [json.exception.
              • 0x11362e:$str09: GDI32.dll
              • 0x1138a0:$str10: GdipGetImageEncoders
              • 0x113918:$str10: GdipGetImageEncoders
              • 0x112f48:$str11: GetGeoInfoA
              3.2.file.exe.400000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
                Click to see the 3 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T22:58:13.672112+010020494411A Network Trojan was detected192.168.2.64970966.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T22:58:13.672112+010020508061A Network Trojan was detected192.168.2.64970966.63.187.17315666TCP
                2025-01-04T22:58:13.677099+010020508061A Network Trojan was detected192.168.2.64970966.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-04T22:58:13.672112+010020508071A Network Trojan was detected192.168.2.64970966.63.187.17315666TCP
                2025-01-04T22:58:13.677099+010020508071A Network Trojan was detected192.168.2.64970966.63.187.17315666TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0.2.file.exe.1407220.1.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "5", "links": "", "port": 15666}
                Multi AV Scanner detection for submitted file
                Source: file.exeVirustotal: Detection: 57%Perma Link
                Source: file.exeReversingLabs: Detection: 73%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                Machine Learning detection for sample
                Source: file.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047A610 CryptUnprotectData,LocalFree,3_2_0047A610
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043D4A0 BCryptDestroyKey,3_2_0043D4A0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047A950 CryptProtectData,LocalFree,3_2_0047A950
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047AAE0 BCryptDecrypt,BCryptDecrypt,3_2_0047AAE0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00440B60 CryptUnprotectData,LocalFree,3_2_00440B60
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047AE10 BCryptCloseAlgorithmProvider,3_2_0047AE10
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047AE80 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,3_2_0047AE80
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49710 version: TLS 1.2
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ABE9A FindFirstFileExW,0_2_009ABE9A
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ABF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_009ABF4B
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004402D0 FindFirstFileW,FindNextFileW,3_2_004402D0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,3_2_004B84C0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,3_2_004B8545
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B84E0 FindFirstFileExW,3_2_004B84E0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004BAB85 FindFirstFileExW,3_2_004BAB85
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009ABE9A FindFirstFileExW,3_2_009ABE9A
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009ABF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_009ABF4B
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00487550 GetLogicalDriveStringsW,3_2_00487550
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.6:49709 -> 66.63.187.173:15666
                Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.6:49709 -> 66.63.187.173:15666
                Source: global trafficTCP traffic: 192.168.2.6:49709 -> 66.63.187.173:15666
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.6:49709 -> 66.63.187.173:15666
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00485350 recv,recv,recv,recv,recv,recv,closesocket,WSACleanup,3_2_00485350
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                Source: file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/x
                Source: file.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                Source: file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: file.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: file.exe, 00000003.00000003.2157138062.0000000004D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157138062.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: file.exe, 00000003.00000003.2157138062.0000000004D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157138062.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: file.exe, 00000003.00000003.2157138062.0000000004D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157138062.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: file.exe, 00000003.00000002.3391417827.0000000001522000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48
                Source: file.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: file.exe, 00000003.00000003.2161442931.0000000004229000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.moz
                Source: file.exe, 00000003.00000003.2166824887.0000000003FB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: file.exe, 00000003.00000003.2166824887.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: file.exe, 00000003.00000003.2166824887.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                Source: file.exe, 00000003.00000002.3391417827.0000000001522000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=
                Source: file.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                Source: file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: file.exe, 00000003.00000003.2161080066.0000000004638000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2167631628.0000000004DD5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2166824887.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2162796947.000000000532A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2167955403.0000000004D55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: file.exe, 00000003.00000003.2166824887.0000000003FB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org#
                Source: file.exe, 00000003.00000003.2166824887.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                Source: file.exe, 00000003.00000003.2166824887.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                Source: file.exe, 00000003.00000003.2166824887.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: file.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49710 version: TLS 1.2
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00485F00 GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,3_2_00485F00

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.file.exe.1407220.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 3.2.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 3.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 0.2.file.exe.1407220.1.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0048A0A0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,3_2_0048A0A0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,3_2_0048A710
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A10000_2_009A1000
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A52350_2_009A5235
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009B15420_2_009B1542
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004422D03_2_004422D0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043A2B03_2_0043A2B0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004464003_2_00446400
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004884003_2_00488400
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043E4F03_2_0043E4F0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004395D03_2_004395D0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004877803_2_00487780
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004858403_2_00485840
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043C9703_2_0043C970
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004479C03_2_004479C0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00459A063_2_00459A06
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0046EB703_2_0046EB70
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0046BCE03_2_0046BCE0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00439D603_2_00439D60
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00470EF03_2_00470EF0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043BF703_2_0043BF70
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004620803_2_00462080
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004320A03_2_004320A0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004A70A73_2_004A70A7
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0042D1503_2_0042D150
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004791303_2_00479130
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004741903_2_00474190
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004612503_2_00461250
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004082703_2_00408270
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B63803_2_004B6380
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004074703_2_00407470
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004624103_2_00462410
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004A54263_2_004A5426
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0045C4C03_2_0045C4C0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043D4A03_2_0043D4A0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047E5803_2_0047E580
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0046B6203_2_0046B620
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004687503_2_00468750
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004197703_2_00419770
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0045C7003_2_0045C700
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004917CA3_2_004917CA
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0045D7A03_2_0045D7A0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004627A03_2_004627A0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0049687E3_2_0049687E
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B68703_2_004B6870
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043A8003_2_0043A800
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004938003_2_00493800
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0049F8A23_2_0049F8A2
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004619403_2_00461940
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004459503_2_00445950
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004789903_2_00478990
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004ACA4B3_2_004ACA4B
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00406AE03_2_00406AE0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B3AE03_2_004B3AE0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00430AF03_2_00430AF0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0048AA803_2_0048AA80
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00414AA03_2_00414AA0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0045EAA03_2_0045EAA0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00476AB63_2_00476AB6
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00462B503_2_00462B50
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00482C4B3_2_00482C4B
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004BCC403_2_004BCC40
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B6C403_2_004B6C40
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00461CC03_2_00461CC0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00478D403_2_00478D40
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B6D303_2_004B6D30
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B1D303_2_004B1D30
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00440DE03_2_00440DE0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0043AE503_2_0043AE50
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0042EEA03_2_0042EEA0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00406F403_2_00406F40
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00444F503_2_00444F50
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00443F003_2_00443F00
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00456F003_2_00456F00
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00412FA03_2_00412FA0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A10003_2_009A1000
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A52353_2_009A5235
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009B15423_2_009B1542
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 004AC500 appears 58 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 004517F0 appears 76 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 009A970F appears 36 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 009A51F0 appears 64 times
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: 0.2.file.exe.1407220.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 3.2.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 3.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 0.2.file.exe.1407220.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: file.exeStatic PE information: Section: .bss ZLIB complexity 1.0003138195647467
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/0@1/2
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0048CB50 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,3_2_0048CB50
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004473D0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,3_2_004473D0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00477EE0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,3_2_00477EE0
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1824:120:WilError_03
                Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69636699A203
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: file.exe, 00000003.00000003.2160139140.0000000004D54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: file.exeVirustotal: Detection: 57%
                Source: file.exeReversingLabs: Detection: 73%
                Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: file.exeStatic file information: File size 1293312 > 1048576
                Source: file.exeStatic PE information: Raw size of .bss is bigger than: 0x100000 < 0x120a00
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,3_2_00446400
                Source: file.exeStatic PE information: section name: .OO
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A46A3 push ecx; ret 0_2_009A46B6
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004ACE0C push ecx; ret 3_2_004ACE1F
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A46A3 push ecx; ret 3_2_009A46B6
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047E240 GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,ExitProcess,ReleaseMutex,CloseHandle,3_2_0047E240
                Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-58064
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ABE9A FindFirstFileExW,0_2_009ABE9A
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009ABF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_009ABF4B
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004402D0 FindFirstFileW,FindNextFileW,3_2_004402D0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,3_2_004B84C0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,3_2_004B8545
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004B84E0 FindFirstFileExW,3_2_004B84E0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004BAB85 FindFirstFileExW,3_2_004BAB85
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009ABE9A FindFirstFileExW,3_2_009ABE9A
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009ABF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_009ABF4B
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00487550 GetLogicalDriveStringsW,3_2_00487550
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00498574 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,3_2_00498574
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: file.exe, 00000003.00000002.3391417827.00000000014F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: file.exe, 00000003.00000003.2160139140.0000000004D3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lqeMuUnwoUAFmVChtHrzZUujZ1qMtmQu;
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: file.exe, 00000003.00000003.2159262957.0000000003F5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_3-58084
                Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,3_2_0048A710
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A78CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A78CC
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00498574 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C3_2_00498574
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,3_2_00446400
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009BA1A9 mov edi, dword ptr fs:[00000030h]0_2_009BA1A9
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A1770 mov edi, dword ptr fs:[00000030h]0_2_009A1770
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A1770 mov edi, dword ptr fs:[00000030h]3_2_009A1770
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A9726 GetProcessHeap,0_2_009A9726
                Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A78CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A78CC
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A501B SetUnhandledExceptionFilter,0_2_009A501B
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A5027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A5027
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A45B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009A45B7
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004AC6BF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_004AC6BF
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004AC80A SetUnhandledExceptionFilter,3_2_004AC80A
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00497B2D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00497B2D
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004ABFD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004ABFD4
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A501B SetUnhandledExceptionFilter,3_2_009A501B
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A5027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_009A5027
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A45B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_009A45B7
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_009A78CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_009A78CC

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009BA1A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_009BA1A9
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_0047D2F0 ShellExecuteW,OpenProcessToken,GetCurrentProcess,GetTokenInformation,std::ios_base::_Ios_base_dtor,3_2_0047D2F0
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_00486C50 cpuid 3_2_00486C50
                Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_004A6109
                Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoEx,FormatMessageA,3_2_004B824D
                Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,3_2_004A620F
                Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_004A62E5
                Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,3_2_0049C70E
                Source: C:\Users\user\Desktop\file.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,3_2_004A5970
                Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,3_2_004A5C67
                Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,3_2_004A5C1C
                Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,3_2_0049CCB0
                Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,3_2_004A5D02
                Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_004A5D8D
                Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,3_2_004A5FE0
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009A48D3 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_009A48D3
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004863F0 GetUserNameW,3_2_004863F0
                Source: C:\Users\user\Desktop\file.exeCode function: 3_2_004A1074 GetTimeZoneInformation,3_2_004A1074

                Stealing of Sensitive Information

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5336, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.file.exe.1407220.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.1407220.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5336, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum\wallets
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\config
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
                Source: file.exe, 00000003.00000002.3391417827.0000000001522000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\Local State
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Source: file.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5336, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5336, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.file.exe.1407220.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.1407220.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 5336, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		12
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol2
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Access Token Manipulation                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook211
                Process Injection                		1
                Software Packing                		NTDS34
                System Information Discovery                		Distributed Component Object Model1
                Email Collection                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Query Registry                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Access Token Manipulation                		Cached Domain Credentials21
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                Process Injection                		DCSync2
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                System Owner/User Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                System Network Configuration Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe58%VirustotalBrowse
                file.exe74%ReversingLabsWin32.Infostealer.Tinba
                file.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://support.moz0%Avira URL Cloudsafe
                https://imp.mt480%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                api.ipify.org
                		104.26.12.205
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ac.ecosia.org/autocomplete?q=file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/chrome_newtabfile.exe, 00000003.00000003.2157138062.0000000004D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157138062.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=file.exe, 00000003.00000003.2157138062.0000000004D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157138062.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://support.mozfile.exe, 00000003.00000003.2161442931.0000000004229000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYtfile.exe, 00000003.00000003.2166824887.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfile.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://api.ipify.org/xfile.exe, 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifile.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3file.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000003.00000003.2157138062.0000000004D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D3C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157138062.0000000004D54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.amazon.com/?tag=file.exe, 00000003.00000002.3391417827.0000000001522000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://support.mozilla.orgfile.exe, 00000003.00000003.2166824887.0000000003FB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.ecosia.org/newtab/file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000003.00000003.2157371141.0000000004D54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000003.00000003.2166824887.0000000003FC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://imp.mt48file.exe, 00000003.00000002.3391417827.0000000001522000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_file.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctafile.exe, 00000003.00000003.2168693559.0000000001575000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          104.26.12.205
                                                          		api.ipify.orgUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          66.63.187.173
                                                          		unknownUnited States
                                                          		8100ASN-QUADRANET-GLOBALUStrue

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1584231
                                                          Start date and time:2025-01-04 22:57:13 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 5m 29s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:7
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:file.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@4/0@1/2
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HCA Information:
                                                          • Successful, ratio: 100%
                                                          • Number of executed functions: 82
                                                          • Number of non-executed functions: 130
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size exceeded maximum capacity and may have missing network information.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          No simulations

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          104.26.12.205RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                          • api.ipify.org/
                                                          jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                          • api.ipify.org/?format=text
                                                          xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                          • api.ipify.org/
                                                          GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                          • api.ipify.org/
                                                          8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                          • api.ipify.org/
                                                          Simple2.exeGet hashmaliciousUnknownBrowse
                                                          • api.ipify.org/
                                                          Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                          • api.ipify.org/
                                                          Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                          • api.ipify.org/
                                                          6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                          • api.ipify.org/
                                                          perfcc.elfGet hashmaliciousXmrigBrowse
                                                          • api.ipify.org/

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          api.ipify.orghttp://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                          • 172.67.74.152
                                                          https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                          • 104.26.12.205
                                                          vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                          • 104.26.12.205
                                                          Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 104.26.12.205
                                                          RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                          • 104.26.12.205
                                                          Loader.exeGet hashmaliciousMeduza StealerBrowse
                                                          • 104.26.13.205
                                                          Jx6bD8nM4qW9sL3v.exeGet hashmaliciousUnknownBrowse
                                                          • 104.26.12.205
                                                          dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                          • 104.26.13.205
                                                          soft 1.14.exeGet hashmaliciousMeduza StealerBrowse
                                                          • 104.26.13.205
                                                          markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                          • 104.26.13.205

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                          • 104.21.64.1
                                                          J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.56.70
                                                          SOElePqvtf.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.64.1
                                                          m4lz5aeAiN.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.80.1
                                                          ehD7zv3l4U.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.112.1
                                                          rdFy6abQ61.exeGet hashmaliciousLummaCBrowse
                                                          • 104.21.96.1
                                                          HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                          • 104.21.38.84
                                                          9g9LZNE4bH.exeGet hashmaliciousBlank GrabberBrowse
                                                          • 162.159.137.232
                                                          riFSkYVMKB.exeGet hashmaliciousBlank GrabberBrowse
                                                          • 162.159.138.232
                                                          9cOUjp7ybm.exeGet hashmaliciousLummaCBrowse
                                                          • 188.114.96.3
                                                          ASN-QUADRANET-GLOBALUSFantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                          • 104.223.10.34
                                                          1.elfGet hashmaliciousUnknownBrowse
                                                          • 72.11.146.74
                                                          Aqua.arm7.elfGet hashmaliciousMiraiBrowse
                                                          • 193.111.248.108
                                                          Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                          • 193.111.248.108
                                                          Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                          • 193.111.248.108
                                                          DEMONS.ppc.elfGet hashmaliciousUnknownBrowse
                                                          • 162.220.9.64
                                                          Hilix.ppc.elfGet hashmaliciousMiraiBrowse
                                                          • 45.199.228.221
                                                          Hilix.m68k.elfGet hashmaliciousMiraiBrowse
                                                          • 45.199.228.219
                                                          Hilix.x86.elfGet hashmaliciousMiraiBrowse
                                                          • 45.199.228.215

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          37f463bf4616ecd445d4a1937da06e19J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                                                          • 104.26.12.205
                                                          HGwpjJUqhW.exeGet hashmaliciousGhostRatBrowse
                                                          • 104.26.12.205
                                                          http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                          • 104.26.12.205
                                                          nv8401986_110422.exeGet hashmaliciousQjwmonkeyBrowse
                                                          • 104.26.12.205
                                                          adguardInstaller.exeGet hashmaliciousUnknownBrowse
                                                          • 104.26.12.205
                                                          adguardInstaller.exeGet hashmaliciousPureLog StealerBrowse
                                                          • 104.26.12.205
                                                          RisingStrip.exeGet hashmaliciousVidarBrowse
                                                          • 104.26.12.205
                                                          adguardVPNInstaller.exeGet hashmaliciousUnknownBrowse
                                                          • 104.26.12.205
                                                          ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                          • 104.26.12.205

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          No created / dropped files found

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (console) Intel 80386, for MS Windows
                                                          Entropy (8bit):7.959252484978052
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:file.exe
                                                          File size:1'293'312 bytes
                                                          MD5:e4988eb723ce5d55a74e5797c22f5d83
                                                          SHA1:6440cdb22f83128c928269b09425f030ed158ccf
                                                          SHA256:d7e8681893924d22c41513ebf851a219cc2fc08322a9353afaf2b2575c107ae1
                                                          SHA512:316c14812b8ceb3a00b52913d4da44ebdb666ead9be82eddedac1e41f323c6cbfd6d4df57ef94829fd6842a85c524b3b345fe347441ef476442047640a1112ac
                                                          SSDEEP:24576:Bdl/JxIgevnHodySw5KP8lXkV8sWGzv6VD0iNKlsTEc8GF71X:/l/E5vnIdyd5Q8lXkBmLNfk27F
                                                          TLSH:6955235131C0C4B1CBA3983645B0BB56553DF9314FB0A9FF278D59A15E22AD08A3CAFB
                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...bI\g..........".................\L............@.......................................@.................................D~..(..

                                                          File Icon

                                                          Icon Hash:00928e8e8686b000

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x404c5c
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows cui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x675C4962 [Fri Dec 13 14:49:06 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:6
                                                          OS Version Minor:0
                                                          File Version Major:6
                                                          File Version Minor:0
                                                          Subsystem Version Major:6
                                                          Subsystem Version Minor:0
                                                          Import Hash:2716f32d1d63b3fc977d6064633b778d

                                                          Entrypoint Preview

                                                          Instruction
                                                          call 00007FF0A545981Ah
                                                          jmp 00007FF0A5459439h
                                                          push ebp
                                                          mov ebp, esp
                                                          push dword ptr [ebp+08h]
                                                          call 00007FF0A54595CFh
                                                          neg eax
                                                          pop ecx
                                                          sbb eax, eax
                                                          neg eax
                                                          dec eax
                                                          pop ebp
                                                          ret
                                                          push ebp
                                                          mov ebp, esp
                                                          cmp dword ptr [0041B4F0h], FFFFFFFFh
                                                          push dword ptr [ebp+08h]
                                                          jne 00007FF0A54595C9h
                                                          call 00007FF0A545BBE1h
                                                          jmp 00007FF0A54595CDh
                                                          push 0041B4F0h
                                                          call 00007FF0A545BB64h
                                                          pop ecx
                                                          pop ecx
                                                          xor ecx, ecx
                                                          test eax, eax
                                                          cmove ecx, dword ptr [ebp+08h]
                                                          mov eax, ecx
                                                          pop ebp
                                                          ret
                                                          push 00000008h
                                                          push 00418D38h
                                                          call 00007FF0A5459B00h
                                                          and dword ptr [ebp-04h], 00000000h
                                                          mov eax, 00005A4Dh
                                                          cmp word ptr [00400000h], ax
                                                          jne 00007FF0A545961Fh
                                                          mov eax, dword ptr [0040003Ch]
                                                          cmp dword ptr [eax+00400000h], 00004550h
                                                          jne 00007FF0A545960Eh
                                                          mov ecx, 0000010Bh
                                                          cmp word ptr [eax+00400018h], cx
                                                          jne 00007FF0A5459600h
                                                          mov eax, dword ptr [ebp+08h]
                                                          mov ecx, 00400000h
                                                          sub eax, ecx
                                                          push eax
                                                          push ecx
                                                          call 00007FF0A5459742h
                                                          pop ecx
                                                          pop ecx
                                                          test eax, eax
                                                          je 00007FF0A54595E9h
                                                          cmp dword ptr [eax+24h], 00000000h
                                                          jl 00007FF0A54595E3h
                                                          mov dword ptr [ebp-04h], FFFFFFFEh
                                                          mov al, 01h
                                                          jmp 00007FF0A54595E1h
                                                          mov eax, dword ptr [ebp-14h]
                                                          mov eax, dword ptr [eax]
                                                          xor ecx, ecx
                                                          cmp dword ptr [eax], C0000005h
                                                          sete cl
                                                          mov eax, ecx
                                                          ret
                                                          mov esp, dword ptr [ebp-18h]

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x17e440x28.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d0000xe8.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e0000x12fc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x128080xc0.rdata
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x17fac0x140.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x10c150x10e0005d7420100633613bdbd5a889171c5f7False0.5704427083333333data6.50620173764596IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0x120000x72940x74004965eb04eb8b1b66b8d84a097bc01bc3False0.3977976831896552data4.65662016842751IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0x1a0000x1c100x12006a2a147d595c2e66ddd7fdd872225955False0.4281684027777778data4.604642940636322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .OO0x1c0000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x1d0000xe80x2000713d2c4e51a805f2ce8d9843bcbad43False0.306640625data2.337865625306241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x1e0000x12fc0x1400c56221e7af6185e7585b1796050bcf12False0.778515625data6.424268394395036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                          .bss0x200000x120a000x120a00758e5e316c6a0231fc6fbe8edfce45a4False1.0003138195647467data7.999822106926655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_MANIFEST0x1d0600x87XML 1.0 document, ASCII textEnglishUnited States0.8222222222222222

                                                          Imports

                                                          DLLImport
                                                          KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, CreateThread, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileType, GetLastError, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishUnited States

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2025-01-04T22:58:13.672112+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.64970966.63.187.17315666TCP
                                                          2025-01-04T22:58:13.672112+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.64970966.63.187.17315666TCP
                                                          2025-01-04T22:58:13.672112+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.64970966.63.187.17315666TCP
                                                          2025-01-04T22:58:13.677099+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.64970966.63.187.17315666TCP
                                                          2025-01-04T22:58:13.677099+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.64970966.63.187.17315666TCP

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Jan 4, 2025 22:58:08.773092985 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:08.777945995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:08.778024912 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:09.458374977 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:09.458434105 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:09.458499908 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:09.505877972 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:09.505899906 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:10.034733057 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:10.034817934 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:10.131495953 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:10.131525040 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:10.131854057 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:10.131918907 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:10.135380983 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:10.183331966 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:10.259530067 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:10.259592056 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:10.259594917 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:10.259648085 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:10.260500908 CET49710443192.168.2.6104.26.12.205
                                                          Jan 4, 2025 22:58:10.260516882 CET44349710104.26.12.205192.168.2.6
                                                          Jan 4, 2025 22:58:13.672111988 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.677000999 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677037001 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677052021 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677061081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677089930 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677098989 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677098989 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.677120924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.677139997 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677176952 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.677192926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.677200079 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677212954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677225113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.677238941 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.677301884 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.681940079 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.681950092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.681978941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.681991100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682018042 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682029009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682039022 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682041883 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682070017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682070971 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682080984 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682082891 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682116032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682120085 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682135105 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682152987 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682164907 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682173014 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682189941 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682205915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.682219982 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.682251930 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.686865091 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.686940908 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.686990976 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.687005043 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687017918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687055111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687058926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.687098980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687104940 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.687112093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687130928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687149048 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.687161922 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.687218904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687263012 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.687283993 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687362909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.687416077 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.691826105 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.691885948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.691899061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.691920996 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.691934109 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.691951990 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.691953897 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.691966057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.691970110 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.691993952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692008018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692019939 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692035913 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692039967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692047119 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692053080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692078114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692080021 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692091942 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692095995 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692105055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692115068 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692116976 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692137957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692157984 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692164898 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692178011 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692203045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692212105 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692220926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692244053 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692253113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692259073 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692260027 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692272902 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692286968 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692297935 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692297935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692310095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.692318916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.692342997 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.696836948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.696851969 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.696865082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.696893930 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.696908951 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.696913004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.696927071 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.696932077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.696945906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.696959019 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.696969032 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.696985006 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697052956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697155952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697170019 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697194099 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697205067 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697216034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697217941 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697235107 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697236061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697249889 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697263002 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697279930 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697293997 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697300911 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697313070 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697323084 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697344065 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697365046 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697376966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697381020 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697393894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697413921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697426081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697431087 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697444916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697451115 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697458029 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697483063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697484016 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697495937 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697498083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697515011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697526932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697539091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697540045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697559118 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697580099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.697580099 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697592020 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697602987 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.697644949 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.701729059 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701741934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701772928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701781034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701791048 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.701803923 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701811075 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.701817036 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701834917 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.701844931 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701858044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701862097 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.701886892 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.701909065 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.701970100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.701996088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702003956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702050924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702131033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702140093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702178955 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702187061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702199936 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702241898 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702260017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702277899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702286005 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702300072 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702327013 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702331066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702337980 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702342987 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702366114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702368975 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702378035 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702380896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702409983 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702416897 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702421904 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702430010 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702466965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702486992 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702505112 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702514887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702537060 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702545881 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702558041 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702568054 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702579021 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702590942 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702604055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702611923 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702622890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702636003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702650070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702661037 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.702662945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702672958 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.702699900 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706660032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706669092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706692934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706701040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706723928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706727028 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706734896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706763983 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706788063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706820011 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706831932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706841946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706855059 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706862926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706868887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706878901 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706883907 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706911087 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706933975 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.706963062 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.706971884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707004070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707015038 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707099915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707109928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707133055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707138062 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707145929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707154989 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707165003 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707184076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707212925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707226038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707247972 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707261086 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707320929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707330942 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707343102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707364082 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707374096 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707442999 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707467079 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707484007 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707496881 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707501888 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707505941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707515001 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707523108 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707540035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707544088 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707547903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707555056 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707556963 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707567930 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707607031 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707638979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707648993 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707683086 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707742929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707772017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707779884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707788944 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707803965 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707813025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.707823038 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707839966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.707871914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.711633921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711643934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711652994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711713076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.711745024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711785078 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.711816072 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711824894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711833000 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711863041 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.711864948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711906910 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711915970 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711927891 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.711934090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711950064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711951971 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.711958885 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711965084 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.711990118 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.711993933 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712003946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712009907 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712024927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712025881 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712033033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712045908 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712054968 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712063074 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712073088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712076902 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712095976 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712110996 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712111950 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712119102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712127924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712146044 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712168932 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712306023 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712325096 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712340117 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712348938 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712368011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712379932 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712424994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712440968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712455988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712475061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712486029 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712496042 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712498903 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712516069 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712517977 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712538958 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712542057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712548018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712553024 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712558031 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712565899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712574005 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712595940 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712604046 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712605000 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712622881 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712652922 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712678909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712687969 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712713957 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712723017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712726116 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712733030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712743044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712745905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712750912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.712784052 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.712795973 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.716514111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716532946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716545105 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716559887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716589928 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.716609001 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.716649055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716711044 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.716775894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716816902 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716864109 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.716922998 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716938972 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716948032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716955900 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716964006 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.716973066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717015982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717015982 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717025042 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717032909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717041016 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717082024 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717117071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717134953 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717144012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717150927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717159986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717168093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717175961 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717180967 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717184067 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717199087 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717200994 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717206955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717211962 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717222929 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717255116 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717308044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717348099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717389107 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717406034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717415094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717423916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717430115 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717432976 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717461109 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717475891 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717535973 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717545033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717576981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717617035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717633963 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717643023 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717652082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717653990 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717659950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717668056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717673063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717704058 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717720985 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717751980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717761040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717770100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717777967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717786074 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717792988 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717793941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717802048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717809916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.717828035 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.717878103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721391916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721479893 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721493006 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721545935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721571922 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721580982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721596003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721611023 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721626997 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721632957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721658945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721741915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721795082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721803904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721837997 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721846104 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721854925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721869946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721879005 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.721890926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721901894 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721925974 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.721997023 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722014904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722029924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722038031 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722053051 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722068071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722069025 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722083092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722096920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722101927 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722120047 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722146988 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722152948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722162008 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722170115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722207069 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722266912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722275972 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722286940 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722300053 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722309113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722317934 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722320080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722331047 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722342968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722357988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722374916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722383976 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722392082 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722395897 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722404957 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722408056 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722423077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722440004 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722440958 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722455025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722470045 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722480059 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722496986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722507954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722510099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722549915 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722584009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722600937 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722618103 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722626925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722646952 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722657919 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722740889 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722749949 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722758055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722774982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722785950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722791910 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722801924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722805977 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722810984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722819090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722826958 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.722827911 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722860098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.722872019 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726442099 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726450920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726460934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726484060 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726497889 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726499081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726509094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726520061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726526976 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726552010 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726566076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726723909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726732969 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726768970 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726769924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726778030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726807117 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726818085 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726841927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726851940 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726876974 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726880074 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726886034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726892948 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726892948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726907015 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726917982 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726922035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726943970 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726969957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726982117 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.726986885 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.726995945 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727004051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727030039 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727040052 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727211952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727221966 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727256060 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727269888 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727278948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727318048 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727354050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727363110 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727396011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727435112 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727452993 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727464914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727473974 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727488041 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727494001 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727497101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727521896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727530003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727531910 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727545977 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727554083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727579117 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727597952 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727643013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727652073 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727669001 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727678061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727686882 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727689981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727709055 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727715015 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727724075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727731943 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727746964 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727781057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727837086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727854013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727868080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727878094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727885008 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727893114 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727904081 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727916002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727926016 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727931023 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727940083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727947950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727956057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727969885 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727977991 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727978945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.727987051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.727994919 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.728029966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.731282949 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731306076 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731328964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731338978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731369019 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.731389046 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.731424093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731471062 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731479883 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731494904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731503963 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731513977 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.731520891 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.731539011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.731564045 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.731671095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.733048916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.767803907 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.769192934 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.769282103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774072886 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774095058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774104118 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774112940 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774126053 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774149895 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774173975 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774199963 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774214983 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774223089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774233103 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774241924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774252892 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774292946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774297953 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774301052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774312973 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774317026 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774326086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774333000 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774341106 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774348021 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774349928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774365902 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774375916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774384022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774396896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774415016 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774416924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774432898 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774457932 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774457932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774466991 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774467945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774497986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774506092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774518013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774527073 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774544001 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774557114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774571896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774585962 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.774599075 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.774629116 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.815648079 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.815864086 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.815954924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.815973997 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.867638111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.867852926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.867944002 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.867964029 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.872808933 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872818947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872843027 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872852087 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872859001 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.872868061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872888088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872895002 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.872903109 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872910976 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872929096 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.872942924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.872958899 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.872976065 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872983932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872992039 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.872999907 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873023987 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873034000 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873037100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873045921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873059988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873068094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873075962 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873081923 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873094082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873094082 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873109102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873115063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873116970 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873136997 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873145103 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873153925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873167992 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873187065 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873209953 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873218060 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873225927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873234034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873258114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873260021 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873266935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873267889 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873291969 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873313904 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873323917 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873332024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873366117 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873368979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873377085 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873411894 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873437881 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873445988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873491049 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873579025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873590946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873605967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873614073 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873620987 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873624086 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873635054 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873646975 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873648882 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873656988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873661041 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873665094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873677969 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873704910 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873714924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873723984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873732090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873755932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873764038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873764038 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873778105 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873785019 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873810053 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873897076 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873913050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873920918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873929024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873944044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873944044 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873951912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.873966932 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873980045 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.873990059 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.874002934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874013901 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874027967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874043941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874052048 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.874058008 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874063969 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.874067068 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874075890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874083042 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.874093056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874100924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874109030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874113083 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.874124050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874131918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874131918 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.874140024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.874155998 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.874182940 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.877723932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877733946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877741098 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877748966 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877784014 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.877830982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877875090 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.877929926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877938986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877945900 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.877975941 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.877989054 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878020048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878036022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878062010 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878065109 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878071070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878076077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878089905 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878098011 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878102064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878110886 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878117085 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878125906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878134966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878139973 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878149033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878165960 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878182888 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878185987 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878190994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878199100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878210068 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878225088 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878230095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878238916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878257036 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878268957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878299952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878318071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878325939 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878334045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878338099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878348112 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878355980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878360033 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878388882 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878406048 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878504992 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878513098 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878520966 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878528118 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878535986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878544092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878550053 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878561974 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878566980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878582954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878591061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878592968 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878598928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878606081 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878612995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878623962 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878624916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878640890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878649950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878649950 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878658056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878665924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878669977 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878674984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878683090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878689051 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878701925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878711939 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878715038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878716946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878732920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878740072 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878747940 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878756046 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878757954 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878776073 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878813982 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878833055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878871918 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878921986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878930092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878942013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878961086 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878962040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878984928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.878988981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.878993988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879002094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879007101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.879009962 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879018068 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879038095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879038095 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.879051924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879051924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.879060030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879067898 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879067898 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.879086018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879101038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879101992 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.879108906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879117012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.879123926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.879149914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.879165888 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.882620096 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.882630110 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.882654905 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.882663012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.882666111 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.882692099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.882700920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.882715940 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.882734060 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883018017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883027077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883035898 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883044004 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883074045 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883090973 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883099079 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883128881 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883133888 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883136988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883162022 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883167982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883176088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883183956 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883199930 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883204937 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883215904 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883218050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883255005 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883264065 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883272886 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883291006 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883306026 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883321047 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883322954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883332968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883343935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883349895 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883367062 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883371115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883378983 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883379936 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883388042 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883399010 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883404016 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883418083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883424997 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883440018 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883441925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883456945 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883459091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883466005 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883496046 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883512974 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883521080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883528948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883537054 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883554935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883567095 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883589029 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883589983 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883599043 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883630991 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883636951 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883646011 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883675098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883677006 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883692026 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883707047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883716106 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883718967 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883728027 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883730888 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883743048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883753061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.883754015 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883766890 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.883801937 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.926073074 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.926275015 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.926359892 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.926395893 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931142092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931163073 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931195021 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931221962 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931231022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931261063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931272984 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931274891 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931299925 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931318045 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931356907 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931365967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931405067 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931504965 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931516886 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931546926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931557894 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931627989 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931637049 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931662083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931669950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931674004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931704044 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931755066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931763887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931772947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931797981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931809902 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931821108 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931860924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931863070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931869984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931909084 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931929111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931941986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931951046 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931958914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.931972027 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.931983948 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932007074 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932010889 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932014942 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932029963 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932038069 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932049990 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932063103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932089090 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932110071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932118893 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932137012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932143927 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932152033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932158947 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932161093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932168961 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932178020 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932180882 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932185888 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932200909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932205915 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932209015 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932218075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.932228088 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932245970 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.932269096 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.975616932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:13.975805044 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.975881100 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:13.975914001 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.013082981 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.013262033 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.013331890 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.013376951 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018125057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018135071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018162966 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018171072 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018179893 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018202066 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018237114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018240929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018263102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018280029 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018307924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018316031 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018317938 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018337011 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018337965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018356085 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018376112 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018383980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018412113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018419027 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018420935 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018474102 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018562078 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018615961 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018656969 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018695116 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018703938 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018734932 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018747091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018776894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018785000 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018819094 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018855095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018863916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018893003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018897057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018901110 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018934965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.018939018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.018976927 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019023895 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019041061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019048929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019057035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019062042 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019064903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019083977 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019092083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019099951 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019124985 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019193888 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019202948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019211054 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019213915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019222021 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019229889 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019237995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019241095 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019257069 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019263029 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019273043 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019273043 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019284964 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019288063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019292116 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019295931 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019304991 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019316912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019324064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019325972 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019335985 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.019336939 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019361973 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.019375086 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.059701920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.061201096 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.061273098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.061305046 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.074960947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.076704025 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.076795101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.076838970 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081584930 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081600904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081609964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081666946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081676006 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081703901 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081718922 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081727982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081756115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081760883 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081773996 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081782103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081788063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081796885 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081814051 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081825018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081831932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081839085 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081864119 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081871986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081878901 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081901073 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081902027 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081911087 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081943989 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.081950903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081959009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.081999063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082006931 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082017899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082046986 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082051039 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082056999 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082058907 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082092047 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082129002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082148075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082175016 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082185984 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082221985 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082231045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082245111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082254887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082268000 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082274914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082281113 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082283974 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082295895 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082314968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082324028 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082334995 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082351923 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082355022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082362890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082371950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082375050 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082410097 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082411051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082418919 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082427025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082448959 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082465887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082494020 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082505941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082518101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082525969 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082540989 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082545996 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082554102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082562923 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082568884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082576990 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082582951 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082591057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082603931 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082604885 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082614899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082616091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082654953 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082663059 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082667112 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082670927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082684994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082709074 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082716942 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082721949 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082758904 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082760096 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082768917 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082804918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082808018 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082813025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082833052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082851887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082876921 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082882881 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082900047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082910061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.082930088 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.082947016 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.083044052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.083108902 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086608887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086651087 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086658001 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086658955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086677074 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086692095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086709023 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086726904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086731911 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086771011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086774111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086800098 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086815119 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086839914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086859941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086878061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086908102 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086926937 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.086976051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.086985111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087002993 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087013006 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087028027 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087048054 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087065935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087080956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087107897 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087131023 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087145090 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087182045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087198973 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087228060 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087233067 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087239981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087263107 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087349892 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087393045 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087424994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087467909 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087531090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087538958 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087560892 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087570906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087578058 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087614059 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087681055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087688923 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087707043 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087733984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087743044 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087768078 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087815046 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087822914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087831974 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087852955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087866068 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087896109 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087898970 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.087941885 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.087964058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088002920 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.088004112 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088047028 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.088052988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088092089 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.088095903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088140011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.088141918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088150978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088186026 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.088198900 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088216066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088226080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.088241100 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.088258982 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.088274956 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091475964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091499090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091515064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091533899 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091556072 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091578007 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091608047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091619015 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091646910 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091646910 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091685057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091705084 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091753006 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091798067 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091837883 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091876030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091897964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091921091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091923952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.091939926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.091953993 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.092032909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.092042923 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.092051029 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.092091084 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.092117071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.092134953 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.092153072 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.092161894 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.092176914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.092190981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.139594078 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.139801025 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.139883995 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.139926910 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.152306080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.152506113 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.152605057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.152642965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157429934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157447100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157486916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157506943 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157516003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157551050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157561064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157586098 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157598972 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157624960 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157625914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157675982 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157710075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157747984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157763004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157783031 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157874107 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157882929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157915115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157922983 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157927990 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157960892 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.157970905 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.157985926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158015966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158029079 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158098936 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158113956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158152103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158188105 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158236980 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158289909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158299923 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158320904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158330917 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158340931 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158369064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158391953 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158413887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158422947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158444881 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158464909 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158489943 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158516884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158534050 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158556938 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158561945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158590078 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158600092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158601999 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158627987 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158638000 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158647060 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158677101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158687115 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158696890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158746004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158746004 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158759117 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158771992 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158787966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158807039 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.158914089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158931971 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158940077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158955097 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158963919 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.158993959 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.159002066 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.159045935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162297964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162353992 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162364006 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162393093 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162451982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162472010 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162508011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162542105 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162580967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162589073 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162607908 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162616014 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162651062 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162652016 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162687063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162698030 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162734032 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162756920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162766933 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162806034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162815094 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162862062 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162870884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162889957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162904978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162911892 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162921906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162925959 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162945032 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162955046 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.162960052 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.162998915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163000107 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163027048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163036108 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163043022 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163079977 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163084030 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163134098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163136959 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163184881 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163228035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163273096 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163275003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163326025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163330078 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163336039 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163376093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163383961 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163383961 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163415909 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163439035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163474083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163489103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163518906 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163557053 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163573027 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163577080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163582087 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163645029 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163676023 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163691044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163698912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163711071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163732052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163736105 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163770914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163784981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163836002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163857937 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163871050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163887978 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163897038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163902998 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163907051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.163913012 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163932085 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.163953066 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167169094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167186975 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167201042 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167234898 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167270899 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167324066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167373896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167404890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167419910 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167428017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167450905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167469025 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167510986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167557001 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167593956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167653084 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167699099 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167707920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167748928 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167815924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167860031 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167880058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167887926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167897940 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167943954 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.167982101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.167992115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168011904 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168028116 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168032885 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168035984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168051958 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168081045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168085098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168124914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168126106 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168134928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168180943 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168234110 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168253899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168292999 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168332100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168355942 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168386936 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168397903 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168446064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168493032 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168534994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168550968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168581009 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168595076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168621063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168659925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168668032 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168715954 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168771029 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168780088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168828011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168847084 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168869019 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168884039 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168894053 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168900013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168901920 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168914080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168924093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168931007 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168941021 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168960094 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168981075 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.168986082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.168996096 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.169004917 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.169028997 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.169039011 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.169043064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.169051886 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.169085026 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.169095039 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172106981 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172164917 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172164917 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172205925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172209024 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172255993 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172257900 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172301054 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172373056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172383070 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172431946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172507048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172553062 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172595024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172621965 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172635078 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172640085 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172643900 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172669888 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172676086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172698975 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172713995 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172789097 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172832012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172832012 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172842979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172878027 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.172919035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.172965050 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173134089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173214912 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173253059 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173284054 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173295975 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173316002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173321962 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173353910 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173363924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173373938 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173413038 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173455954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173466921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173475981 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173504114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173516989 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173521996 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173527002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173552036 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173567057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173571110 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173578024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173597097 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173648119 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173683882 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173693895 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173718929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173727989 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173763037 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173767090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173825979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173831940 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173873901 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173891068 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173899889 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173930883 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173948050 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173958063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.173964024 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.173993111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.174001932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.174005032 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.174026012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.174030066 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.174046040 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.174058914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.176940918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.176989079 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.176996946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177032948 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177095890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177104950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177145004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177233934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177242994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177279949 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177303076 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177359104 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177417040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177444935 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177462101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177488089 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177522898 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177531958 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177542925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177562952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177571058 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177572012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177606106 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177614927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177623034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177635908 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177644014 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177675962 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177685022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177695990 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177735090 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.177787066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.177833080 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178004980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178056002 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178071976 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178081989 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178111076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178124905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178148031 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178181887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178193092 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178225040 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178227901 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178236961 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178246021 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178278923 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178356886 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178400993 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178426027 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178436995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178446054 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178450108 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178478956 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178493977 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178497076 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178527117 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178538084 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178540945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178558111 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178584099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178607941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178628922 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178638935 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178661108 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178663015 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178682089 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178714037 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178718090 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178723097 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178754091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178765059 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178805113 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178817034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178870916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178885937 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178905010 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178915024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.178929090 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.178961992 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.179014921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.179055929 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.179071903 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.179111004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.181868076 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.181881905 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.181929111 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183114052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183125973 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183135033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183139086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183150053 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183160067 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183167934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183176041 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183180094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183186054 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183191061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183207035 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183214903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183223009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183232069 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183232069 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183247089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183255911 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183259964 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183269978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183279991 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183281898 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183288097 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183295965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183296919 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183306932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183321953 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183340073 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183348894 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183350086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183358908 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183361053 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183378935 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183387995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183402061 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183403969 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183422089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183429003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183437109 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183439970 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183448076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183481932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183485031 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183510065 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183518887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183554888 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183604002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183655024 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183691025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183716059 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183749914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183799028 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183808088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183815956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183840036 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183855057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183897972 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183916092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183932066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.183978081 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.183990955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.184001923 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.184047937 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.184092999 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.184102058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.184109926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.184118032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.184145927 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.184164047 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188257933 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188287020 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188323021 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188349009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188404083 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188483000 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188522100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188535929 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188568115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188569069 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188577890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188622952 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188652992 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188674927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188683987 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188692093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188698053 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188724041 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188734055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188734055 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188780069 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188816071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188824892 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188883066 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188884974 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188894033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188915968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188932896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188952923 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.188967943 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.188977957 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189022064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189022064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189073086 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189150095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189172029 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189179897 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189189911 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189197063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189213037 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189224958 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189268112 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189290047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189316988 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189335108 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189410925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189419985 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189460993 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189503908 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189559937 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189598083 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189606905 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189624071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189637899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189646006 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189649105 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189659119 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189661980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189687967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189697027 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189713955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189723015 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189726114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189764977 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189806938 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189815998 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189822912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189858913 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189868927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189877033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189881086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189913988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189917088 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.189922094 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.189964056 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.193171978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193218946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193258047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193278074 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.193295002 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.193398952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193437099 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193439960 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.193501949 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193546057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.193547964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193586111 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.193650007 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193694115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193732023 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193734884 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.193880081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193892002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.193928957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194027901 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194037914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194077015 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194118023 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194179058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194216967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194225073 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194278955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194308043 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194322109 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194353104 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194463968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194473982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194482088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194504976 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194519043 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194550037 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194583893 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194607973 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194655895 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194771051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194819927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194866896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194916964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194951057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194988966 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.194996119 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.194998026 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195035934 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195055962 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195126057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195142984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195153952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195161104 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195163012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195173025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195173979 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195203066 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195235014 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195251942 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195261002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195271015 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195310116 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195331097 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195355892 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195357084 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195369005 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195384979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195403099 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195409060 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195424080 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195445061 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195481062 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195496082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195512056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195538998 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195549965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195557117 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195617914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195627928 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195653915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195662975 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195677042 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195686102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195703983 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195729971 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195739031 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195751905 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195770979 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195771933 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195790052 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195811987 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195842981 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195867062 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195898056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195908070 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195909023 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195916891 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195925951 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.195954084 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.195966005 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.201039076 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.201195002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.201364994 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.201431036 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.201478958 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.201543093 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.201559067 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.206219912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206278086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206348896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.206478119 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206639051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206753016 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206764936 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.206784010 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206830025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206841946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.206846952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206865072 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206890106 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.206907988 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.206917048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206952095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206958055 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.206981897 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.206995964 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207032919 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207034111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207046032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207073927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207084894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207098961 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207118988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207132101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207154036 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207216978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207226038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207232952 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207263947 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207279921 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207309961 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207325935 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207334042 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207350016 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207372904 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207375050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207384109 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207391024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207426071 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207439899 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207473040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207482100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207489967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207523108 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207524061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207532883 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207540989 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207572937 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207577944 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207597017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207612991 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207621098 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207628965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207662106 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207669020 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207711935 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207720995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207730055 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207777977 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207808018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207823038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207839012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.207851887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.207881927 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211144924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211203098 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211311102 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211667061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211714983 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211723089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211745024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211767912 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211783886 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211807013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211815119 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211854935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211905956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211922884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211934090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.211955070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211973906 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.211998940 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212014914 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212034941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212042093 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212044954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212052107 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212086916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212111950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212163925 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212166071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212177038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212203979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212214947 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212239981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212286949 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212296009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212320089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212333918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212337017 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212342024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212353945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212389946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212400913 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212459087 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212485075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212500095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212517977 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212541103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212567091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212578058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212621927 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212635040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212644100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212683916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212691069 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212698936 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212727070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212738991 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212752104 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212784052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212795019 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212825060 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212836027 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212884903 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.212949038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212970972 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.212980032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213013887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213032007 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213042021 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213083029 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213100910 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213110924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213139057 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213151932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213164091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213176966 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213177919 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213191986 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213212013 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213219881 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213229895 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213233948 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213262081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213268995 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213299036 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213318110 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213339090 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213362932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213362932 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213376999 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213382959 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213387012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.213392973 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213409901 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.213423967 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216176033 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216186047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216228962 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216531038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216573954 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216618061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216651917 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216664076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216694117 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216695070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216736078 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216742039 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216788054 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216794968 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216825008 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216833115 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216865063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216907024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216936111 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216954947 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216960907 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.216979980 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.216993093 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217015982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217037916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217060089 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217072964 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217128992 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217138052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217164040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217180014 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217195988 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217225075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217258930 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217267990 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217299938 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217325926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217343092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217365980 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217377901 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217439890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217470884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217485905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217497110 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217502117 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217535019 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217570066 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217592955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217609882 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217616081 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217622995 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217647076 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217670918 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217711926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217716932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217753887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217777014 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217820883 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217824936 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217839003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217864990 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217866898 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217875957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217907906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217909098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217948914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.217952013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.217995882 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218030930 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218045950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218055964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218079090 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218099117 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218131065 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218139887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218178034 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218225956 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218235016 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218255997 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218275070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218291044 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218312979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218334913 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218358040 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218370914 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218400002 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218442917 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218445063 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218496084 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218498945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218538046 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218539000 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218576908 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218590975 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218599081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218636990 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218638897 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218645096 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218681097 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218719959 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218770981 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218842030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218857050 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218867064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218874931 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218885899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218902111 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218903065 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218913078 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.218926907 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218956947 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.218964100 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.219000101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.219042063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.219050884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.219054937 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.219111919 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.219116926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.219131947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.219141960 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.219170094 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.219182968 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221004009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221026897 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221054077 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221069098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221163988 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221205950 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221398115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221529007 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221575975 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221594095 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221612930 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221674919 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221684933 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221726894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221735954 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221765995 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221802950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221826077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221900940 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.221935034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221945047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221960068 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.221995115 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222009897 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222027063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222073078 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222132921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222181082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222198009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222235918 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222285032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222316980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222325087 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222356081 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222393036 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222404003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222439051 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222445011 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222474098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222500086 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222531080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222548008 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222558975 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222564936 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222626925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222628117 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222683907 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222727060 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222770929 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222786903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222795963 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222866058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222909927 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222918987 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.222923040 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.222956896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223006010 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223021984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223048925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223063946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223093033 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223145962 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223181009 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223212957 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223221064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223270893 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223299980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223310947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223342896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223362923 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223376036 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223391056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223434925 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223463058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223511934 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223654032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223700047 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223795891 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.223841906 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.223964930 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224097013 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224129915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224147081 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224188089 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224189997 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224231958 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224275112 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224356890 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224373102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224383116 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224420071 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224462032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224534035 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224536896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224580050 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224658012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224668026 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224675894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224725008 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224735022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224750996 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224782944 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224801064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224812031 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224852085 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224862099 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224869967 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224889040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224905014 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224934101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224935055 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.224970102 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.224986076 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.225028038 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.225040913 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.225079060 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.225089073 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.225140095 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.225800991 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.225917101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.225971937 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.226001978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226424932 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226433992 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226480007 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.226505995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226561069 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226569891 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226598024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226617098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.226635933 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.226700068 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226753950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226795912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226803064 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.226840973 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.226845026 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226958990 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226978064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.226988077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227014065 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227094889 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227123022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227133989 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227165937 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227195024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227224112 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227242947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227269888 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227292061 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227332115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227348089 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227380037 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227385044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227387905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227423906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227444887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227474928 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227487087 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227503061 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227524042 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227545023 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227560997 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227566004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227699995 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227752924 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227786064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227814913 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227864027 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.227904081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227912903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227957964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.227971077 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228003025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228005886 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228049040 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228092909 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228110075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228126049 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228162050 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228176117 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228209019 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228216887 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228245020 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228254080 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228262901 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228281975 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228301048 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228319883 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228368044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228414059 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228574991 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228599072 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228615999 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228632927 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228898048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228939056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.228941917 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.228979111 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229089022 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229132891 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229149103 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229173899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229266882 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229311943 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229324102 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229334116 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229346037 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229372025 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229372978 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229404926 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229422092 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229434013 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229446888 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229489088 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229592085 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229629993 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229635954 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229662895 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229675055 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229698896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229758024 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229798079 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229840994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229854107 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229873896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229887962 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229892015 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229896069 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229906082 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229923964 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229935884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229938984 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229955912 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229959965 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.229976892 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.229995966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.230034113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230056047 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230070114 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230077028 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.230086088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230102062 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.230106115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230110884 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.230144024 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.230149984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230191946 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.230771065 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230818033 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.230901003 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.230942965 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231224060 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231250048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231267929 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231290102 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231403112 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231416941 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231426954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231442928 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231450081 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231467009 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231477976 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231488943 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231523037 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231534004 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231563091 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231571913 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231616974 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231654882 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231695890 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231776953 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231812954 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231815100 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231854916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231854916 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231894970 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231899023 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231909990 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.231934071 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.231945038 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.232019901 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.232058048 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.232062101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.232096910 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.232105017 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.232146978 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.232157946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.232201099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.232475042 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.232513905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.232917070 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.232968092 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.233294010 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233303070 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233310938 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233319044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233328104 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233355045 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.233387947 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233397007 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233405113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233412981 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233419895 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233438969 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.233449936 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.233470917 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.233555079 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.233593941 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234222889 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234266996 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234678030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234688044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234703064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234711885 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234719038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234731913 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234735012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234741926 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234745979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234759092 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234764099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234774113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234776020 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234781981 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234786987 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234790087 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234797955 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234802961 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234807014 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234817028 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234817982 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234831095 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234833956 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234844923 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234853029 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234860897 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234867096 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234878063 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234889984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234899044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234903097 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234905005 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234910011 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234924078 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234925985 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234932899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234947920 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234956980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234957933 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.234963894 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234973907 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.234982967 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.235011101 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.235025883 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.235210896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.235253096 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.235291958 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.235301018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.235358953 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.235754967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.235801935 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.235914946 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.235959053 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236196041 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236215115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236226082 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236238956 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236253977 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236262083 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236284018 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236293077 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236325979 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236615896 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236625910 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236633062 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236641884 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236665964 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236685038 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236761093 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236769915 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236809969 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.236901045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236912012 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.236952066 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.237035036 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237164974 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237174034 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237181902 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237234116 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.237291098 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237335920 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.237459898 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237471104 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237499952 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.237503052 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237509966 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.237550020 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.237900019 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.237943888 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.238382101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238392115 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238399982 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238404036 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238410950 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238428116 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.238447905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.238459110 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.238465071 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238472939 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238481045 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238491058 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238521099 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.238677979 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238719940 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.238837004 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238846064 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.238883972 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.238972902 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.239016056 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.239500999 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.239547014 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240313053 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240320921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240328074 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240361929 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240427971 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240437984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240446091 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240453959 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240480900 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240490913 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240531921 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240540028 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240549088 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240581036 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240596056 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240643978 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240653038 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240660906 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240669966 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240691900 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240706921 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240736961 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240788937 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240797997 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240807056 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240818024 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240823030 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240829945 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240833044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240840912 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240840912 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240850925 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240852118 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240859032 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240866899 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240876913 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240885019 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240885019 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240892887 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240900993 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240910053 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240919113 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240921974 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240942955 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.240945101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240953922 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240962029 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.240969896 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241018057 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241048098 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241111994 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241121054 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241128922 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241147041 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241149902 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241156101 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241159916 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241167068 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241172075 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241179943 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241200924 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241203070 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241209984 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241219044 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241221905 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241252899 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241266012 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241288900 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241297960 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241306067 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241338968 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241497993 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241538048 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241571903 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241580963 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241588116 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241614103 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241631985 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.241698980 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241708040 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.241739035 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.283668041 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.283866882 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.283945084 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.283989906 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.284038067 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.284073114 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.334455967 CET156664970966.63.187.173192.168.2.6
                                                          Jan 4, 2025 22:58:14.335360050 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.335447073 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.335520029 CET4970915666192.168.2.666.63.187.173
                                                          Jan 4, 2025 22:58:14.335586071 CET4970915666192.168.2.666.63.187.173

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Jan 4, 2025 22:58:09.339297056 CET192.168.2.61.1.1.10x6316Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Jan 4, 2025 22:58:09.346060991 CET1.1.1.1192.168.2.60x6316No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                          Jan 4, 2025 22:58:09.346060991 CET1.1.1.1192.168.2.60x6316No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                          Jan 4, 2025 22:58:09.346060991 CET1.1.1.1192.168.2.60x6316No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.649710104.26.12.2054435336C:\Users\user\Desktop\file.exe
                                                          TimestampBytes transferredDirectionData
                                                          2025-01-04 21:58:10 UTC100OUTGET / HTTP/1.1
                                                          Accept: text/html; text/plain; */*
                                                          Host: api.ipify.org
                                                          Cache-Control: no-cache
                                                          2025-01-04 21:58:10 UTC423INHTTP/1.1 200 OK
                                                          Date: Sat, 04 Jan 2025 21:58:10 GMT
                                                          Content-Type: text/plain
                                                          Content-Length: 12
                                                          Connection: close
                                                          Vary: Origin
                                                          CF-Cache-Status: DYNAMIC
                                                          Server: cloudflare
                                                          CF-RAY: 8fce7d09af714295-EWR
                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1734&min_rtt=1734&rtt_var=867&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4182&recv_bytes=738&delivery_rate=112976&cwnd=252&unsent_bytes=0&cid=6b514b6db2f2cfbb&ts=258&x=0"
                                                          2025-01-04 21:58:10 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                          Data Ascii: 8.46.123.189


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:16:58:07
                                                          Start date:04/01/2025
                                                          Path:C:\Users\user\Desktop\file.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                          Imagebase:0x9a0000
                                                          File size:1'293'312 bytes
                                                          MD5 hash:E4988EB723CE5D55A74E5797C22F5D83
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:1
                                                          Start time:16:58:07
                                                          Start date:04/01/2025
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff66e660000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          General

                                                          Target ID:3
                                                          Start time:16:58:07
                                                          Start date:04/01/2025
                                                          Path:C:\Users\user\Desktop\file.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                          Imagebase:0x9a0000
                                                          File size:1'293'312 bytes
                                                          MD5 hash:E4988EB723CE5D55A74E5797C22F5D83
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000003.00000002.3391417827.00000000014A8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: infostealer_win_meduzastealer, Description: Finds MeduzaStealer samples based on specific strings, Source: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Sekoia.io
                                                          Reputation:low
                                                          Has exited:false

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:7.9%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:1.9%
                                                            Total number of Nodes:1336
                                                            Total number of Limit Nodes:11
                                                            execution_graph 10050 9ba1a9 10054 9ba1df 10050->10054 10051 9ba32c GetPEB 10052 9ba33e CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 10051->10052 10053 9ba3e5 WriteProcessMemory 10052->10053 10052->10054 10055 9ba42a 10053->10055 10054->10051 10054->10052 10056 9ba42f WriteProcessMemory 10055->10056 10057 9ba46c WriteProcessMemory Wow64SetThreadContext ResumeThread 10055->10057 10056->10055 8371 9a4ada 8372 9a4ae6 ___scrt_is_nonwritable_in_current_image 8371->8372 8397 9a4d8c 8372->8397 8374 9a4aed 8375 9a4c46 8374->8375 8385 9a4b17 ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 8374->8385 8433 9a5027 IsProcessorFeaturePresent 8375->8433 8377 9a4c4d 8437 9a69e1 8377->8437 8382 9a4b36 8383 9a4bb7 8408 9a7558 8383->8408 8385->8382 8385->8383 8415 9a6a2b 8385->8415 8387 9a4bbd 8412 9a1f00 8387->8412 8392 9a4be2 8393 9a4beb 8392->8393 8424 9a6a0d 8392->8424 8427 9a4dc5 8393->8427 8398 9a4d95 8397->8398 8443 9a5235 IsProcessorFeaturePresent 8398->8443 8402 9a4da6 8407 9a4daa 8402->8407 8453 9a6587 8402->8453 8405 9a4dc1 8405->8374 8407->8374 8409 9a7566 8408->8409 8410 9a7561 8408->8410 8409->8387 8525 9a7681 8410->8525 9443 9a1c60 8412->9443 8414 9a1f16 8422 9a4fd4 GetModuleHandleW 8414->8422 8416 9a7eab ___scrt_is_nonwritable_in_current_image 8415->8416 8417 9a6a41 __dosmaperr 8415->8417 8418 9a9787 _unexpected 39 API calls 8416->8418 8417->8383 8421 9a7ebc 8418->8421 8419 9a7da6 CallUnexpected 39 API calls 8420 9a7ee6 8419->8420 8421->8419 8423 9a4bde 8422->8423 8423->8377 8423->8392 9834 9a6b2c 8424->9834 8428 9a4dd1 8427->8428 8432 9a4bf4 8428->8432 9905 9a6599 8428->9905 8430 9a4ddf 8431 9a5c28 ___scrt_uninitialize_crt 7 API calls 8430->8431 8431->8432 8432->8382 8434 9a503d _unexpected std::bad_exception::bad_exception 8433->8434 8435 9a50e8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8434->8435 8436 9a512c _unexpected 8435->8436 8436->8377 8438 9a6b2c _unexpected 21 API calls 8437->8438 8439 9a4c53 8438->8439 8440 9a69f7 8439->8440 8441 9a6b2c _unexpected 21 API calls 8440->8441 8442 9a4c5b 8441->8442 8444 9a4da1 8443->8444 8445 9a5c09 8444->8445 8462 9a8e16 8445->8462 8448 9a5c12 8448->8402 8450 9a5c1a 8451 9a5c25 8450->8451 8476 9a8e52 8450->8476 8451->8402 8516 9aa875 8453->8516 8456 9a5c28 8457 9a5c3b 8456->8457 8458 9a5c31 8456->8458 8457->8407 8459 9a7f20 ___vcrt_uninitialize_ptd 6 API calls 8458->8459 8460 9a5c36 8459->8460 8461 9a8e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8460->8461 8461->8457 8463 9a8e1f 8462->8463 8465 9a8e48 8463->8465 8466 9a5c0e 8463->8466 8480 9ad1b9 8463->8480 8467 9a8e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8465->8467 8466->8448 8468 9a7eed 8466->8468 8467->8466 8497 9ad0ca 8468->8497 8473 9a7f1d 8473->8450 8475 9a7f02 8475->8450 8477 9a8e5d 8476->8477 8479 9a8e7c 8476->8479 8478 9a8e67 DeleteCriticalSection 8477->8478 8478->8478 8478->8479 8479->8448 8485 9ad24b 8480->8485 8483 9ad1f1 InitializeCriticalSectionAndSpinCount 8484 9ad1dc 8483->8484 8484->8463 8486 9ad1d3 8485->8486 8487 9ad26c 8485->8487 8486->8483 8486->8484 8487->8486 8488 9ad2d4 GetProcAddress 8487->8488 8490 9ad2c5 8487->8490 8492 9ad200 LoadLibraryExW 8487->8492 8488->8486 8490->8488 8491 9ad2cd FreeLibrary 8490->8491 8491->8488 8493 9ad217 GetLastError 8492->8493 8494 9ad247 8492->8494 8493->8494 8495 9ad222 ___vcrt_FlsSetValue 8493->8495 8494->8487 8495->8494 8496 9ad238 LoadLibraryExW 8495->8496 8496->8487 8498 9ad24b ___vcrt_FlsSetValue 5 API calls 8497->8498 8499 9ad0e4 8498->8499 8500 9ad0fd TlsAlloc 8499->8500 8501 9a7ef7 8499->8501 8501->8475 8502 9ad17b 8501->8502 8503 9ad24b ___vcrt_FlsSetValue 5 API calls 8502->8503 8504 9ad195 8503->8504 8505 9ad1b0 TlsSetValue 8504->8505 8506 9a7f10 8504->8506 8505->8506 8506->8473 8507 9a7f20 8506->8507 8508 9a7f2a 8507->8508 8509 9a7f30 8507->8509 8511 9ad105 8508->8511 8509->8475 8512 9ad24b ___vcrt_FlsSetValue 5 API calls 8511->8512 8513 9ad11f 8512->8513 8514 9ad137 TlsFree 8513->8514 8515 9ad12b 8513->8515 8514->8515 8515->8509 8517 9aa885 8516->8517 8518 9a4db3 8516->8518 8517->8518 8520 9a9eac 8517->8520 8518->8405 8518->8456 8522 9a9eb3 8520->8522 8521 9a9ef6 GetStdHandle 8521->8522 8522->8521 8523 9a9f58 8522->8523 8524 9a9f09 GetFileType 8522->8524 8523->8517 8524->8522 8526 9a768a 8525->8526 8530 9a76a0 8525->8530 8526->8530 8531 9a75c2 8526->8531 8528 9a7697 8528->8530 8548 9a778f 8528->8548 8530->8409 8532 9a75cb 8531->8532 8533 9a75ce 8531->8533 8532->8528 8557 9a9ff0 8533->8557 8538 9a75eb 8590 9a76ad 8538->8590 8539 9a75df 8584 9aa83b 8539->8584 8544 9aa83b ___free_lconv_mon 14 API calls 8545 9a760f 8544->8545 8546 9aa83b ___free_lconv_mon 14 API calls 8545->8546 8547 9a7615 8546->8547 8547->8528 8549 9a7800 8548->8549 8552 9a779e 8548->8552 8549->8530 8550 9ac8a1 WideCharToMultiByte ___scrt_uninitialize_crt 8550->8552 8551 9aaf77 __dosmaperr 14 API calls 8551->8552 8552->8549 8552->8550 8552->8551 8554 9a7804 8552->8554 8556 9aa83b ___free_lconv_mon 14 API calls 8552->8556 9162 9aca74 8552->9162 8553 9aa83b ___free_lconv_mon 14 API calls 8553->8549 8554->8553 8556->8552 8558 9a9ff9 8557->8558 8559 9a75d4 8557->8559 8612 9a9842 8558->8612 8563 9ac99d GetEnvironmentStringsW 8559->8563 8564 9a75d9 8563->8564 8565 9ac9b5 8563->8565 8564->8538 8564->8539 8566 9ac8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8565->8566 8567 9ac9d2 8566->8567 8568 9ac9dc FreeEnvironmentStringsW 8567->8568 8569 9ac9e7 8567->8569 8568->8564 8570 9ab3b5 __strnicoll 15 API calls 8569->8570 8571 9ac9ee 8570->8571 8572 9ac9f6 8571->8572 8573 9aca07 8571->8573 8574 9aa83b ___free_lconv_mon 14 API calls 8572->8574 8575 9ac8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8573->8575 8576 9ac9fb FreeEnvironmentStringsW 8574->8576 8577 9aca17 8575->8577 8576->8564 8578 9aca1e 8577->8578 8579 9aca26 8577->8579 8580 9aa83b ___free_lconv_mon 14 API calls 8578->8580 8581 9aa83b ___free_lconv_mon 14 API calls 8579->8581 8582 9aca24 FreeEnvironmentStringsW 8580->8582 8581->8582 8582->8564 8585 9aa846 RtlFreeHeap 8584->8585 8589 9a75e5 8584->8589 8586 9aa85b GetLastError 8585->8586 8585->8589 8587 9aa868 __dosmaperr 8586->8587 8588 9aaec7 __strnicoll 12 API calls 8587->8588 8588->8589 8589->8528 8591 9a76c2 8590->8591 8592 9aaf77 __dosmaperr 14 API calls 8591->8592 8593 9a76e9 8592->8593 8594 9a76f1 8593->8594 8603 9a76fb 8593->8603 8595 9aa83b ___free_lconv_mon 14 API calls 8594->8595 8611 9a75f2 8595->8611 8596 9a7758 8597 9aa83b ___free_lconv_mon 14 API calls 8596->8597 8597->8611 8598 9aaf77 __dosmaperr 14 API calls 8598->8603 8599 9a7767 9152 9a7652 8599->9152 8603->8596 8603->8598 8603->8599 8605 9a7782 8603->8605 8607 9aa83b ___free_lconv_mon 14 API calls 8603->8607 9143 9a8dbc 8603->9143 8604 9aa83b ___free_lconv_mon 14 API calls 8606 9a7774 8604->8606 9158 9a7898 IsProcessorFeaturePresent 8605->9158 8609 9aa83b ___free_lconv_mon 14 API calls 8606->8609 8607->8603 8609->8611 8610 9a778e 8611->8544 8613 9a984d 8612->8613 8614 9a9853 8612->8614 8659 9a928b 8613->8659 8634 9a9859 8614->8634 8664 9a92ca 8614->8664 8622 9a989a 8625 9a92ca __dosmaperr 6 API calls 8622->8625 8623 9a9885 8624 9a92ca __dosmaperr 6 API calls 8623->8624 8632 9a9891 8624->8632 8626 9a98a6 8625->8626 8627 9a98aa 8626->8627 8628 9a98b9 8626->8628 8629 9a92ca __dosmaperr 6 API calls 8627->8629 8678 9a9a98 8628->8678 8629->8632 8631 9aa83b ___free_lconv_mon 14 API calls 8631->8634 8632->8631 8636 9a985e 8634->8636 8683 9a7da6 8634->8683 8635 9aa83b ___free_lconv_mon 14 API calls 8635->8636 8637 9aa433 8636->8637 8638 9aa45d 8637->8638 8964 9aa2bf 8638->8964 8643 9aa48f 8645 9aa83b ___free_lconv_mon 14 API calls 8643->8645 8644 9aa49d 8978 9aa0ba 8644->8978 8647 9aa476 8645->8647 8647->8559 8649 9aa4d5 8650 9aaec7 __strnicoll 14 API calls 8649->8650 8652 9aa4da 8650->8652 8651 9aa51c 8654 9aa565 8651->8654 8989 9aa7ee 8651->8989 8655 9aa83b ___free_lconv_mon 14 API calls 8652->8655 8653 9aa4f0 8653->8651 8656 9aa83b ___free_lconv_mon 14 API calls 8653->8656 8658 9aa83b ___free_lconv_mon 14 API calls 8654->8658 8655->8647 8656->8651 8658->8647 8694 9a9599 8659->8694 8662 9a92c2 TlsGetValue 8663 9a92b0 8663->8614 8665 9a9599 __dosmaperr 5 API calls 8664->8665 8666 9a92e6 8665->8666 8667 9a92ef 8666->8667 8668 9a9304 TlsSetValue 8666->8668 8667->8634 8669 9aaf77 8667->8669 8670 9aaf84 8669->8670 8671 9aafc4 8670->8671 8672 9aafaf HeapAlloc 8670->8672 8676 9aaf98 __dosmaperr 8670->8676 8712 9aaec7 8671->8712 8673 9aafc2 8672->8673 8672->8676 8675 9a987d 8673->8675 8675->8622 8675->8623 8676->8671 8676->8672 8709 9a6d13 8676->8709 8749 9a9bfe 8678->8749 8851 9aa92c 8683->8851 8687 9a7dc0 IsProcessorFeaturePresent 8690 9a7dcc 8687->8690 8688 9a69f7 _unexpected 21 API calls 8691 9a7de9 8688->8691 8689 9a7db6 8689->8687 8693 9a7ddf 8689->8693 8881 9a78cc 8690->8881 8693->8688 8695 9a95c9 8694->8695 8699 9a92a7 8694->8699 8695->8699 8701 9a94ce 8695->8701 8698 9a95e3 GetProcAddress 8698->8699 8700 9a95f3 __dosmaperr 8698->8700 8699->8662 8699->8663 8700->8699 8707 9a94df ___vcrt_FlsSetValue 8701->8707 8702 9a9575 8702->8698 8702->8699 8703 9a94fd LoadLibraryExW 8704 9a9518 GetLastError 8703->8704 8705 9a957c 8703->8705 8704->8707 8705->8702 8706 9a958e FreeLibrary 8705->8706 8706->8702 8707->8702 8707->8703 8708 9a954b LoadLibraryExW 8707->8708 8708->8705 8708->8707 8715 9a6d4e 8709->8715 8726 9a98d8 GetLastError 8712->8726 8714 9aaecc 8714->8675 8716 9a6d5a ___scrt_is_nonwritable_in_current_image 8715->8716 8721 9a96f8 EnterCriticalSection 8716->8721 8718 9a6d65 _unexpected 8722 9a6d9c 8718->8722 8721->8718 8725 9a970f LeaveCriticalSection 8722->8725 8724 9a6d1e 8724->8676 8725->8724 8727 9a98f4 8726->8727 8728 9a98ee 8726->8728 8730 9a92ca __dosmaperr 6 API calls 8727->8730 8732 9a98f8 SetLastError 8727->8732 8729 9a928b __dosmaperr 6 API calls 8728->8729 8729->8727 8731 9a9910 8730->8731 8731->8732 8734 9aaf77 __dosmaperr 12 API calls 8731->8734 8732->8714 8735 9a9925 8734->8735 8736 9a993e 8735->8736 8737 9a992d 8735->8737 8739 9a92ca __dosmaperr 6 API calls 8736->8739 8738 9a92ca __dosmaperr 6 API calls 8737->8738 8741 9a993b 8738->8741 8740 9a994a 8739->8740 8742 9a994e 8740->8742 8743 9a9965 8740->8743 8746 9aa83b ___free_lconv_mon 12 API calls 8741->8746 8745 9a92ca __dosmaperr 6 API calls 8742->8745 8744 9a9a98 __dosmaperr 12 API calls 8743->8744 8747 9a9970 8744->8747 8745->8741 8746->8732 8748 9aa83b ___free_lconv_mon 12 API calls 8747->8748 8748->8732 8750 9a9c0a ___scrt_is_nonwritable_in_current_image 8749->8750 8763 9a96f8 EnterCriticalSection 8750->8763 8752 9a9c14 8764 9a9c44 8752->8764 8755 9a9c50 8756 9a9c5c ___scrt_is_nonwritable_in_current_image 8755->8756 8768 9a96f8 EnterCriticalSection 8756->8768 8758 9a9c66 8769 9a9a4d 8758->8769 8760 9a9c7e 8773 9a9c9e 8760->8773 8763->8752 8767 9a970f LeaveCriticalSection 8764->8767 8766 9a9b06 8766->8755 8767->8766 8768->8758 8770 9a9a83 __dosmaperr 8769->8770 8771 9a9a5c __dosmaperr 8769->8771 8770->8760 8771->8770 8776 9ab71e 8771->8776 8850 9a970f LeaveCriticalSection 8773->8850 8775 9a98c4 8775->8635 8777 9ab79e 8776->8777 8781 9ab734 8776->8781 8778 9ab7ec 8777->8778 8780 9aa83b ___free_lconv_mon 14 API calls 8777->8780 8844 9ab8b8 8778->8844 8782 9ab7c0 8780->8782 8781->8777 8783 9ab767 8781->8783 8786 9aa83b ___free_lconv_mon 14 API calls 8781->8786 8784 9aa83b ___free_lconv_mon 14 API calls 8782->8784 8785 9ab789 8783->8785 8792 9aa83b ___free_lconv_mon 14 API calls 8783->8792 8787 9ab7d3 8784->8787 8788 9aa83b ___free_lconv_mon 14 API calls 8785->8788 8790 9ab75c 8786->8790 8791 9aa83b ___free_lconv_mon 14 API calls 8787->8791 8793 9ab793 8788->8793 8789 9ab85a 8794 9aa83b ___free_lconv_mon 14 API calls 8789->8794 8804 9ab145 8790->8804 8796 9ab7e1 8791->8796 8797 9ab77e 8792->8797 8798 9aa83b ___free_lconv_mon 14 API calls 8793->8798 8799 9ab860 8794->8799 8801 9aa83b ___free_lconv_mon 14 API calls 8796->8801 8832 9ab243 8797->8832 8798->8777 8799->8770 8800 9ab7fa 8800->8789 8803 9aa83b 14 API calls ___free_lconv_mon 8800->8803 8801->8778 8803->8800 8805 9ab156 8804->8805 8831 9ab23f 8804->8831 8806 9ab167 8805->8806 8807 9aa83b ___free_lconv_mon 14 API calls 8805->8807 8808 9ab179 8806->8808 8809 9aa83b ___free_lconv_mon 14 API calls 8806->8809 8807->8806 8810 9ab18b 8808->8810 8811 9aa83b ___free_lconv_mon 14 API calls 8808->8811 8809->8808 8812 9aa83b ___free_lconv_mon 14 API calls 8810->8812 8813 9ab19d 8810->8813 8811->8810 8812->8813 8814 9aa83b ___free_lconv_mon 14 API calls 8813->8814 8815 9ab1af 8813->8815 8814->8815 8816 9ab1c1 8815->8816 8817 9aa83b ___free_lconv_mon 14 API calls 8815->8817 8818 9ab1d3 8816->8818 8819 9aa83b ___free_lconv_mon 14 API calls 8816->8819 8817->8816 8820 9ab1e5 8818->8820 8822 9aa83b ___free_lconv_mon 14 API calls 8818->8822 8819->8818 8821 9ab1f7 8820->8821 8823 9aa83b ___free_lconv_mon 14 API calls 8820->8823 8824 9ab209 8821->8824 8825 9aa83b ___free_lconv_mon 14 API calls 8821->8825 8822->8820 8823->8821 8826 9ab21b 8824->8826 8827 9aa83b ___free_lconv_mon 14 API calls 8824->8827 8825->8824 8828 9ab22d 8826->8828 8829 9aa83b ___free_lconv_mon 14 API calls 8826->8829 8827->8826 8830 9aa83b ___free_lconv_mon 14 API calls 8828->8830 8828->8831 8829->8828 8830->8831 8831->8783 8833 9ab250 8832->8833 8843 9ab2a8 8832->8843 8834 9ab260 8833->8834 8835 9aa83b ___free_lconv_mon 14 API calls 8833->8835 8836 9ab272 8834->8836 8837 9aa83b ___free_lconv_mon 14 API calls 8834->8837 8835->8834 8838 9ab284 8836->8838 8839 9aa83b ___free_lconv_mon 14 API calls 8836->8839 8837->8836 8840 9ab296 8838->8840 8841 9aa83b ___free_lconv_mon 14 API calls 8838->8841 8839->8838 8842 9aa83b ___free_lconv_mon 14 API calls 8840->8842 8840->8843 8841->8840 8842->8843 8843->8785 8845 9ab8c5 8844->8845 8849 9ab8e4 8844->8849 8846 9ab2ac __dosmaperr 14 API calls 8845->8846 8845->8849 8847 9ab8de 8846->8847 8848 9aa83b ___free_lconv_mon 14 API calls 8847->8848 8848->8849 8849->8800 8850->8775 8887 9aabaf 8851->8887 8854 9aa953 8855 9aa95f ___scrt_is_nonwritable_in_current_image 8854->8855 8856 9a98d8 __dosmaperr 14 API calls 8855->8856 8857 9aa9af 8855->8857 8859 9aa9c1 _unexpected 8855->8859 8862 9aa990 _unexpected 8855->8862 8856->8862 8858 9aaec7 __strnicoll 14 API calls 8857->8858 8860 9aa9b4 8858->8860 8861 9aa9f7 _unexpected 8859->8861 8901 9a96f8 EnterCriticalSection 8859->8901 8898 9a786b 8860->8898 8866 9aab31 8861->8866 8867 9aaa34 8861->8867 8877 9aaa62 8861->8877 8862->8857 8862->8859 8880 9aa999 8862->8880 8869 9aab3c 8866->8869 8933 9a970f LeaveCriticalSection 8866->8933 8867->8877 8902 9a9787 GetLastError 8867->8902 8870 9a69f7 _unexpected 21 API calls 8869->8870 8872 9aab44 8870->8872 8874 9a9787 _unexpected 39 API calls 8878 9aaab7 8874->8878 8876 9a9787 _unexpected 39 API calls 8876->8877 8929 9aaadd 8877->8929 8879 9a9787 _unexpected 39 API calls 8878->8879 8878->8880 8879->8880 8880->8689 8882 9a78e8 _unexpected std::bad_exception::bad_exception 8881->8882 8883 9a7914 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8882->8883 8884 9a79e5 _unexpected 8883->8884 8956 9a3c8e 8884->8956 8886 9a7a03 8886->8693 8888 9aabbb ___scrt_is_nonwritable_in_current_image 8887->8888 8893 9a96f8 EnterCriticalSection 8888->8893 8890 9aabc9 8894 9aac0b 8890->8894 8893->8890 8897 9a970f LeaveCriticalSection 8894->8897 8896 9a7dab 8896->8689 8896->8854 8897->8896 8934 9a7ba1 8898->8934 8901->8861 8903 9a979d 8902->8903 8904 9a97a3 8902->8904 8906 9a928b __dosmaperr 6 API calls 8903->8906 8905 9a92ca __dosmaperr 6 API calls 8904->8905 8908 9a97a7 SetLastError 8904->8908 8907 9a97bf 8905->8907 8906->8904 8907->8908 8910 9aaf77 __dosmaperr 14 API calls 8907->8910 8912 9a983c 8908->8912 8913 9a9837 8908->8913 8911 9a97d4 8910->8911 8914 9a97dc 8911->8914 8915 9a97ed 8911->8915 8916 9a7da6 CallUnexpected 37 API calls 8912->8916 8913->8876 8917 9a92ca __dosmaperr 6 API calls 8914->8917 8918 9a92ca __dosmaperr 6 API calls 8915->8918 8919 9a9841 8916->8919 8920 9a97ea 8917->8920 8921 9a97f9 8918->8921 8924 9aa83b ___free_lconv_mon 14 API calls 8920->8924 8922 9a97fd 8921->8922 8923 9a9814 8921->8923 8926 9a92ca __dosmaperr 6 API calls 8922->8926 8925 9a9a98 __dosmaperr 14 API calls 8923->8925 8924->8908 8927 9a981f 8925->8927 8926->8920 8928 9aa83b ___free_lconv_mon 14 API calls 8927->8928 8928->8908 8930 9aaaa9 8929->8930 8931 9aaae1 8929->8931 8930->8874 8930->8878 8930->8880 8955 9a970f LeaveCriticalSection 8931->8955 8933->8869 8935 9a7bb3 __strnicoll 8934->8935 8940 9a7a14 8935->8940 8941 9a7a2b 8940->8941 8942 9a7a24 8940->8942 8944 9a7a39 8941->8944 8945 9a7b78 __strnicoll GetLastError SetLastError 8941->8945 8943 9a7b32 __strnicoll 16 API calls 8942->8943 8943->8941 8949 9a7ad9 8944->8949 8946 9a7a60 8945->8946 8946->8944 8947 9a7898 __strnicoll 11 API calls 8946->8947 8948 9a7a90 8947->8948 8950 9a7ae5 8949->8950 8951 9a7afc 8950->8951 8952 9a7b15 __strnicoll 39 API calls 8950->8952 8953 9a7877 8951->8953 8954 9a7b15 __strnicoll 39 API calls 8951->8954 8952->8951 8953->8880 8954->8953 8955->8930 8957 9a3c96 8956->8957 8958 9a3c97 IsProcessorFeaturePresent 8956->8958 8957->8886 8960 9a44d1 8958->8960 8963 9a45b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8960->8963 8962 9a45b4 8962->8886 8963->8962 8997 9aa038 8964->8997 8967 9aa2f2 8969 9aa2f7 GetACP 8967->8969 8970 9aa309 8967->8970 8968 9aa2e0 GetOEMCP 8968->8970 8969->8970 8970->8647 8971 9ab3b5 8970->8971 8972 9ab3f3 8971->8972 8976 9ab3c3 __dosmaperr 8971->8976 8974 9aaec7 __strnicoll 14 API calls 8972->8974 8973 9ab3de RtlAllocateHeap 8975 9aa487 8973->8975 8973->8976 8974->8975 8975->8643 8975->8644 8976->8972 8976->8973 8977 9a6d13 __dosmaperr 2 API calls 8976->8977 8977->8976 8979 9aa2bf 41 API calls 8978->8979 8981 9aa0da 8979->8981 8980 9aa1df 8982 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 8980->8982 8981->8980 8983 9aa117 IsValidCodePage 8981->8983 8987 9aa132 std::bad_exception::bad_exception 8981->8987 8984 9aa2bd 8982->8984 8983->8980 8985 9aa129 8983->8985 8984->8649 8984->8653 8986 9aa152 GetCPInfo 8985->8986 8985->8987 8986->8980 8986->8987 9037 9aa649 8987->9037 8990 9aa7fa ___scrt_is_nonwritable_in_current_image 8989->8990 9117 9a96f8 EnterCriticalSection 8990->9117 8992 9aa804 9118 9aa588 8992->9118 8998 9aa056 8997->8998 9004 9aa04f 8997->9004 8999 9a9787 _unexpected 39 API calls 8998->8999 8998->9004 9000 9aa077 8999->9000 9005 9ad714 9000->9005 9004->8967 9004->8968 9006 9aa08d 9005->9006 9007 9ad727 9005->9007 9009 9ad741 9006->9009 9007->9006 9013 9ab8e9 9007->9013 9010 9ad769 9009->9010 9011 9ad754 9009->9011 9010->9004 9011->9010 9034 9a9fdd 9011->9034 9014 9ab8f5 ___scrt_is_nonwritable_in_current_image 9013->9014 9015 9a9787 _unexpected 39 API calls 9014->9015 9016 9ab8fe 9015->9016 9023 9ab944 9016->9023 9026 9a96f8 EnterCriticalSection 9016->9026 9018 9ab91c 9027 9ab96a 9018->9027 9023->9006 9024 9a7da6 CallUnexpected 39 API calls 9025 9ab969 9024->9025 9026->9018 9028 9ab978 __dosmaperr 9027->9028 9030 9ab92d 9027->9030 9029 9ab71e __dosmaperr 14 API calls 9028->9029 9028->9030 9029->9030 9031 9ab949 9030->9031 9032 9a970f _unexpected LeaveCriticalSection 9031->9032 9033 9ab940 9032->9033 9033->9023 9033->9024 9035 9a9787 _unexpected 39 API calls 9034->9035 9036 9a9fe2 9035->9036 9036->9010 9038 9aa671 GetCPInfo 9037->9038 9039 9aa73a 9037->9039 9038->9039 9044 9aa689 9038->9044 9041 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9039->9041 9043 9aa7ec 9041->9043 9043->8980 9048 9ab45d 9044->9048 9047 9ad4dc 44 API calls 9047->9039 9049 9aa038 __strnicoll 39 API calls 9048->9049 9050 9ab47d 9049->9050 9068 9ab55e 9050->9068 9052 9ab539 9054 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9052->9054 9053 9ab531 9071 9ab43d 9053->9071 9057 9aa6f1 9054->9057 9055 9ab4aa 9055->9052 9055->9053 9056 9ab3b5 __strnicoll 15 API calls 9055->9056 9059 9ab4cf __alloca_probe_16 std::bad_exception::bad_exception 9055->9059 9056->9059 9063 9ad4dc 9057->9063 9059->9053 9060 9ab55e __strnicoll MultiByteToWideChar 9059->9060 9061 9ab518 9060->9061 9061->9053 9062 9ab51f GetStringTypeW 9061->9062 9062->9053 9064 9aa038 __strnicoll 39 API calls 9063->9064 9065 9ad4ef 9064->9065 9077 9ad525 9065->9077 9075 9ab588 9068->9075 9072 9ab45a 9071->9072 9073 9ab449 9071->9073 9072->9052 9073->9072 9074 9aa83b ___free_lconv_mon 14 API calls 9073->9074 9074->9072 9076 9ab57a MultiByteToWideChar 9075->9076 9076->9055 9078 9ad540 __strnicoll 9077->9078 9079 9ab55e __strnicoll MultiByteToWideChar 9078->9079 9080 9ad584 9079->9080 9083 9ab3b5 __strnicoll 15 API calls 9080->9083 9085 9ad5aa __alloca_probe_16 9080->9085 9086 9ad6ff 9080->9086 9097 9ad652 9080->9097 9081 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9082 9aa712 9081->9082 9082->9047 9083->9085 9084 9ab43d __freea 14 API calls 9084->9086 9087 9ab55e __strnicoll MultiByteToWideChar 9085->9087 9085->9097 9086->9081 9088 9ad5f3 9087->9088 9088->9097 9105 9a9357 9088->9105 9091 9ad629 9096 9a9357 7 API calls 9091->9096 9091->9097 9092 9ad661 9093 9ad6ea 9092->9093 9094 9ab3b5 __strnicoll 15 API calls 9092->9094 9098 9ad673 __alloca_probe_16 9092->9098 9095 9ab43d __freea 14 API calls 9093->9095 9094->9098 9095->9097 9096->9097 9097->9084 9098->9093 9099 9a9357 7 API calls 9098->9099 9100 9ad6b6 9099->9100 9100->9093 9114 9ac8a1 9100->9114 9102 9ad6d0 9102->9093 9103 9ad6d9 9102->9103 9104 9ab43d __freea 14 API calls 9103->9104 9104->9097 9106 9a9652 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 9105->9106 9107 9a9362 9106->9107 9108 9a9368 LCMapStringEx 9107->9108 9109 9a938f 9107->9109 9113 9a93af 9108->9113 9110 9a93b4 __strnicoll 5 API calls 9109->9110 9112 9a93a8 LCMapStringW 9110->9112 9112->9113 9113->9091 9113->9092 9113->9097 9116 9ac8b4 ___scrt_uninitialize_crt 9114->9116 9115 9ac8f2 WideCharToMultiByte 9115->9102 9116->9115 9117->8992 9128 9a9f5c 9118->9128 9120 9aa5aa 9121 9a9f5c 39 API calls 9120->9121 9122 9aa5c9 9121->9122 9123 9aa5f0 9122->9123 9124 9aa83b ___free_lconv_mon 14 API calls 9122->9124 9125 9aa82f 9123->9125 9124->9123 9142 9a970f LeaveCriticalSection 9125->9142 9127 9aa81d 9127->8654 9129 9a9f6d 9128->9129 9133 9a9f69 std::_Throw_Cpp_error 9128->9133 9130 9a9f74 9129->9130 9134 9a9f87 std::bad_exception::bad_exception 9129->9134 9131 9aaec7 __strnicoll 14 API calls 9130->9131 9132 9a9f79 9131->9132 9135 9a786b __strnicoll 39 API calls 9132->9135 9133->9120 9134->9133 9136 9a9fbe 9134->9136 9137 9a9fb5 9134->9137 9135->9133 9136->9133 9139 9aaec7 __strnicoll 14 API calls 9136->9139 9138 9aaec7 __strnicoll 14 API calls 9137->9138 9140 9a9fba 9138->9140 9139->9140 9141 9a786b __strnicoll 39 API calls 9140->9141 9141->9133 9142->9127 9144 9a8dca 9143->9144 9145 9a8dd8 9143->9145 9144->9145 9150 9a8df0 9144->9150 9146 9aaec7 __strnicoll 14 API calls 9145->9146 9147 9a8de0 9146->9147 9148 9a786b __strnicoll 39 API calls 9147->9148 9149 9a8dea 9148->9149 9149->8603 9150->9149 9151 9aaec7 __strnicoll 14 API calls 9150->9151 9151->9147 9153 9a767c 9152->9153 9154 9a765f 9152->9154 9153->8604 9155 9a7676 9154->9155 9156 9aa83b ___free_lconv_mon 14 API calls 9154->9156 9157 9aa83b ___free_lconv_mon 14 API calls 9155->9157 9156->9154 9157->9153 9159 9a78a4 9158->9159 9160 9a78cc _unexpected 8 API calls 9159->9160 9161 9a78b9 GetCurrentProcess TerminateProcess 9160->9161 9161->8610 9163 9aca7f 9162->9163 9164 9aca90 9163->9164 9167 9acaa3 ___from_strstr_to_strchr 9163->9167 9165 9aaec7 __strnicoll 14 API calls 9164->9165 9174 9aca95 9165->9174 9166 9accba 9168 9aaec7 __strnicoll 14 API calls 9166->9168 9167->9166 9169 9acac3 9167->9169 9170 9accbf 9168->9170 9225 9accdf 9169->9225 9172 9aa83b ___free_lconv_mon 14 API calls 9170->9172 9172->9174 9174->8552 9175 9acb07 9176 9acaf3 9175->9176 9229 9accf9 9175->9229 9182 9aa83b ___free_lconv_mon 14 API calls 9176->9182 9177 9acb09 9177->9176 9181 9aaf77 __dosmaperr 14 API calls 9177->9181 9178 9acae5 9184 9acaee 9178->9184 9185 9acb02 9178->9185 9183 9acb17 9181->9183 9182->9174 9187 9aa83b ___free_lconv_mon 14 API calls 9183->9187 9189 9aaec7 __strnicoll 14 API calls 9184->9189 9190 9accdf 39 API calls 9185->9190 9186 9acb7c 9191 9aa83b ___free_lconv_mon 14 API calls 9186->9191 9188 9acb22 9187->9188 9188->9175 9188->9176 9194 9aaf77 __dosmaperr 14 API calls 9188->9194 9189->9176 9190->9175 9196 9acb84 9191->9196 9192 9acbc7 9192->9176 9193 9ac834 42 API calls 9192->9193 9195 9acbf5 9193->9195 9197 9acb3e 9194->9197 9198 9aa83b ___free_lconv_mon 14 API calls 9195->9198 9201 9acbb1 9196->9201 9233 9ac834 9196->9233 9200 9aa83b ___free_lconv_mon 14 API calls 9197->9200 9198->9201 9200->9175 9201->9176 9201->9201 9205 9aaf77 __dosmaperr 14 API calls 9201->9205 9223 9accaf 9201->9223 9202 9aa83b ___free_lconv_mon 14 API calls 9202->9174 9203 9acba8 9204 9aa83b ___free_lconv_mon 14 API calls 9203->9204 9204->9201 9206 9acc40 9205->9206 9207 9acc48 9206->9207 9208 9acc50 9206->9208 9209 9aa83b ___free_lconv_mon 14 API calls 9207->9209 9210 9a8dbc ___std_exception_copy 39 API calls 9208->9210 9209->9176 9211 9acc5c 9210->9211 9212 9acc63 9211->9212 9213 9accd4 9211->9213 9242 9af07c 9212->9242 9215 9a7898 __strnicoll 11 API calls 9213->9215 9217 9accde 9215->9217 9218 9acc8a 9220 9aaec7 __strnicoll 14 API calls 9218->9220 9219 9acca9 9221 9aa83b ___free_lconv_mon 14 API calls 9219->9221 9222 9acc8f 9220->9222 9221->9223 9224 9aa83b ___free_lconv_mon 14 API calls 9222->9224 9223->9202 9224->9176 9226 9acace 9225->9226 9227 9accec 9225->9227 9226->9175 9226->9177 9226->9178 9257 9acd4e 9227->9257 9230 9acb6c 9229->9230 9232 9acd0f 9229->9232 9230->9186 9230->9192 9232->9230 9272 9aef8b 9232->9272 9234 9ac85c 9233->9234 9235 9ac841 9233->9235 9236 9ac86b 9234->9236 9372 9aedb8 9234->9372 9235->9234 9237 9ac84d 9235->9237 9379 9aedeb 9236->9379 9239 9aaec7 __strnicoll 14 API calls 9237->9239 9241 9ac852 std::bad_exception::bad_exception 9239->9241 9241->9203 9391 9ab9e4 9242->9391 9246 9af0ef 9249 9af0fb 9246->9249 9250 9aa83b ___free_lconv_mon 14 API calls 9246->9250 9248 9ab9e4 39 API calls 9252 9af0cc 9248->9252 9251 9acc84 9249->9251 9253 9aa83b ___free_lconv_mon 14 API calls 9249->9253 9250->9249 9251->9218 9251->9219 9254 9aba7c 17 API calls 9252->9254 9253->9251 9255 9af0d9 9254->9255 9255->9246 9256 9af0e3 SetEnvironmentVariableW 9255->9256 9256->9246 9258 9acd5c 9257->9258 9259 9acd61 9257->9259 9258->9226 9260 9aaf77 __dosmaperr 14 API calls 9259->9260 9266 9acd7e 9260->9266 9261 9acdec 9262 9a7da6 CallUnexpected 39 API calls 9261->9262 9264 9acdf1 9262->9264 9263 9aa83b ___free_lconv_mon 14 API calls 9263->9258 9265 9a7898 __strnicoll 11 API calls 9264->9265 9267 9acdfd 9265->9267 9266->9261 9266->9264 9268 9aaf77 __dosmaperr 14 API calls 9266->9268 9269 9aa83b ___free_lconv_mon 14 API calls 9266->9269 9270 9a8dbc ___std_exception_copy 39 API calls 9266->9270 9271 9acddb 9266->9271 9268->9266 9269->9266 9270->9266 9271->9263 9273 9aef99 9272->9273 9274 9aef9f 9272->9274 9277 9af709 9273->9277 9278 9af751 9273->9278 9290 9aefb4 9274->9290 9280 9af70f 9277->9280 9283 9af72c 9277->9283 9310 9af767 9278->9310 9282 9aaec7 __strnicoll 14 API calls 9280->9282 9281 9af71f 9281->9232 9284 9af714 9282->9284 9286 9aaec7 __strnicoll 14 API calls 9283->9286 9289 9af74a 9283->9289 9285 9a786b __strnicoll 39 API calls 9284->9285 9285->9281 9287 9af73b 9286->9287 9288 9a786b __strnicoll 39 API calls 9287->9288 9288->9281 9289->9232 9291 9aa038 __strnicoll 39 API calls 9290->9291 9292 9aefca 9291->9292 9293 9aefe6 9292->9293 9294 9aeffd 9292->9294 9304 9aefaf 9292->9304 9295 9aaec7 __strnicoll 14 API calls 9293->9295 9297 9af018 9294->9297 9298 9af006 9294->9298 9296 9aefeb 9295->9296 9299 9a786b __strnicoll 39 API calls 9296->9299 9301 9af038 9297->9301 9302 9af025 9297->9302 9300 9aaec7 __strnicoll 14 API calls 9298->9300 9299->9304 9305 9af00b 9300->9305 9328 9af832 9301->9328 9306 9af767 __strnicoll 39 API calls 9302->9306 9304->9232 9308 9a786b __strnicoll 39 API calls 9305->9308 9306->9304 9308->9304 9309 9aaec7 __strnicoll 14 API calls 9309->9304 9311 9af791 9310->9311 9312 9af777 9310->9312 9314 9af799 9311->9314 9315 9af7b0 9311->9315 9313 9aaec7 __strnicoll 14 API calls 9312->9313 9318 9af77c 9313->9318 9319 9aaec7 __strnicoll 14 API calls 9314->9319 9316 9af7bc 9315->9316 9317 9af7d3 9315->9317 9321 9aaec7 __strnicoll 14 API calls 9316->9321 9325 9aa038 __strnicoll 39 API calls 9317->9325 9327 9af787 9317->9327 9322 9a786b __strnicoll 39 API calls 9318->9322 9320 9af79e 9319->9320 9323 9a786b __strnicoll 39 API calls 9320->9323 9324 9af7c1 9321->9324 9322->9327 9323->9327 9326 9a786b __strnicoll 39 API calls 9324->9326 9325->9327 9326->9327 9327->9281 9329 9aa038 __strnicoll 39 API calls 9328->9329 9330 9af845 9329->9330 9333 9af878 9330->9333 9334 9af8ac __strnicoll 9333->9334 9337 9af92c 9334->9337 9338 9afb10 9334->9338 9340 9af919 GetCPInfo 9334->9340 9345 9af930 9334->9345 9335 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9336 9af04e 9335->9336 9336->9304 9336->9309 9339 9ab55e __strnicoll MultiByteToWideChar 9337->9339 9337->9345 9342 9af9b2 9339->9342 9340->9337 9340->9345 9341 9afb04 9343 9ab43d __freea 14 API calls 9341->9343 9342->9341 9344 9ab3b5 __strnicoll 15 API calls 9342->9344 9342->9345 9346 9af9d9 __alloca_probe_16 9342->9346 9343->9345 9344->9346 9345->9335 9345->9338 9346->9341 9347 9ab55e __strnicoll MultiByteToWideChar 9346->9347 9348 9afa25 9347->9348 9348->9341 9349 9ab55e __strnicoll MultiByteToWideChar 9348->9349 9350 9afa41 9349->9350 9350->9341 9351 9afa4f 9350->9351 9352 9afab2 9351->9352 9354 9ab3b5 __strnicoll 15 API calls 9351->9354 9357 9afa68 __alloca_probe_16 9351->9357 9353 9ab43d __freea 14 API calls 9352->9353 9355 9afab8 9353->9355 9354->9357 9356 9ab43d __freea 14 API calls 9355->9356 9356->9345 9357->9352 9358 9ab55e __strnicoll MultiByteToWideChar 9357->9358 9359 9afaab 9358->9359 9359->9352 9360 9afad4 9359->9360 9366 9a91b0 9360->9366 9363 9ab43d __freea 14 API calls 9364 9afaf4 9363->9364 9365 9ab43d __freea 14 API calls 9364->9365 9365->9345 9367 9a9638 __strnicoll 5 API calls 9366->9367 9368 9a91bb 9367->9368 9369 9a93b4 __strnicoll 5 API calls 9368->9369 9371 9a91c1 9368->9371 9370 9a9201 CompareStringW 9369->9370 9370->9371 9371->9363 9373 9aedd8 HeapSize 9372->9373 9374 9aedc3 9372->9374 9373->9236 9375 9aaec7 __strnicoll 14 API calls 9374->9375 9376 9aedc8 9375->9376 9377 9a786b __strnicoll 39 API calls 9376->9377 9378 9aedd3 9377->9378 9378->9236 9380 9aedf8 9379->9380 9381 9aee03 9379->9381 9384 9ab3b5 __strnicoll 15 API calls 9380->9384 9382 9aee0b 9381->9382 9383 9aee14 __dosmaperr 9381->9383 9385 9aa83b ___free_lconv_mon 14 API calls 9382->9385 9386 9aee19 9383->9386 9387 9aee3e HeapReAlloc 9383->9387 9390 9a6d13 __dosmaperr 2 API calls 9383->9390 9388 9aee00 9384->9388 9385->9388 9389 9aaec7 __strnicoll 14 API calls 9386->9389 9387->9383 9387->9388 9388->9241 9389->9388 9390->9383 9392 9aa038 __strnicoll 39 API calls 9391->9392 9393 9ab9f6 9392->9393 9394 9aba08 9393->9394 9399 9a9191 9393->9399 9396 9aba7c 9394->9396 9405 9abc52 9396->9405 9402 9a961e 9399->9402 9403 9a9599 __dosmaperr 5 API calls 9402->9403 9404 9a9199 9403->9404 9404->9394 9406 9abc7a 9405->9406 9407 9abc60 9405->9407 9409 9abca0 9406->9409 9410 9abc81 9406->9410 9423 9aba62 9407->9423 9411 9ab55e __strnicoll MultiByteToWideChar 9409->9411 9422 9aba94 9410->9422 9427 9aba23 9410->9427 9416 9abcaf 9411->9416 9413 9abcb6 GetLastError 9432 9aaeed 9413->9432 9415 9abcdc 9419 9ab55e __strnicoll MultiByteToWideChar 9415->9419 9415->9422 9416->9413 9416->9415 9418 9aba23 15 API calls 9416->9418 9418->9415 9421 9abcf3 9419->9421 9420 9aaec7 __strnicoll 14 API calls 9420->9422 9421->9413 9421->9422 9422->9246 9422->9248 9424 9aba75 9423->9424 9425 9aba6d 9423->9425 9424->9422 9426 9aa83b ___free_lconv_mon 14 API calls 9425->9426 9426->9424 9428 9aba62 14 API calls 9427->9428 9429 9aba31 9428->9429 9437 9ab9c5 9429->9437 9440 9aaeda 9432->9440 9434 9aaef8 __dosmaperr 9435 9aaec7 __strnicoll 14 API calls 9434->9435 9436 9aaf0b 9435->9436 9436->9420 9438 9ab3b5 __strnicoll 15 API calls 9437->9438 9439 9ab9d2 9438->9439 9439->9422 9441 9a98d8 __dosmaperr 14 API calls 9440->9441 9442 9aaedf 9441->9442 9442->9434 9444 9a1ca1 9443->9444 9453 9a3c1a 9444->9453 9446 9a1cd1 9467 9a1dc0 9446->9467 9451 9a1d52 9451->8414 9456 9a3c1f 9453->9456 9455 9a3c39 9455->9446 9456->9455 9457 9a6d13 __dosmaperr 2 API calls 9456->9457 9459 9a3c3b std::_Throw_Cpp_error 9456->9459 9487 9a7e10 9456->9487 9457->9456 9458 9a449e std::_Throw_Cpp_error 9460 9a556e std::_Throw_Cpp_error RaiseException 9458->9460 9459->9458 9494 9a556e 9459->9494 9462 9a44bb IsProcessorFeaturePresent 9460->9462 9464 9a44d1 9462->9464 9497 9a45b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9464->9497 9466 9a45b4 9466->9446 9498 9a32d0 9467->9498 9469 9a1d00 9470 9a1e00 9469->9470 9471 9a1e1e 9470->9471 9472 9a1e32 GetCurrentThreadId 9471->9472 9473 9a3e7f std::_Throw_Cpp_error 42 API calls 9471->9473 9474 9a1e59 9472->9474 9475 9a1e4d 9472->9475 9473->9472 9822 9a442d WaitForSingleObjectEx 9474->9822 9476 9a3e7f std::_Throw_Cpp_error 42 API calls 9475->9476 9476->9474 9479 9a1e98 9481 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9479->9481 9480 9a3e7f std::_Throw_Cpp_error 42 API calls 9480->9479 9482 9a1d2c 9481->9482 9482->9451 9483 9a1ed0 9482->9483 9484 9a1edf 9483->9484 9485 9a1ee7 9484->9485 9828 9a7eab 9484->9828 9485->9451 9489 9ab3b5 __dosmaperr 9487->9489 9488 9ab3f3 9491 9aaec7 __strnicoll 14 API calls 9488->9491 9489->9488 9490 9ab3de RtlAllocateHeap 9489->9490 9493 9a6d13 __dosmaperr 2 API calls 9489->9493 9490->9489 9492 9ab3f1 9490->9492 9491->9492 9492->9456 9493->9489 9495 9a5588 9494->9495 9496 9a55b6 RaiseException 9494->9496 9495->9496 9496->9458 9497->9466 9508 9a3400 9498->9508 9500 9a3327 9515 9a67f4 9500->9515 9502 9a3379 9503 9a3393 9502->9503 9504 9a33a0 9502->9504 9530 9a35c0 9503->9530 9534 9a3e7f 9504->9534 9507 9a339b 9507->9469 9509 9a3c1a std::_Throw_Cpp_error 21 API calls 9508->9509 9510 9a3449 9509->9510 9540 9a3650 9510->9540 9516 9a6801 9515->9516 9517 9a6815 9515->9517 9518 9aaec7 __strnicoll 14 API calls 9516->9518 9558 9a6885 9517->9558 9520 9a6806 9518->9520 9522 9a786b __strnicoll 39 API calls 9520->9522 9524 9a6811 9522->9524 9523 9a682a CreateThread 9525 9a6849 GetLastError 9523->9525 9526 9a6855 9523->9526 9575 9a690c 9523->9575 9524->9502 9528 9aaeed __dosmaperr 14 API calls 9525->9528 9567 9a68d5 9526->9567 9528->9526 9531 9a35ec 9530->9531 9532 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9531->9532 9533 9a35f9 9532->9533 9533->9507 9535 9a3e95 std::_Throw_Cpp_error 9534->9535 9701 9a40a7 9535->9701 9549 9a3700 9540->9549 9543 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9544 9a3473 9543->9544 9545 9a36b0 9544->9545 9546 9a36e0 9545->9546 9547 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9546->9547 9548 9a348b 9547->9548 9548->9500 9554 9a3760 9549->9554 9551 9a3733 9552 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9551->9552 9553 9a368c 9552->9553 9553->9543 9555 9a3789 9554->9555 9556 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9555->9556 9557 9a37a7 9556->9557 9557->9551 9559 9aaf77 __dosmaperr 14 API calls 9558->9559 9560 9a6896 9559->9560 9561 9aa83b ___free_lconv_mon 14 API calls 9560->9561 9562 9a68a3 9561->9562 9563 9a68aa GetModuleHandleExW 9562->9563 9564 9a68c7 9562->9564 9563->9564 9565 9a68d5 16 API calls 9564->9565 9566 9a6821 9565->9566 9566->9523 9566->9526 9568 9a68e1 9567->9568 9569 9a6860 9567->9569 9570 9a68f0 9568->9570 9571 9a68e7 CloseHandle 9568->9571 9569->9502 9572 9a68ff 9570->9572 9573 9a68f6 FreeLibrary 9570->9573 9571->9570 9574 9aa83b ___free_lconv_mon 14 API calls 9572->9574 9573->9572 9574->9569 9576 9a6918 ___scrt_is_nonwritable_in_current_image 9575->9576 9577 9a691f GetLastError ExitThread 9576->9577 9578 9a692c 9576->9578 9579 9a9787 _unexpected 39 API calls 9578->9579 9580 9a6931 9579->9580 9591 9ab0e6 9580->9591 9583 9a6948 9595 9a34c0 9583->9595 9585 9a6964 9605 9a6877 9585->9605 9592 9a693c 9591->9592 9593 9ab0f6 _unexpected 9591->9593 9592->9583 9602 9a93e5 9592->9602 9593->9592 9608 9a948e 9593->9608 9596 9a36b0 5 API calls 9595->9596 9597 9a3502 std::_Throw_Cpp_error 9596->9597 9611 9a3820 9597->9611 9601 9a3552 9601->9585 9603 9a9599 __dosmaperr 5 API calls 9602->9603 9604 9a9401 9603->9604 9604->9583 9689 9a698a 9605->9689 9609 9a9599 __dosmaperr 5 API calls 9608->9609 9610 9a94aa 9609->9610 9610->9592 9622 9a1930 9611->9622 9614 9a432f GetCurrentThreadId 9676 9a43f0 9614->9676 9616 9a43d0 9617 9a46d7 ReleaseSRWLockExclusive 9616->9617 9618 9a43da 9617->9618 9618->9601 9619 9a436c 9619->9616 9682 9a46d7 9619->9682 9685 9a4822 WakeAllConditionVariable 9619->9685 9642 9a1770 GetPEB 9622->9642 9624 9a1971 9643 9a11d0 9624->9643 9627 9a19f0 GetFileSize 9628 9a1a17 CloseHandle 9627->9628 9631 9a1a30 9627->9631 9641 9a19e6 9628->9641 9629 9a1aec 9629->9614 9630 9a1bc8 9649 9a17e0 9630->9649 9634 9a1a4a ReadFile 9631->9634 9635 9a1a8c 9634->9635 9636 9a1acd CloseHandle 9634->9636 9637 9a1ab4 CloseHandle 9635->9637 9639 9a1a9e 9635->9639 9636->9641 9637->9641 9639->9637 9641->9629 9641->9630 9664 9a1360 9641->9664 9668 9a1000 9641->9668 9672 9a1430 9641->9672 9642->9624 9647 9a1251 9643->9647 9644 9a1360 std::_Throw_Cpp_error 42 API calls 9644->9647 9645 9a1000 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9645->9647 9646 9a1430 39 API calls 9646->9647 9647->9644 9647->9645 9647->9646 9648 9a1303 CreateFileA 9647->9648 9648->9627 9648->9641 9650 9a11d0 42 API calls 9649->9650 9651 9a1843 FreeConsole 9650->9651 9652 9a14a0 20 API calls 9651->9652 9653 9a1870 9652->9653 9654 9a14a0 20 API calls 9653->9654 9655 9a18aa 9654->9655 9656 9a11d0 42 API calls 9655->9656 9657 9a18bf VirtualProtect 9656->9657 9659 9a1911 9657->9659 9660 9a1906 9657->9660 9662 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9659->9662 9661 9a17a0 ExitProcess 9660->9661 9661->9659 9663 9a1920 9662->9663 9663->9629 9665 9a13a8 std::_Throw_Cpp_error 9664->9665 9666 9a3120 std::_Throw_Cpp_error 42 API calls 9665->9666 9667 9a13e3 9666->9667 9667->9641 9671 9a1032 9668->9671 9669 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9670 9a117a 9669->9670 9670->9641 9671->9669 9673 9a146a 9672->9673 9674 9a2f00 std::_Throw_Cpp_error 39 API calls 9673->9674 9675 9a1473 9674->9675 9675->9641 9686 9a46c6 9676->9686 9678 9a43f9 9679 9a3e7f std::_Throw_Cpp_error 42 API calls 9678->9679 9680 9a440d 9678->9680 9681 9a4416 9679->9681 9680->9619 9683 9a46f2 9682->9683 9684 9a46e4 ReleaseSRWLockExclusive 9682->9684 9683->9619 9684->9683 9685->9619 9687 9a46f6 12 API calls 9686->9687 9688 9a46d3 9687->9688 9688->9678 9690 9a98d8 __dosmaperr 14 API calls 9689->9690 9692 9a6995 9690->9692 9691 9a69d7 ExitThread 9692->9691 9693 9a69ae 9692->9693 9698 9a9420 9692->9698 9695 9a69c1 9693->9695 9696 9a69ba CloseHandle 9693->9696 9695->9691 9697 9a69cd FreeLibraryAndExitThread 9695->9697 9696->9695 9697->9691 9699 9a9599 __dosmaperr 5 API calls 9698->9699 9700 9a9439 9699->9700 9700->9693 9702 9a40b3 __EH_prolog3_GS 9701->9702 9703 9a1360 std::_Throw_Cpp_error 42 API calls 9702->9703 9704 9a40c7 9703->9704 9711 9a3fe4 9704->9711 9731 9a3d75 9711->9731 9718 9a2f00 std::_Throw_Cpp_error 39 API calls 9719 9a402d 9718->9719 9720 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9719->9720 9721 9a404c 9720->9721 9722 9a2f00 9721->9722 9723 9a2f24 std::_Throw_Cpp_error 9722->9723 9724 9a2f34 std::_Throw_Cpp_error 9723->9724 9810 9a2fd0 9723->9810 9726 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9724->9726 9727 9a2f9e 9726->9727 9728 9a46b7 9727->9728 9729 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9728->9729 9730 9a46c1 9729->9730 9730->9730 9732 9a3d98 9731->9732 9753 9a4160 9732->9753 9734 9a3da3 9735 9a3f71 9734->9735 9736 9a3f7d __EH_prolog3_GS 9735->9736 9738 9a3f9c std::_Throw_Cpp_error 9736->9738 9776 9a3dab 9736->9776 9739 9a3dab std::_Throw_Cpp_error 42 API calls 9738->9739 9740 9a3fc1 9739->9740 9741 9a2f00 std::_Throw_Cpp_error 39 API calls 9740->9741 9742 9a3fc9 9741->9742 9780 9a1f40 9742->9780 9745 9a2f00 std::_Throw_Cpp_error 39 API calls 9746 9a3fdc 9745->9746 9747 9a46b7 std::_Throw_Cpp_error 5 API calls 9746->9747 9748 9a3fe3 9747->9748 9749 9a3e0f 9748->9749 9750 9a3e22 9749->9750 9799 9a3c9c 9750->9799 9754 9a41cc 9753->9754 9755 9a4173 9753->9755 9773 9a2c90 9754->9773 9761 9a417d std::_Throw_Cpp_error 9755->9761 9762 9a2d10 9755->9762 9761->9734 9764 9a2d3e std::_Throw_Cpp_error 9762->9764 9763 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9765 9a2d9d 9763->9765 9764->9763 9766 9a2360 9765->9766 9767 9a237f 9766->9767 9768 9a2373 9766->9768 9769 9a239f 9767->9769 9770 9a238c 9767->9770 9768->9761 9772 9a2430 std::_Throw_Cpp_error 21 API calls 9769->9772 9771 9a23c0 std::_Throw_Cpp_error 42 API calls 9770->9771 9771->9768 9772->9768 9774 9a42ba std::_Xinvalid_argument 41 API calls 9773->9774 9775 9a2ca2 9774->9775 9777 9a3dfa 9776->9777 9779 9a3dc5 std::_Throw_Cpp_error 9776->9779 9784 9a41d2 9777->9784 9779->9738 9781 9a1f82 std::_Throw_Cpp_error 9780->9781 9795 9a2090 9781->9795 9785 9a429c 9784->9785 9786 9a41f6 9784->9786 9788 9a2c90 std::_Throw_Cpp_error 41 API calls 9785->9788 9787 9a2d10 std::_Throw_Cpp_error 5 API calls 9786->9787 9789 9a4208 9787->9789 9790 9a42a1 9788->9790 9791 9a2360 std::_Throw_Cpp_error 42 API calls 9789->9791 9792 9a4213 std::_Throw_Cpp_error 9791->9792 9793 9a2b30 std::_Throw_Cpp_error 39 API calls 9792->9793 9794 9a4267 std::_Throw_Cpp_error 9792->9794 9793->9794 9794->9779 9796 9a20d5 std::_Throw_Cpp_error 9795->9796 9797 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9796->9797 9798 9a1fc1 9797->9798 9798->9745 9802 9a5b4b 9799->9802 9803 9a5b58 9802->9803 9809 9a3cc8 9802->9809 9804 9a7e10 ___std_exception_copy 15 API calls 9803->9804 9803->9809 9805 9a5b75 9804->9805 9806 9a5b85 9805->9806 9807 9a8dbc ___std_exception_copy 39 API calls 9805->9807 9808 9a7df5 ___vcrt_freefls@4 14 API calls 9806->9808 9807->9806 9808->9809 9809->9718 9813 9a3020 9810->9813 9816 9a2b30 9813->9816 9817 9a2b53 9816->9817 9818 9a2b65 std::_Throw_Cpp_error 9816->9818 9819 9a2b90 std::_Throw_Cpp_error 39 API calls 9817->9819 9820 9a3c8e __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 9818->9820 9819->9818 9821 9a2b81 9820->9821 9821->9724 9823 9a1e83 9822->9823 9824 9a4444 9822->9824 9823->9479 9823->9480 9825 9a444b GetExitCodeThread 9824->9825 9826 9a4461 CloseHandle 9824->9826 9825->9823 9827 9a445c 9825->9827 9826->9823 9827->9826 9829 9a7eb7 ___scrt_is_nonwritable_in_current_image 9828->9829 9830 9a9787 _unexpected 39 API calls 9829->9830 9833 9a7ebc 9830->9833 9831 9a7da6 CallUnexpected 39 API calls 9832 9a7ee6 9831->9832 9833->9831 9835 9a6b59 9834->9835 9843 9a6b6a 9834->9843 9836 9a4fd4 _unexpected GetModuleHandleW 9835->9836 9838 9a6b5e 9836->9838 9838->9843 9845 9a6a60 GetModuleHandleExW 9838->9845 9840 9a6a18 9840->8393 9850 9a6cc6 9843->9850 9846 9a6a9f GetProcAddress 9845->9846 9847 9a6ab3 9845->9847 9846->9847 9848 9a6acf 9847->9848 9849 9a6ac6 FreeLibrary 9847->9849 9848->9843 9849->9848 9851 9a6cd2 ___scrt_is_nonwritable_in_current_image 9850->9851 9865 9a96f8 EnterCriticalSection 9851->9865 9853 9a6cdc 9866 9a6bc3 9853->9866 9855 9a6ce9 9870 9a6d07 9855->9870 9858 9a6afb 9895 9a6ae2 9858->9895 9860 9a6b05 9861 9a6b19 9860->9861 9862 9a6b09 GetCurrentProcess TerminateProcess 9860->9862 9863 9a6a60 _unexpected 3 API calls 9861->9863 9862->9861 9864 9a6b21 ExitProcess 9863->9864 9865->9853 9869 9a6bcf ___scrt_is_nonwritable_in_current_image _unexpected 9866->9869 9868 9a6c33 _unexpected 9868->9855 9869->9868 9873 9a726d 9869->9873 9894 9a970f LeaveCriticalSection 9870->9894 9872 9a6ba2 9872->9840 9872->9858 9874 9a7279 __EH_prolog3 9873->9874 9877 9a74f8 9874->9877 9876 9a72a0 _unexpected 9876->9868 9878 9a7504 ___scrt_is_nonwritable_in_current_image 9877->9878 9885 9a96f8 EnterCriticalSection 9878->9885 9880 9a7512 9886 9a73c3 9880->9886 9885->9880 9888 9a73da 9886->9888 9889 9a73e2 9886->9889 9887 9aa83b ___free_lconv_mon 14 API calls 9887->9888 9890 9a7547 9888->9890 9889->9887 9889->9888 9893 9a970f LeaveCriticalSection 9890->9893 9892 9a7530 9892->9876 9893->9892 9894->9872 9898 9ab0bf 9895->9898 9897 9a6ae7 _unexpected 9897->9860 9899 9ab0ce _unexpected 9898->9899 9900 9ab0db 9899->9900 9902 9a944e 9899->9902 9900->9897 9903 9a9599 __dosmaperr 5 API calls 9902->9903 9904 9a946a 9903->9904 9904->9900 9906 9a65b6 ___scrt_uninitialize_crt 9905->9906 9907 9a65a4 9905->9907 9906->8430 9908 9a65b2 9907->9908 9910 9aac17 9907->9910 9908->8430 9913 9aad42 9910->9913 9916 9aae1b 9913->9916 9917 9aae27 ___scrt_is_nonwritable_in_current_image 9916->9917 9924 9a96f8 EnterCriticalSection 9917->9924 9919 9aae9d 9933 9aaebb 9919->9933 9920 9aae31 ___scrt_uninitialize_crt 9920->9919 9925 9aad8f 9920->9925 9924->9920 9926 9aad9b ___scrt_is_nonwritable_in_current_image 9925->9926 9936 9a6616 EnterCriticalSection 9926->9936 9928 9aada5 ___scrt_uninitialize_crt 9929 9aadde 9928->9929 9937 9aac20 9928->9937 9950 9aae0f 9929->9950 10049 9a970f LeaveCriticalSection 9933->10049 9935 9aac1e 9935->9908 9936->9928 9938 9aac35 __strnicoll 9937->9938 9939 9aac3c 9938->9939 9940 9aac47 9938->9940 9942 9aad42 ___scrt_uninitialize_crt 68 API calls 9939->9942 9953 9aac85 9940->9953 9949 9aac42 9942->9949 9944 9a7ad9 __strnicoll 39 API calls 9946 9aac7f 9944->9946 9946->9929 9947 9aac68 9966 9ad7df 9947->9966 9949->9944 10048 9a662a LeaveCriticalSection 9950->10048 9952 9aadfd 9952->9920 9954 9aac9e 9953->9954 9958 9aac51 9953->9958 9955 9ad0a3 ___scrt_uninitialize_crt 39 API calls 9954->9955 9954->9958 9956 9aacba 9955->9956 9977 9adb1a 9956->9977 9958->9949 9959 9ad0a3 9958->9959 9960 9ad0af 9959->9960 9961 9ad0c4 9959->9961 9962 9aaec7 __strnicoll 14 API calls 9960->9962 9961->9947 9963 9ad0b4 9962->9963 9964 9a786b __strnicoll 39 API calls 9963->9964 9965 9ad0bf 9964->9965 9965->9947 9967 9ad7fd 9966->9967 9968 9ad7f0 9966->9968 9970 9ad846 9967->9970 9974 9ad824 9967->9974 9969 9aaec7 __strnicoll 14 API calls 9968->9969 9973 9ad7f5 9969->9973 9971 9aaec7 __strnicoll 14 API calls 9970->9971 9972 9ad84b 9971->9972 9976 9a786b __strnicoll 39 API calls 9972->9976 9973->9949 10018 9ad85c 9974->10018 9976->9973 9978 9adb26 ___scrt_is_nonwritable_in_current_image 9977->9978 9979 9adb2e 9978->9979 9980 9adb67 9978->9980 9982 9adbad 9978->9982 9979->9958 9981 9a7a14 __strnicoll 29 API calls 9980->9981 9981->9979 9988 9ad047 EnterCriticalSection 9982->9988 9984 9adbb3 9985 9adbd1 9984->9985 9989 9ad8fe 9984->9989 10015 9adc23 9985->10015 9988->9984 9990 9ad926 9989->9990 10013 9ad949 ___scrt_uninitialize_crt 9989->10013 9991 9ad92a 9990->9991 9993 9ad985 9990->9993 9992 9a7a14 __strnicoll 29 API calls 9991->9992 9992->10013 9994 9ad9a3 9993->9994 9996 9af111 ___scrt_uninitialize_crt 41 API calls 9993->9996 9995 9adc2b ___scrt_uninitialize_crt 40 API calls 9994->9995 9997 9ad9b5 9995->9997 9996->9994 9998 9ad9bb 9997->9998 9999 9ada02 9997->9999 10000 9ad9ea 9998->10000 10001 9ad9c3 9998->10001 10002 9ada6b WriteFile 9999->10002 10003 9ada16 9999->10003 10006 9adca8 ___scrt_uninitialize_crt 45 API calls 10000->10006 10010 9ae06f ___scrt_uninitialize_crt 6 API calls 10001->10010 10001->10013 10007 9ada8d GetLastError 10002->10007 10002->10013 10004 9ada1e 10003->10004 10005 9ada57 10003->10005 10008 9ada43 10004->10008 10009 9ada23 10004->10009 10011 9ae0d7 ___scrt_uninitialize_crt 7 API calls 10005->10011 10006->10013 10007->10013 10012 9ae29b ___scrt_uninitialize_crt 8 API calls 10008->10012 10009->10013 10014 9ae1b2 ___scrt_uninitialize_crt 7 API calls 10009->10014 10010->10013 10011->10013 10012->10013 10013->9985 10014->10013 10016 9ad06a ___scrt_uninitialize_crt LeaveCriticalSection 10015->10016 10017 9adc29 10016->10017 10017->9979 10019 9ad868 ___scrt_is_nonwritable_in_current_image 10018->10019 10031 9ad047 EnterCriticalSection 10019->10031 10021 9ad877 10029 9ad8bc 10021->10029 10032 9acdfe 10021->10032 10023 9aaec7 __strnicoll 14 API calls 10025 9ad8c3 10023->10025 10024 9ad8a3 FlushFileBuffers 10024->10025 10026 9ad8af GetLastError 10024->10026 10045 9ad8f2 10025->10045 10027 9aaeda __dosmaperr 14 API calls 10026->10027 10027->10029 10029->10023 10031->10021 10033 9ace0b 10032->10033 10034 9ace20 10032->10034 10035 9aaeda __dosmaperr 14 API calls 10033->10035 10037 9aaeda __dosmaperr 14 API calls 10034->10037 10039 9ace45 10034->10039 10036 9ace10 10035->10036 10038 9aaec7 __strnicoll 14 API calls 10036->10038 10040 9ace50 10037->10040 10041 9ace18 10038->10041 10039->10024 10042 9aaec7 __strnicoll 14 API calls 10040->10042 10041->10024 10043 9ace58 10042->10043 10044 9a786b __strnicoll 39 API calls 10043->10044 10044->10041 10046 9ad06a ___scrt_uninitialize_crt LeaveCriticalSection 10045->10046 10047 9ad8db 10046->10047 10047->9973 10048->9952 10049->9935

                                                            Executed Functions

                                                            Function 009BA1A9 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,009BA11B,009BA10B), ref: 009BA33F
                                                            • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 009BA352
                                                            • Wow64GetThreadContext.KERNEL32(0000010C,00000000), ref: 009BA370
                                                            • ReadProcessMemory.KERNELBASE(00000110,?,009BA15F,00000004,00000000), ref: 009BA394
                                                            • VirtualAllocEx.KERNELBASE(00000110,?,?,00003000,00000040), ref: 009BA3BF
                                                            • WriteProcessMemory.KERNELBASE(00000110,00000000,?,?,00000000,?), ref: 009BA417
                                                            • WriteProcessMemory.KERNELBASE(00000110,00400000,?,?,00000000,?,00000028), ref: 009BA462
                                                            • WriteProcessMemory.KERNELBASE(00000110,?,?,00000004,00000000), ref: 009BA4A0
                                                            • Wow64SetThreadContext.KERNEL32(0000010C,00980000), ref: 009BA4DC
                                                            • ResumeThread.KERNELBASE(0000010C), ref: 009BA4EB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                            • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                            • API String ID: 2687962208-3857624555
                                                            • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                            • Instruction ID: aba553202450b39f9cdcbf24903983d6fe70be683a71636a562ca45e9e6ba17e
                                                            • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                            • Instruction Fuzzy Hash: F2B1087260024AAFDB60CF68CD80BDA73A5FF88724F158524EA0CAB341D774FA51CB94
                                                            Function 009A94CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 26 9a94ce-9a94da 27 9a956c-9a956f 26->27 28 9a94df-9a94f0 27->28 29 9a9575 27->29 31 9a94fd-9a9516 LoadLibraryExW 28->31 32 9a94f2-9a94f5 28->32 30 9a9577-9a957b 29->30 35 9a9518-9a9521 GetLastError 31->35 36 9a957c-9a958c 31->36 33 9a94fb 32->33 34 9a9595-9a9597 32->34 38 9a9569 33->38 34->30 39 9a955a-9a9567 35->39 40 9a9523-9a9535 call 9ab403 35->40 36->34 37 9a958e-9a958f FreeLibrary 36->37 37->34 38->27 39->38 40->39 43 9a9537-9a9549 call 9ab403 40->43 43->39 46 9a954b-9a9558 LoadLibraryExW 43->46 46->36 46->39
                                                            APIs
                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,E99BA2FA,?,009A95DD,?,?,00000000), ref: 009A958F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary
                                                            • String ID: api-ms-$ext-ms-
                                                            • API String ID: 3664257935-537541572
                                                            • Opcode ID: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                            • Instruction ID: a85474ac283111abf3178413e80806fcab9311c6e02d78736d2aacf71f32731b
                                                            • Opcode Fuzzy Hash: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                            • Instruction Fuzzy Hash: 1A215035E05211A7C7229B64DC41A6E77ACFB8B7B1F140610FD06A72D1DB70EE01D6D0
                                                            Function 009A1930 Relevance: 9.2, APIs: 6, Instructions: 196fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: File$CloseCreateHandleSize
                                                            • String ID:
                                                            • API String ID: 1378416451-0
                                                            • Opcode ID: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                            • Instruction ID: 01dbf0d9918108c55e6b4145a7798ef981f9bb530ca0a367eb947cb308af8286
                                                            • Opcode Fuzzy Hash: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                            • Instruction Fuzzy Hash: F481F0B4D0A258DFCB00DFA8D584BAEBBF0BF4A314F104929E455A7381D7789948CF96
                                                            Function 009AD525 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 86 9ad525-9ad53e 87 9ad540-9ad550 call 9af2f0 86->87 88 9ad554-9ad559 86->88 87->88 94 9ad552 87->94 89 9ad55b-9ad563 88->89 90 9ad566-9ad58c call 9ab55e 88->90 89->90 96 9ad702-9ad713 call 9a3c8e 90->96 97 9ad592-9ad59d 90->97 94->88 98 9ad5a3-9ad5a8 97->98 99 9ad6f5 97->99 102 9ad5aa-9ad5b3 call 9ae580 98->102 103 9ad5c1-9ad5cc call 9ab3b5 98->103 104 9ad6f7 99->104 102->104 111 9ad5b9-9ad5bf 102->111 103->104 113 9ad5d2 103->113 106 9ad6f9-9ad700 call 9ab43d 104->106 106->96 114 9ad5d8-9ad5dd 111->114 113->114 114->104 115 9ad5e3-9ad5f8 call 9ab55e 114->115 115->104 118 9ad5fe-9ad610 call 9a9357 115->118 120 9ad615-9ad619 118->120 120->104 121 9ad61f-9ad627 120->121 122 9ad629-9ad62e 121->122 123 9ad661-9ad66d 121->123 122->106 124 9ad634-9ad636 122->124 125 9ad6ea 123->125 126 9ad66f-9ad671 123->126 124->104 130 9ad63c-9ad656 call 9a9357 124->130 129 9ad6ec-9ad6f3 call 9ab43d 125->129 127 9ad673-9ad67c call 9ae580 126->127 128 9ad686-9ad691 call 9ab3b5 126->128 127->129 139 9ad67e-9ad684 127->139 128->129 140 9ad693 128->140 129->104 130->106 141 9ad65c 130->141 142 9ad699-9ad69e 139->142 140->142 141->104 142->129 143 9ad6a0-9ad6b8 call 9a9357 142->143 143->129 146 9ad6ba-9ad6c1 143->146 147 9ad6e2-9ad6e8 146->147 148 9ad6c3-9ad6c4 146->148 149 9ad6c5-9ad6d7 call 9ac8a1 147->149 148->149 149->129 152 9ad6d9-9ad6e0 call 9ab43d 149->152 152->106
                                                            APIs
                                                            • __alloca_probe_16.LIBCMT ref: 009AD5AA
                                                            • __alloca_probe_16.LIBCMT ref: 009AD673
                                                            • __freea.LIBCMT ref: 009AD6DA
                                                              • Part of subcall function 009AB3B5: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,009A3C34,?,?,009A2442,00001000,?,009A23AA), ref: 009AB3E7
                                                            • __freea.LIBCMT ref: 009AD6ED
                                                            • __freea.LIBCMT ref: 009AD6FA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1423051803-0
                                                            • Opcode ID: be25caeff3c76fd51f2c8156eeb3c609f1068380a2843cfded3a49d8a625dc4b
                                                            • Instruction ID: 274e42a4a04f457c7af23c7a05c44a0231417b70685d8ef8d5a8b197426a4369
                                                            • Opcode Fuzzy Hash: be25caeff3c76fd51f2c8156eeb3c609f1068380a2843cfded3a49d8a625dc4b
                                                            • Instruction Fuzzy Hash: 0951C372602246AFEF205F64CC81EBB37ADEF8A714B190529FD0AD6551EB75CC10C6E0
                                                            Function 009A17E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ConsoleFreeProtectVirtual
                                                            • String ID: @
                                                            • API String ID: 621788221-2766056989
                                                            • Opcode ID: 3366da4662ad41591c863ead7e174367602c92419c7a2b47eb059d441977b7ea
                                                            • Instruction ID: 201863e6c95d973326811e8a48b58f6d2c527140b21287903a36903d71b8e2f5
                                                            • Opcode Fuzzy Hash: 3366da4662ad41591c863ead7e174367602c92419c7a2b47eb059d441977b7ea
                                                            • Instruction Fuzzy Hash: AF31B1B0904308DFDB04EFA9D59969EBBF0FF49318F118529E448AB350D7749944CF95
                                                            Function 009A67F4 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 171 9a67f4-9a67ff 172 9a6801-9a6814 call 9aaec7 call 9a786b 171->172 173 9a6815-9a6828 call 9a6885 171->173 179 9a682a-9a6847 CreateThread 173->179 180 9a6856 173->180 182 9a6849-9a6855 GetLastError call 9aaeed 179->182 183 9a6865-9a686a 179->183 184 9a6858-9a6864 call 9a68d5 180->184 182->180 186 9a686c-9a686f 183->186 187 9a6871-9a6875 183->187 186->187 187->184
                                                            APIs
                                                            • CreateThread.KERNELBASE(009A34C0,?,Function_0000690C,00000000,?,009A34C0), ref: 009A683D
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,009A3379), ref: 009A6849
                                                            • __dosmaperr.LIBCMT ref: 009A6850
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CreateErrorLastThread__dosmaperr
                                                            • String ID:
                                                            • API String ID: 2744730728-0
                                                            • Opcode ID: 2d876ae943e00324297c0163106d2222dca7846d94199fd4963fd919224f0f30
                                                            • Instruction ID: 1e3001c5fff246c77931e4d7c7ffb2b6172fd9569bcf3ff62370483b29dcf73c
                                                            • Opcode Fuzzy Hash: 2d876ae943e00324297c0163106d2222dca7846d94199fd4963fd919224f0f30
                                                            • Instruction Fuzzy Hash: F2019E72904219EBDF15AFA4CC06AAF7B7DEF82364F144118F90192150DB78C950DBD1
                                                            Function 009AA0BA Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 191 9aa0ba-9aa0e2 call 9aa2bf 194 9aa0e8-9aa0ee 191->194 195 9aa2a7-9aa2a8 call 9aa330 191->195 197 9aa0f1-9aa0f7 194->197 198 9aa2ad-9aa2af 195->198 199 9aa0fd-9aa109 197->199 200 9aa1f3-9aa212 call 9a6360 197->200 201 9aa2b0-9aa2be call 9a3c8e 198->201 199->197 202 9aa10b-9aa111 199->202 208 9aa215-9aa21a 200->208 205 9aa1eb-9aa1ee 202->205 206 9aa117-9aa123 IsValidCodePage 202->206 205->201 206->205 210 9aa129-9aa130 206->210 211 9aa21c-9aa221 208->211 212 9aa257-9aa261 208->212 213 9aa152-9aa15f GetCPInfo 210->213 214 9aa132-9aa13e 210->214 215 9aa223-9aa22b 211->215 216 9aa254 211->216 212->208 217 9aa263-9aa28d call 9aa60b 212->217 219 9aa1df-9aa1e5 213->219 220 9aa161-9aa180 call 9a6360 213->220 218 9aa142-9aa14d 214->218 221 9aa24c-9aa252 215->221 222 9aa22d-9aa230 215->222 216->212 232 9aa28e-9aa29d 217->232 224 9aa29f-9aa2a0 call 9aa649 218->224 219->195 219->205 220->218 230 9aa182-9aa189 220->230 221->211 221->216 226 9aa232-9aa238 222->226 233 9aa2a5 224->233 226->221 231 9aa23a-9aa24a 226->231 234 9aa18b-9aa190 230->234 235 9aa1b5-9aa1b8 230->235 231->221 231->226 232->224 232->232 233->198 234->235 236 9aa192-9aa19a 234->236 237 9aa1bd-9aa1c4 235->237 238 9aa19c-9aa1a3 236->238 239 9aa1ad-9aa1b3 236->239 237->237 240 9aa1c6-9aa1da call 9aa60b 237->240 241 9aa1a4-9aa1ab 238->241 239->234 239->235 240->218 241->239 241->241
                                                            APIs
                                                              • Part of subcall function 009AA2BF: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 009AA2EA
                                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,009AA4CA,?,00000000,?,00000000,?), ref: 009AA11B
                                                            • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,009AA4CA,?,00000000,?,00000000,?), ref: 009AA157
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CodeInfoPageValid
                                                            • String ID:
                                                            • API String ID: 546120528-0
                                                            • Opcode ID: 136ce0e1a261d644a6376a654c352102283f896b05ddf7125bcf35f93af321ec
                                                            • Instruction ID: e279b2d9e7e2d517ff6281f25a33d57180a20641fb3fa57d01f0db75f31883f1
                                                            • Opcode Fuzzy Hash: 136ce0e1a261d644a6376a654c352102283f896b05ddf7125bcf35f93af321ec
                                                            • Instruction Fuzzy Hash: 93515570A043459FDB21CF75C8857BABBF9EF82310F18846ED4A68B251E7759942CBC2
                                                            Function 009A3C1A Relevance: 3.1, APIs: 2, Instructions: 94COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 244 9a3c1a-9a3c1d 245 9a3c2c-9a3c2f call 9a7e10 244->245 247 9a3c34-9a3c37 245->247 248 9a3c39-9a3c3a 247->248 249 9a3c1f-9a3c2a call 9a6d13 247->249 249->245 252 9a3c3b-9a3c3f 249->252 253 9a449f-9a44cf call 9a2480 call 9a556e IsProcessorFeaturePresent 252->253 254 9a3c45-9a449e call 9a42a2 call 9a556e 252->254 265 9a44d1-9a44d4 253->265 266 9a44d6-9a45b6 call 9a45b7 253->266 254->253 265->266
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 009A44C7
                                                            • ___raise_securityfailure.LIBCMT ref: 009A45AF
                                                              • Part of subcall function 009A556E: RaiseException.KERNEL32(E06D7363,00000001,00000003,009A44BB,?,?,?,?,009A44BB,00001000,009B875C,00001000), ref: 009A55CF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
                                                            • String ID:
                                                            • API String ID: 3749517692-0
                                                            • Opcode ID: 18dfcbda479b07ca0accd96e8fdcd8443fb145868dbfc8ba1f6d90bc24b8a3ea
                                                            • Instruction ID: 029790744d08ded9a50211cebb7e375cbbf1f2c34e3e724f6ae11b0c04f385b2
                                                            • Opcode Fuzzy Hash: 18dfcbda479b07ca0accd96e8fdcd8443fb145868dbfc8ba1f6d90bc24b8a3ea
                                                            • Instruction Fuzzy Hash: 68315D74528208AFD704DF59FE567497BA8FB59320F108629F9249A2F1EBF09940EB84
                                                            Function 009A9EAC Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 269 9a9eac-9a9eb1 270 9a9eb3-9a9ecb 269->270 271 9a9ed9-9a9ee2 270->271 272 9a9ecd-9a9ed1 270->272 273 9a9ef4 271->273 274 9a9ee4-9a9ee7 271->274 272->271 275 9a9ed3-9a9ed7 272->275 279 9a9ef6-9a9f03 GetStdHandle 273->279 277 9a9ee9-9a9eee 274->277 278 9a9ef0-9a9ef2 274->278 276 9a9f4e-9a9f52 275->276 276->270 282 9a9f58-9a9f5b 276->282 277->279 278->279 280 9a9f30-9a9f42 279->280 281 9a9f05-9a9f07 279->281 280->276 284 9a9f44-9a9f47 280->284 281->280 283 9a9f09-9a9f12 GetFileType 281->283 283->280 285 9a9f14-9a9f1d 283->285 284->276 286 9a9f1f-9a9f23 285->286 287 9a9f25-9a9f28 285->287 286->276 287->276 288 9a9f2a-9a9f2e 287->288 288->276
                                                            APIs
                                                            • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,009A9D9B,009B90B8,0000000C), ref: 009A9EF8
                                                            • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,009A9D9B,009B90B8,0000000C), ref: 009A9F0A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FileHandleType
                                                            • String ID:
                                                            • API String ID: 3000768030-0
                                                            • Opcode ID: 130e339aa17b110fcbfaa4fb18dc644e1ce68b13666d047f75db63b5c36ec788
                                                            • Instruction ID: 514ecc4adb0175f6cf523d1595d3aaaf817d7344959aecffa6ea40a9ea983d29
                                                            • Opcode Fuzzy Hash: 130e339aa17b110fcbfaa4fb18dc644e1ce68b13666d047f75db63b5c36ec788
                                                            • Instruction Fuzzy Hash: D311B1315187414AC7308E3E8C88623BA98BB97370B380B5EE1B6C65F6C734DD86D6C4
                                                            Function 009A690C Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetLastError.KERNEL32(009B8D78,0000000C), ref: 009A691F
                                                            • ExitThread.KERNEL32 ref: 009A6926
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorExitLastThread
                                                            • String ID:
                                                            • API String ID: 1611280651-0
                                                            • Opcode ID: 6aa2b3cdd0a07e620e0a662088f0a209ae3cb9f5773785d50f4f19aa7038996b
                                                            • Instruction ID: 35c90710430566f93836189e11a4738c5a6978eefeb8fb0906e57fd9fec00b01
                                                            • Opcode Fuzzy Hash: 6aa2b3cdd0a07e620e0a662088f0a209ae3cb9f5773785d50f4f19aa7038996b
                                                            • Instruction Fuzzy Hash: 98F0AF74A582049FDB01AFB0C94AB6E7B78FFC6320F104649F40297292CB349900DBE0
                                                            Function 009A9357 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 309 9a9357-9a9366 call 9a9652 312 9a9368-9a938d LCMapStringEx 309->312 313 9a938f-9a93a9 call 9a93b4 LCMapStringW 309->313 317 9a93af-9a93b1 312->317 313->317
                                                            APIs
                                                            • LCMapStringEx.KERNELBASE(?,009AD615,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 009A938B
                                                            • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,009AD615,?,?,-00000008,?,00000000), ref: 009A93A9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: String
                                                            • String ID:
                                                            • API String ID: 2568140703-0
                                                            • Opcode ID: e602d6bc9e3aa85e01c3edd9eff7d13649df84d75396ef68a098878b742d2206
                                                            • Instruction ID: 4cad842d209cc93480a0fbf28ad87a823eb3fd9d37596372d2fb433db5198c4a
                                                            • Opcode Fuzzy Hash: e602d6bc9e3aa85e01c3edd9eff7d13649df84d75396ef68a098878b742d2206
                                                            • Instruction Fuzzy Hash: 9AF0283240511ABBCF126F90DD09ADE7E66BF897A0B058510FA1965160CA36C971AB90
                                                            Function 009AA83B Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 318 9aa83b-9aa844 319 9aa873-9aa874 318->319 320 9aa846-9aa859 RtlFreeHeap 318->320 320->319 321 9aa85b-9aa872 GetLastError call 9aaf10 call 9aaec7 320->321 321->319
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,009AB3A9,?,00000000,?,?,009AB2C5,?,00000007,?,?,009AB8DE,?,?), ref: 009AA851
                                                            • GetLastError.KERNEL32(?,?,009AB3A9,?,00000000,?,?,009AB2C5,?,00000007,?,?,009AB8DE,?,?), ref: 009AA85C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 485612231-0
                                                            • Opcode ID: 8eb9401049f7ab4e3c22a75b1d2a003b71f2246fe8d72125b3e412f7e09e552b
                                                            • Instruction ID: 73eb7f728ab23abde04a720a7dbf142874140e3fecec19758da5b6b5d04242bc
                                                            • Opcode Fuzzy Hash: 8eb9401049f7ab4e3c22a75b1d2a003b71f2246fe8d72125b3e412f7e09e552b
                                                            • Instruction Fuzzy Hash: 05E08C32108204ABCB112FE4ED09B9A3A6CEB853A5F100021F608A6060CB78C950D7CA
                                                            Function 009AA649 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 326 9aa649-9aa66b 327 9aa77d-9aa7a3 326->327 328 9aa671-9aa683 GetCPInfo 326->328 329 9aa7a8-9aa7ad 327->329 328->327 330 9aa689-9aa690 328->330 331 9aa7af-9aa7b5 329->331 332 9aa7b7-9aa7bd 329->332 333 9aa692-9aa69c 330->333 334 9aa7c5-9aa7c7 331->334 335 9aa7c9 332->335 336 9aa7bf-9aa7c2 332->336 333->333 337 9aa69e-9aa6b1 333->337 338 9aa7cb-9aa7dd 334->338 335->338 336->334 339 9aa6d2-9aa6d4 337->339 338->329 342 9aa7df-9aa7ed call 9a3c8e 338->342 340 9aa6b3-9aa6ba 339->340 341 9aa6d6-9aa70d call 9ab45d call 9ad4dc 339->341 345 9aa6c9-9aa6cb 340->345 352 9aa712-9aa740 call 9ad4dc 341->352 346 9aa6bc-9aa6be 345->346 347 9aa6cd-9aa6d0 345->347 346->347 350 9aa6c0-9aa6c8 346->350 347->339 350->345 355 9aa742-9aa74d 352->355 356 9aa75b-9aa75e 355->356 357 9aa74f-9aa759 355->357 359 9aa76c 356->359 360 9aa760-9aa76a 356->360 358 9aa76e-9aa779 357->358 358->355 361 9aa77b 358->361 359->358 360->358 361->342
                                                            APIs
                                                            • GetCPInfo.KERNEL32(00000083,?,00000005,009AA4CA,?), ref: 009AA67B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: Info
                                                            • String ID:
                                                            • API String ID: 1807457897-0
                                                            • Opcode ID: 93f617ad8351819b41dd0c329ba238b0563d6bd2c794dbeb3ddd1f897e008b0e
                                                            • Instruction ID: 7fa1ce8094873295afdbbbd327a72ef4cf61cf3914719680bd6d5486ca0f5f1f
                                                            • Opcode Fuzzy Hash: 93f617ad8351819b41dd0c329ba238b0563d6bd2c794dbeb3ddd1f897e008b0e
                                                            • Instruction Fuzzy Hash: 565139B1908158AFDB118F28CD84BEABBBCEB57300F1405E9E499C7182D3359E45DFA1
                                                            Function 009A32D0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 362 9a32d0-9a3374 call 9a3400 call 9a35a0 call 9a67f4 369 9a3379-9a338d 362->369 371 9a3393-9a339b call 9a35c0 369->371 372 9a33a0-9a33b8 call 9a3e7f 369->372 377 9a33bd-9a33d5 call 9a3610 371->377 372->377
                                                            APIs
                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 009A33B3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: Cpp_errorThrow_std::_
                                                            • String ID:
                                                            • API String ID: 2134207285-0
                                                            • Opcode ID: 842316b09da73e2cb9295805de4fc644ef262b1b8d3d846644279b23c2e55411
                                                            • Instruction ID: c1424dccda464e555cc5cdc51eea3138218b7d8e5e8d092bae5e2555550030ed
                                                            • Opcode Fuzzy Hash: 842316b09da73e2cb9295805de4fc644ef262b1b8d3d846644279b23c2e55411
                                                            • Instruction Fuzzy Hash: B731B2B59112089FCB04DFA8C545B9EFBF0FB4A314F10C56AE819AB351D7759A04CFA1
                                                            Function 009A9599 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 380 9a9599-9a95c3 381 9a95c9-9a95cb 380->381 382 9a95c5-9a95c7 380->382 384 9a95cd-9a95cf 381->384 385 9a95d1-9a95d8 call 9a94ce 381->385 383 9a961a-9a961d 382->383 384->383 387 9a95dd-9a95e1 385->387 388 9a95e3-9a95f1 GetProcAddress 387->388 389 9a9600-9a9617 387->389 388->389 390 9a95f3-9a95fe call 9a65f7 388->390 391 9a9619 389->391 390->391 391->383
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0ba143aa04d08f6e868f59c081e54b62f987e86bce2c2834706461eecc24d0ab
                                                            • Instruction ID: 426d6600f848bf76fa7e9d075905370aaf824e59c381b8834be471e2396473c4
                                                            • Opcode Fuzzy Hash: 0ba143aa04d08f6e868f59c081e54b62f987e86bce2c2834706461eecc24d0ab
                                                            • Instruction Fuzzy Hash: E1012833A28214AF8B128F68ED91A1A33A9FBC67303394224F901C7098DF30D800D7C5
                                                            Function 009AB3B5 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,009A3C34,?,?,009A2442,00001000,?,009A23AA), ref: 009AB3E7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 8a8e7ff4748bbb642bd1f9c3b7f57c4f071f98e388cfc032c974a3f9bb7f07c0
                                                            • Instruction ID: b5f5f83da4b7381b7ba5a5dee8f068ff108fe3a4f37b81e7517247fa00add110
                                                            • Opcode Fuzzy Hash: 8a8e7ff4748bbb642bd1f9c3b7f57c4f071f98e388cfc032c974a3f9bb7f07c0
                                                            • Instruction Fuzzy Hash: 14E06D3120A625A7DF213B769D02BAB7A4CEF833B0F150560AE459A1D2DFA8CC0082E1
                                                            Function 009A17A0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID:
                                                            • API String ID: 621844428-0
                                                            • Opcode ID: 45137b88dff520a9ab5897397a588b9e65709846456d2a510d0fd0e4a8219326
                                                            • Instruction ID: 73edb055628724b9f792a8733d133aac82557b9b173b3e54fb99d7646543a1ed
                                                            • Opcode Fuzzy Hash: 45137b88dff520a9ab5897397a588b9e65709846456d2a510d0fd0e4a8219326
                                                            • Instruction Fuzzy Hash: A2E0C230A18208ABD300EF79CC0479A7BE4EF4A320F418038E988CB344DA34E8408796

                                                            Non-executed Functions

                                                            Function 009ABF4B Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009AC03B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FileFindFirst
                                                            • String ID:
                                                            • API String ID: 1974802433-0
                                                            • Opcode ID: 4c9102af5bfc20c85b56e6cca22f084281f4f2287bc2bf131e62df7cd2a5d273
                                                            • Instruction ID: 361cf21a114be61aae24ad28b791fd7dfc5b1c57f930a5884e0693c4a4243192
                                                            • Opcode Fuzzy Hash: 4c9102af5bfc20c85b56e6cca22f084281f4f2287bc2bf131e62df7cd2a5d273
                                                            • Instruction Fuzzy Hash: E571D8B19091689FDF20AF28CC8DABEB7B9EF46304F1441D9E40DA7252DB354E859F90
                                                            Function 009A5027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009A5033
                                                            • IsDebuggerPresent.KERNEL32 ref: 009A50FF
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009A5118
                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 009A5122
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                            • String ID:
                                                            • API String ID: 254469556-0
                                                            • Opcode ID: 07a1f03c9ba84d87ace61368335bc5fe2bc0c396918eded940e1d64fc633ea95
                                                            • Instruction ID: 322b30c106090feb4ba349b24dafb1523542fb2f956019d2a8b9c0bc2d5c8015
                                                            • Opcode Fuzzy Hash: 07a1f03c9ba84d87ace61368335bc5fe2bc0c396918eded940e1d64fc633ea95
                                                            • Instruction Fuzzy Hash: 38312975D05218DBDF20EFA4D9497CDBBB8BF08300F1041AAE40CAB250EB709A84CF85
                                                            Function 009A78CC Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 009A79C4
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 009A79CE
                                                            • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 009A79DB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                            • String ID:
                                                            • API String ID: 3906539128-0
                                                            • Opcode ID: bd38d527c8e62e891740035053cd47ce91f4d3930fda4331cfa7d1552e3c378e
                                                            • Instruction ID: 2fa09dd8cd3c8485fb0552213996473a70a752ef7644b4b98d5fb15250a345d5
                                                            • Opcode Fuzzy Hash: bd38d527c8e62e891740035053cd47ce91f4d3930fda4331cfa7d1552e3c378e
                                                            • Instruction Fuzzy Hash: 9931D3749012199BCB61DF64DD89B8DBBB8BF48310F5042EAE41CA6250EB709B858F45
                                                            Function 009A48D3 Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetSystemTimePreciseAsFileTime.KERNEL32(?,009A4844,?,?,?,?,009A4868,000000FF,?,?,?,009A4780,00000000), ref: 009A490B
                                                            • GetSystemTimeAsFileTime.KERNEL32(?,E99BA2FA,?,?,009B1B3D,000000FF,?,009A4844,?,?,?,?,009A4868,000000FF,?), ref: 009A490F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: Time$FileSystem$Precise
                                                            • String ID:
                                                            • API String ID: 743729956-0
                                                            • Opcode ID: cef6daea4f57ec4a42ea7d921f674ee55bb3c774785b98b0e37271350c15076d
                                                            • Instruction ID: 1e965eebcc0eda7302fcb39feb3e4f57a7ccdded04f9d3608a0d95c3924dcd40
                                                            • Opcode Fuzzy Hash: cef6daea4f57ec4a42ea7d921f674ee55bb3c774785b98b0e37271350c15076d
                                                            • Instruction Fuzzy Hash: 26F0A07291C558EFCB019F44DD40B9AB7A8FB89F30F00472AE81293290DBB469009A80
                                                            Function 009B1542 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009B149D,?,?,00000008,?,?,009B106F,00000000), ref: 009B176F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ExceptionRaise
                                                            • String ID:
                                                            • API String ID: 3997070919-0
                                                            • Opcode ID: 7fa87736b37089d49c70f2615b57555682a49e7427471b5295ae04bc722592fc
                                                            • Instruction ID: c35a8b3a686a25476e146a2f068a68e81de44d8d759d22bbceaeec47b51a572d
                                                            • Opcode Fuzzy Hash: 7fa87736b37089d49c70f2615b57555682a49e7427471b5295ae04bc722592fc
                                                            • Instruction Fuzzy Hash: A5B17E31610608DFD719CF28C59ABA47BE0FF45364F69865CE89ACF2A1C735D992CB40
                                                            Function 009A5235 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 009A524B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FeaturePresentProcessor
                                                            • String ID:
                                                            • API String ID: 2325560087-0
                                                            • Opcode ID: c781cc53eab90a83bd73c58f60cbec986851fd2133e2ce4b508c2a9835cdc374
                                                            • Instruction ID: df1cf6e6ba1017b9755f8f59eed6cc1daf664062aac89684631d62d322885c3f
                                                            • Opcode Fuzzy Hash: c781cc53eab90a83bd73c58f60cbec986851fd2133e2ce4b508c2a9835cdc374
                                                            • Instruction Fuzzy Hash: E1A1B1B1E25604CFDB19CF59EA89299BBF5FB49330F19822AD419E73A0D3749840CF91
                                                            Function 009ABE9A Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 009AAF77: HeapAlloc.KERNEL32(00000008,?,?,?,009A97D4,00000001,00000364,?,00000002,000000FF,?,009A6931,009B8D78,0000000C), ref: 009AAFB8
                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009AC03B
                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 009AC12F
                                                            • FindClose.KERNEL32(00000000), ref: 009AC16E
                                                            • FindClose.KERNEL32(00000000), ref: 009AC1A1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFile$AllocFirstHeapNext
                                                            • String ID:
                                                            • API String ID: 2701053895-0
                                                            • Opcode ID: e1ac476da1c96a9b1f2ce3497cf0db6c2f005c2d6169bc2e8e85568ce60cfd0d
                                                            • Instruction ID: 9a9bbd830bedca2ee9a3d7f61e716d1205a0e60780ea6e1785d20283409fd159
                                                            • Opcode Fuzzy Hash: e1ac476da1c96a9b1f2ce3497cf0db6c2f005c2d6169bc2e8e85568ce60cfd0d
                                                            • Instruction Fuzzy Hash: 52513975904118AFDF24AF289C85AFEB7ADDF87354F284199F41997202EB308D429FE0
                                                            Function 009A501B Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_0000513C,009A4ACD), ref: 009A5020
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled
                                                            • String ID:
                                                            • API String ID: 3192549508-0
                                                            • Opcode ID: ddda61707dc807ae78a08d0cac42aa7c806b9a24a5f75ba729d6dffbbe3af3ec
                                                            • Instruction ID: cddc9908a9bf00e25f628a35dd8185046de524e1ab33abd478eb7ead5c4e8579
                                                            • Opcode Fuzzy Hash: ddda61707dc807ae78a08d0cac42aa7c806b9a24a5f75ba729d6dffbbe3af3ec
                                                            • Instruction Fuzzy Hash:
                                                            Function 009A9726 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: HeapProcess
                                                            • String ID:
                                                            • API String ID: 54951025-0
                                                            • Opcode ID: 59d98c05383cdda0de75be7570194aa4639b16de44d16586c17b254b83542b06
                                                            • Instruction ID: d33ca6a5e0bfe99cadc899763ecf8e49da88ffc2dd4a63d63bab38074a5619da
                                                            • Opcode Fuzzy Hash: 59d98c05383cdda0de75be7570194aa4639b16de44d16586c17b254b83542b06
                                                            • Instruction Fuzzy Hash: 62A0113022A2008B83008F30AF0822A3BA8AA882E03080228A008C02A0EB388088BA00
                                                            Function 009A1000 Relevance: .1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0de833190065c281e4c59c4b97fc940f557d3fffbfb6dbd4246990f0bf234e24
                                                            • Instruction ID: 61c23a42e0a4c70f97472f71b195e2905685b2013adfba454fd70ad84df8593e
                                                            • Opcode Fuzzy Hash: 0de833190065c281e4c59c4b97fc940f557d3fffbfb6dbd4246990f0bf234e24
                                                            • Instruction Fuzzy Hash: 9B519CB4D0421D9FCB40CFA8C591AEEBBF4EB49350F24845AE415FB310D734AA41CBA5
                                                            Function 009A1770 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ae8820505454afb2c4dbda9d98820f600b461d38d1dc6edc1ad5d484576f57d8
                                                            • Instruction ID: f64957d39cd97ebaa91e780d50ee7ad9df96e537e2e63e727d1d93187ac7130a
                                                            • Opcode Fuzzy Hash: ae8820505454afb2c4dbda9d98820f600b461d38d1dc6edc1ad5d484576f57d8
                                                            • Instruction Fuzzy Hash: 9DD0927A655A58EFC610DF49E440D41F7B8FB8DA70B168166EA0893B20C331FC11CAE0
                                                            Function 009AF878 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCPInfo.KERNEL32(00E805D8,00E805D8,00000000,7FFFFFFF,?,009AF863,00E805D8,00E805D8,00000000,00E805D8,?,?,?,?,00E805D8,00000000), ref: 009AF91E
                                                            • __alloca_probe_16.LIBCMT ref: 009AF9D9
                                                            • __alloca_probe_16.LIBCMT ref: 009AFA68
                                                            • __freea.LIBCMT ref: 009AFAB3
                                                            • __freea.LIBCMT ref: 009AFAB9
                                                            • __freea.LIBCMT ref: 009AFAEF
                                                            • __freea.LIBCMT ref: 009AFAF5
                                                            • __freea.LIBCMT ref: 009AFB05
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: __freea$__alloca_probe_16$Info
                                                            • String ID:
                                                            • API String ID: 127012223-0
                                                            • Opcode ID: 8b247963671dc457030f398971ed3b4e6c9161701d92ba7c5fd4e74df975e9ba
                                                            • Instruction ID: 30098e30e494c8bad2174f3113632eeb4d6fe41f97203ac291abca1d767197d7
                                                            • Opcode Fuzzy Hash: 8b247963671dc457030f398971ed3b4e6c9161701d92ba7c5fd4e74df975e9ba
                                                            • Instruction Fuzzy Hash: B871A372A002066BDF209BD4CC71BEF77BD9F8B314F294465E959A7282E7359C0087E0
                                                            Function 009A5C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 009A5CB7
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 009A5CBF
                                                            • _ValidateLocalCookies.LIBCMT ref: 009A5D48
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 009A5D73
                                                            • _ValidateLocalCookies.LIBCMT ref: 009A5DC8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                            • String ID: csm
                                                            • API String ID: 1170836740-1018135373
                                                            • Opcode ID: 84de25382fdff9bc768f5ef44ec691e27ee6db108f70e7680c5203d6dcd08c45
                                                            • Instruction ID: 461fd20b615458a13ebcc93630798c4ef1ff6a66eb2ccec7fcca31495f361113
                                                            • Opcode Fuzzy Hash: 84de25382fdff9bc768f5ef44ec691e27ee6db108f70e7680c5203d6dcd08c45
                                                            • Instruction Fuzzy Hash: 7441B334A00619EBCF10DF68C888A9EBBB5FF86324F158155E8149B392D731AE41CBD1
                                                            Function 009A489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 009A48A5
                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 009A48B3
                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 009A48C4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$HandleModule
                                                            • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                            • API String ID: 667068680-1047828073
                                                            • Opcode ID: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                            • Instruction ID: b34c87e8097b9f3c3ee6df09a95954731a0815f6fec601da13503c03224605d2
                                                            • Opcode Fuzzy Hash: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                            • Instruction Fuzzy Hash: 80D09E316AA620AF8350AF747F0D8DB7EA9EB496B53064216F511E2261DBB44504DB90
                                                            Function 009A7F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,009A7F40,009A5A6B,009A5180), ref: 009A7F57
                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009A7F65
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009A7F7E
                                                            • SetLastError.KERNEL32(00000000,009A7F40,009A5A6B,009A5180), ref: 009A7FD0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastValue___vcrt_
                                                            • String ID:
                                                            • API String ID: 3852720340-0
                                                            • Opcode ID: 3928c1046ab0db9c52f6bc9df5bd9df68d59ddccb5fa94073e3d2cb5f72471e7
                                                            • Instruction ID: 0347aee122adfd4ccf86276ea0daabdae4a8c1a56758d8923d5243ba4a158e74
                                                            • Opcode Fuzzy Hash: 3928c1046ab0db9c52f6bc9df5bd9df68d59ddccb5fa94073e3d2cb5f72471e7
                                                            • Instruction Fuzzy Hash: D701F77251D2127EE61527F4ADCBA67BBACDB877B47200339F410450F0EF114C02A1D0
                                                            Function 009A87D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • type_info::operator==.LIBVCRUNTIME ref: 009A88F8
                                                            • CallUnexpected.LIBVCRUNTIME ref: 009A8B71
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CallUnexpectedtype_info::operator==
                                                            • String ID: csm$csm$csm
                                                            • API String ID: 2673424686-393685449
                                                            • Opcode ID: 4a72702d4310071c175c1b7991267e06501531079fc49fc026ef44c3859a9272
                                                            • Instruction ID: 40b251a1df3fc350a080cf0c510fc48fb691ece20f5d9b8013d5b25cd9ef1f62
                                                            • Opcode Fuzzy Hash: 4a72702d4310071c175c1b7991267e06501531079fc49fc026ef44c3859a9272
                                                            • Instruction Fuzzy Hash: F4B16B71800209EFCF18DFA4C881AAFBBB9FF86310F55455AE8116B212DB35DA51CBE1
                                                            Function 009AC2C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • C:\Users\user\Desktop\file.exe, xrefs: 009AC2E0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                            • API String ID: 0-3695852857
                                                            • Opcode ID: 0a05f609badd52dc5240a1e9a41d75fea421e49b3c09078c830089d5689ddea5
                                                            • Instruction ID: 05507d55ab378ad77012b7e0a0c70fbd9d7593f76e689c04475c192514aa4026
                                                            • Opcode Fuzzy Hash: 0a05f609badd52dc5240a1e9a41d75fea421e49b3c09078c830089d5689ddea5
                                                            • Instruction Fuzzy Hash: 8C216DB1604205AFDF20AFB5C881A6B77ADAF463687108A15F929EB151DB35EC40CBE1
                                                            Function 009A6A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E99BA2FA,?,?,00000000,009B1B77,000000FF,?,009A6B21,00000002,?,009A6BBD,009A7DE9), ref: 009A6A95
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009A6AA7
                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,009B1B77,000000FF,?,009A6B21,00000002,?,009A6BBD,009A7DE9), ref: 009A6AC9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                            • Instruction ID: c90c5b911599311d384dfbf4fb694a9f234e078919072ae645309173d3991b86
                                                            • Opcode Fuzzy Hash: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                            • Instruction Fuzzy Hash: B3018431958519EBCB119F80CD05FBEB7BCFB48B64F084625A811A2290DB749804CA84
                                                            Function 009A46F6 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentThreadId.KERNEL32 ref: 009A470A
                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4729
                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4757
                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47B2
                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47C9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                            • String ID:
                                                            • API String ID: 66001078-0
                                                            • Opcode ID: 621655cd93056934d67174f84aa8f6b1c5cf74be6eac924badd68353f50ab94e
                                                            • Instruction ID: 3ca6a88fedcde88c12fcad319cb7f3d8516d2de825da09f77564b99f192a8789
                                                            • Opcode Fuzzy Hash: 621655cd93056934d67174f84aa8f6b1c5cf74be6eac924badd68353f50ab94e
                                                            • Instruction Fuzzy Hash: 51414A30910686DFCB20DF69D984AAAB3F9FF87310B504A2AD45697A40D7B4F944CFD1
                                                            Function 009AD200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748), ref: 009AD20D
                                                            • GetLastError.KERNEL32(?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748,00000000,?,009A8E2C), ref: 009AD217
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 009AD23F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID: api-ms-
                                                            • API String ID: 3177248105-2084034818
                                                            • Opcode ID: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                            • Instruction ID: d79eb59beefabec8c9a5e5fc1b309fdebffbf904ceb2f1ce7c05f0f86d008f97
                                                            • Opcode Fuzzy Hash: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                            • Instruction Fuzzy Hash: 75E0D870298204B7DF112F50DC06FA93F6C9B85BA0F140020FD0DE44E1DB71E995D5C0
                                                            Function 009ADCA8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetConsoleOutputCP.KERNEL32(E99BA2FA,00000000,00000000,?), ref: 009ADD0B
                                                              • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 009ADF5D
                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009ADFA3
                                                            • GetLastError.KERNEL32 ref: 009AE046
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                            • String ID:
                                                            • API String ID: 2112829910-0
                                                            • Opcode ID: 71f5ac62476ce1d6fb3d90b754c54030c2f9b189a90062fcebf77ea2fda14e7d
                                                            • Instruction ID: ab360b0bec38862491303f8b94eb5905db546f83b05f4926d5eec648f4170ce5
                                                            • Opcode Fuzzy Hash: 71f5ac62476ce1d6fb3d90b754c54030c2f9b189a90062fcebf77ea2fda14e7d
                                                            • Instruction Fuzzy Hash: 20D1AF75D042589FCF14CFA8C9809EDBBB9FF4A314F28452AE416EB751D730A942CB90
                                                            Function 009A8500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AdjustPointer
                                                            • String ID:
                                                            • API String ID: 1740715915-0
                                                            • Opcode ID: 9f4434b05531692d1851ead5088034e89c00f9ec6c880990a3e6f45d73c0a6e9
                                                            • Instruction ID: 64eb0d958b18bc1c6ef1e9a5ab8750c24b95537435cdfc67330fac35c1d6284f
                                                            • Opcode Fuzzy Hash: 9f4434b05531692d1851ead5088034e89c00f9ec6c880990a3e6f45d73c0a6e9
                                                            • Instruction Fuzzy Hash: AB51E272A05606AFEB298F54D941BBB77A8FF46310F15456DEC02972A1EB31EC50CBD0
                                                            Function 009ABD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,009AC0CE,?,?,?,00000000), ref: 009ABD8C
                                                            • __dosmaperr.LIBCMT ref: 009ABD93
                                                            • GetLastError.KERNEL32(00000000,009AC0CE,?,?,00000000,?,?,?,00000000,00000000,?,009AC0CE,?,?,?,00000000), ref: 009ABDCD
                                                            • __dosmaperr.LIBCMT ref: 009ABDD4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                            • String ID:
                                                            • API String ID: 1913693674-0
                                                            • Opcode ID: f05f385384b0de71ebd2d610496399c1b4d85874f241a30bfc415241a960314e
                                                            • Instruction ID: eccb56bab440cbaf77b51c30396320524af657333288217487c52a5cea59894d
                                                            • Opcode Fuzzy Hash: f05f385384b0de71ebd2d610496399c1b4d85874f241a30bfc415241a960314e
                                                            • Instruction Fuzzy Hash: AF21A4B1600206BFDB20AF66C881E6BB7ADFF463687118919F81997192D734EC40DBD1
                                                            Function 009AC99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32 ref: 009AC9A5
                                                              • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9DD
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9FD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                            • String ID:
                                                            • API String ID: 158306478-0
                                                            • Opcode ID: af4c3897fe8b515ce2c431340ef3e668c8ac88aa3d17d6eda54dc436fcfdd1e6
                                                            • Instruction ID: 349e1d20f2aeed0942e84ce737000675205ba597ec21927584cdadd0c8e2ab8b
                                                            • Opcode Fuzzy Hash: af4c3897fe8b515ce2c431340ef3e668c8ac88aa3d17d6eda54dc436fcfdd1e6
                                                            • Instruction Fuzzy Hash: F31104F5915219BF6611A7B59C8DCBF695CDEDB3A43110124F401E9200EA28CD0291F1
                                                            Function 009A1E00 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E2D
                                                            • GetCurrentThreadId.KERNEL32 ref: 009A1E3B
                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E54
                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E93
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                            • String ID:
                                                            • API String ID: 2261580123-0
                                                            • Opcode ID: d712e8c894e125d99cee007e307dbcadc6ddf9f1cbb911202c22b7d4c8661dc4
                                                            • Instruction ID: e28c2aeaaf5c3a040c85ecc6c965378effdf32fa309211f74cfd85a1637c5f8b
                                                            • Opcode Fuzzy Hash: d712e8c894e125d99cee007e307dbcadc6ddf9f1cbb911202c22b7d4c8661dc4
                                                            • Instruction Fuzzy Hash: 3121E4B0E042098FCB04EFA8C5857AEBBF5EF89300F11845DE849AB351D7389A41CF91
                                                            Function 009AFD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000), ref: 009AFD17
                                                            • GetLastError.KERNEL32(?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?,?,009AD9E0,00000000), ref: 009AFD23
                                                              • Part of subcall function 009AFD74: CloseHandle.KERNEL32(FFFFFFFE,009AFD33,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?), ref: 009AFD84
                                                            • ___initconout.LIBCMT ref: 009AFD33
                                                              • Part of subcall function 009AFD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009AFCF1,009AF48E,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD68
                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD48
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                            • String ID:
                                                            • API String ID: 2744216297-0
                                                            • Opcode ID: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                            • Instruction ID: d5653beaa3dc4be1b3262693e083b589b4e8550667f4f386525d479a7ba7cda1
                                                            • Opcode Fuzzy Hash: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                            • Instruction Fuzzy Hash: C0F01C36414116BBCF232FD1DD08A8A3F6AFB493B1B004220FA0985570DB32C860EBD1
                                                            Function 009A4F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 009A4F13
                                                            • GetCurrentThreadId.KERNEL32 ref: 009A4F22
                                                            • GetCurrentProcessId.KERNEL32 ref: 009A4F2B
                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 009A4F38
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                            • String ID:
                                                            • API String ID: 2933794660-0
                                                            • Opcode ID: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                            • Instruction ID: 249e697ac7c80175cdc73755d8fdc4735cdd91e78fe27fa41fa217d7d6f19e67
                                                            • Opcode Fuzzy Hash: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                            • Instruction Fuzzy Hash: 9CF06774D1420DEBCB00EBB4DA49ADFB7F8FF1D254B514A95A412E7110EB30A748EB51
                                                            Function 009A8BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,009A8AFE,?,?,00000000,00000000,00000000,?), ref: 009A8C22
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID: MOC$RCC
                                                            • API String ID: 2118026453-2084237596
                                                            • Opcode ID: 506913a0be1e3cf64139a302bef5eee10b0f706d4473a170e38788dee1134567
                                                            • Instruction ID: 390a7c09216b659692ea9dda0a0bb16a51e3ea6b253e92099ff5ed3820b8f932
                                                            • Opcode Fuzzy Hash: 506913a0be1e3cf64139a302bef5eee10b0f706d4473a170e38788dee1134567
                                                            • Instruction Fuzzy Hash: 8A41AB71900209AFCF15CF94CD81AEEBBBAFF49310F144168F90467291D7359A50CFA0
                                                            Function 009A8469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 009A86E0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2139254104.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000000.00000002.2139240281.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139272702.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139287630.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139300161.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139312633.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2139326320.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ___except_validate_context_record
                                                            • String ID: csm$csm
                                                            • API String ID: 3493665558-3733052814
                                                            • Opcode ID: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                            • Instruction ID: e5eb7fef57c388b1591a1162c3e1c9b1a461c8bec64cc51ab6a3ef1869e36f37
                                                            • Opcode Fuzzy Hash: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                            • Instruction Fuzzy Hash: 7831C436400219DFCF268F50CC449ABBBAAFF4A365B38455AF85449221DB36CCA1DFD1

                                                            Execution Graph

                                                            Execution Coverage:9.9%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:1.6%
                                                            Total number of Nodes:1713
                                                            Total number of Limit Nodes:87
                                                            execution_graph 56784 49c50a 56785 49c517 56784->56785 56789 49c52f 56784->56789 56841 4950d4 14 API calls __Strcoll 56785->56841 56787 49c51c 56842 497d29 39 API calls __fread_nolock 56787->56842 56790 49c58e 56789->56790 56798 49c527 56789->56798 56843 49e8bd 14 API calls 2 library calls 56789->56843 56804 498cea 56790->56804 56793 49c5a7 56811 49edf5 56793->56811 56796 498cea __fread_nolock 39 API calls 56797 49c5e0 56796->56797 56797->56798 56799 498cea __fread_nolock 39 API calls 56797->56799 56800 49c5ee 56799->56800 56800->56798 56801 498cea __fread_nolock 39 API calls 56800->56801 56802 49c5fc 56801->56802 56803 498cea __fread_nolock 39 API calls 56802->56803 56803->56798 56805 498d0b 56804->56805 56806 498cf6 56804->56806 56805->56793 56844 4950d4 14 API calls __Strcoll 56806->56844 56808 498cfb 56845 497d29 39 API calls __fread_nolock 56808->56845 56810 498d06 56810->56793 56812 49ee01 ___scrt_is_nonwritable_in_current_image 56811->56812 56813 49ee09 56812->56813 56818 49ee24 56812->56818 56912 4950c1 14 API calls __Strcoll 56813->56912 56815 49ee0e 56913 4950d4 14 API calls __Strcoll 56815->56913 56817 49ee3b 56914 4950c1 14 API calls __Strcoll 56817->56914 56818->56817 56819 49ee76 56818->56819 56822 49ee7f 56819->56822 56823 49ee94 56819->56823 56821 49c5af 56821->56796 56821->56798 56917 4950c1 14 API calls __Strcoll 56822->56917 56846 4a2e7b EnterCriticalSection 56823->56846 56824 49ee40 56915 4950d4 14 API calls __Strcoll 56824->56915 56828 49ee48 56916 497d29 39 API calls __fread_nolock 56828->56916 56829 49ee84 56918 4950d4 14 API calls __Strcoll 56829->56918 56830 49ee9a 56832 49eeb9 56830->56832 56833 49eece 56830->56833 56919 4950d4 14 API calls __Strcoll 56832->56919 56847 49ef0e 56833->56847 56837 49eebe 56920 4950c1 14 API calls __Strcoll 56837->56920 56838 49eec9 56921 49ef06 LeaveCriticalSection __wsopen_s 56838->56921 56841->56787 56842->56798 56843->56790 56844->56808 56845->56810 56846->56830 56848 49ef38 56847->56848 56849 49ef20 56847->56849 56850 49f27a 56848->56850 56854 49ef7b 56848->56854 56931 4950c1 14 API calls __Strcoll 56849->56931 56953 4950c1 14 API calls __Strcoll 56850->56953 56852 49ef25 56932 4950d4 14 API calls __Strcoll 56852->56932 56858 49ef86 56854->56858 56859 49ef2d 56854->56859 56865 49efb6 56854->56865 56856 49f27f 56954 4950d4 14 API calls __Strcoll 56856->56954 56933 4950c1 14 API calls __Strcoll 56858->56933 56859->56838 56860 49ef93 56955 497d29 39 API calls __fread_nolock 56860->56955 56862 49ef8b 56934 4950d4 14 API calls __Strcoll 56862->56934 56866 49efcf 56865->56866 56867 49f00a 56865->56867 56868 49efdc 56865->56868 56866->56868 56901 49eff8 56866->56901 56938 49d15a 15 API calls 3 library calls 56867->56938 56935 4950c1 14 API calls __Strcoll 56868->56935 56870 49efe1 56936 4950d4 14 API calls __Strcoll 56870->56936 56874 49f01b 56939 49c0bd 56874->56939 56875 49efe8 56937 497d29 39 API calls __fread_nolock 56875->56937 56876 49f156 56879 49f1ca 56876->56879 56882 49f16f GetConsoleMode 56876->56882 56881 49f1ce ReadFile 56879->56881 56885 49f242 GetLastError 56881->56885 56886 49f1e6 56881->56886 56882->56879 56887 49f180 56882->56887 56883 49c0bd __freea 14 API calls 56884 49f02b 56883->56884 56888 49f050 56884->56888 56889 49f035 56884->56889 56890 49f24f 56885->56890 56891 49f1a6 56885->56891 56886->56885 56892 49f1bf 56886->56892 56887->56881 56893 49f186 ReadConsoleW 56887->56893 56947 49f49f 41 API calls 2 library calls 56888->56947 56945 4950d4 14 API calls __Strcoll 56889->56945 56951 4950d4 14 API calls __Strcoll 56890->56951 56910 49eff3 __fread_nolock 56891->56910 56948 49507a 14 API calls 2 library calls 56891->56948 56905 49f20b 56892->56905 56906 49f222 56892->56906 56892->56910 56893->56892 56898 49f1a0 GetLastError 56893->56898 56894 49c0bd __freea 14 API calls 56894->56859 56898->56891 56899 49f03a 56946 4950c1 14 API calls __Strcoll 56899->56946 56900 49f254 56952 4950c1 14 API calls __Strcoll 56900->56952 56922 4a652f 56901->56922 56949 49ec20 44 API calls 4 library calls 56905->56949 56908 49f23b 56906->56908 56906->56910 56950 49ea66 42 API calls __fread_nolock 56908->56950 56910->56894 56911 49f240 56911->56910 56912->56815 56913->56821 56914->56824 56915->56828 56916->56821 56917->56829 56918->56828 56919->56837 56920->56838 56921->56821 56923 4a6549 56922->56923 56924 4a653c 56922->56924 56927 4a6555 56923->56927 56957 4950d4 14 API calls __Strcoll 56923->56957 56956 4950d4 14 API calls __Strcoll 56924->56956 56926 4a6541 56926->56876 56927->56876 56929 4a6576 56958 497d29 39 API calls __fread_nolock 56929->56958 56931->56852 56932->56859 56933->56862 56934->56860 56935->56870 56936->56875 56937->56910 56938->56874 56940 49c0c8 RtlFreeHeap 56939->56940 56941 49c0f2 56939->56941 56940->56941 56942 49c0dd GetLastError 56940->56942 56941->56883 56943 49c0ea __dosmaperr 56942->56943 56959 4950d4 14 API calls __Strcoll 56943->56959 56945->56899 56946->56910 56947->56901 56948->56910 56949->56910 56950->56911 56951->56900 56952->56910 56953->56856 56954->56860 56955->56859 56956->56926 56957->56929 56958->56926 56959->56941 56960 486f20 GetCurrentHwProfileW 56961 487050 56960->56961 56962 486f94 56960->56962 56988 4517f0 56961->56988 56972 47a340 56962->56972 56965 486ffb 56983 44d060 56965->56983 56968 486fa2 56968->56965 56982 49054d 43 API calls 56968->56982 56970 48704e 57003 4abbf5 56970->57003 56971 48709c 56973 47a3b5 56972->56973 56974 47a394 56972->56974 57010 43fda0 56973->57010 56975 4abbf5 _ValidateLocalCookies 5 API calls 56974->56975 56976 47a426 56975->56976 56976->56968 56978 47a3e9 57015 47a430 43 API calls _ValidateLocalCookies 56978->57015 56980 47a3fa 57016 44cfd0 56980->57016 56982->56968 56984 44d08d 56983->56984 56985 44d0a8 error_info_injector 56983->56985 56984->56985 57026 497d39 39 API calls 2 library calls 56984->57026 56985->56970 56989 4518bd 56988->56989 56992 451810 56988->56992 56990 4350b0 41 API calls 56989->56990 56993 4518c2 56990->56993 56991 451844 57027 4abc08 56991->57027 56992->56991 56995 451815 _Yarn 56992->56995 56998 451883 56992->56998 56999 45188c 56992->56999 57041 434f80 41 API calls 2 library calls 56993->57041 56995->56970 56997 451857 56997->56995 57042 497d39 39 API calls 2 library calls 56997->57042 56998->56991 56998->56993 57001 4abc08 std::_Facet_Register 41 API calls 56999->57001 57001->56995 57004 4abbfe IsProcessorFeaturePresent 57003->57004 57005 4abbfd 57003->57005 57007 4ac011 57004->57007 57005->56971 57067 4abfd4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 57007->57067 57009 4ac0f4 57009->56971 57011 43fe3f 57010->57011 57014 43fdbf _Yarn 57010->57014 57021 4350b0 57011->57021 57014->56978 57015->56980 57017 44cffd 57016->57017 57018 44d01e error_info_injector 57016->57018 57017->57018 57025 497d39 39 API calls 2 library calls 57017->57025 57018->56974 57024 4b9061 41 API calls 2 library calls 57021->57024 57029 4abc0d 57027->57029 57030 4abc27 57029->57030 57032 4abc29 57029->57032 57043 497e9c 57029->57043 57059 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 57029->57059 57030->56997 57033 434f80 Concurrency::cancel_current_task 57032->57033 57035 4abc33 Concurrency::cancel_current_task 57032->57035 57050 4afa0c RaiseException 57033->57050 57060 4afa0c RaiseException 57035->57060 57036 434f9c 57051 4ad3de 57036->57051 57039 4acede 57041->56997 57048 49d15a _strftime 57043->57048 57044 49d198 57062 4950d4 14 API calls __Strcoll 57044->57062 57045 49d183 RtlAllocateHeap 57047 49d196 57045->57047 57045->57048 57047->57029 57048->57044 57048->57045 57061 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 57048->57061 57050->57036 57052 4ad3eb 57051->57052 57058 434ff6 57051->57058 57053 497e9c _Yarn 15 API calls 57052->57053 57052->57058 57055 4ad408 57053->57055 57054 4ad418 57064 497357 57054->57064 57055->57054 57063 49826d 39 API calls 2 library calls 57055->57063 57058->56997 57059->57029 57060->57039 57061->57048 57062->57047 57063->57054 57065 49c0bd __freea 14 API calls 57064->57065 57066 49736f 57065->57066 57066->57058 57067->57009 57068 459bad 57164 460ac0 57068->57164 57070 45a514 57292 4540f0 57070->57292 57072 44d060 39 API calls 57074 45a508 57072->57074 57073 45a523 57075 4abbf5 _ValidateLocalCookies 5 API calls 57073->57075 57076 44d060 39 API calls 57074->57076 57077 45a53d 57075->57077 57076->57070 57078 455090 43 API calls 57099 459bca 57078->57099 57079 459d7e 57180 455090 57079->57180 57080 459a9e 57081 455090 43 API calls 57080->57081 57086 4599f3 57081->57086 57083 45a060 57085 4517f0 41 API calls 57083->57085 57084 459fb4 57087 4517f0 41 API calls 57084->57087 57089 45a084 57085->57089 57100 4517f0 41 API calls 57086->57100 57090 459fd8 57087->57090 57093 4543f0 46 API calls 57089->57093 57207 4543f0 57090->57207 57091 459d92 57194 4632d0 57091->57194 57092 45a1b8 57096 4517f0 41 API calls 57092->57096 57097 45a09c 57093->57097 57102 45a1dc 57096->57102 57104 459790 41 API calls 57097->57104 57099->57078 57099->57079 57099->57080 57099->57083 57099->57084 57105 45c700 41 API calls 57099->57105 57154 45a057 57099->57154 57107 45a47a 57100->57107 57101 459da8 57108 455090 43 API calls 57101->57108 57103 4543f0 46 API calls 57102->57103 57109 45a1f4 57103->57109 57110 45a0c1 57104->57110 57105->57099 57112 4543f0 46 API calls 57107->57112 57113 459db8 57108->57113 57114 459790 41 API calls 57109->57114 57115 454730 46 API calls 57110->57115 57117 45a492 57112->57117 57118 459dc4 57113->57118 57119 45a10c 57113->57119 57121 45a219 57114->57121 57122 45a0d6 57115->57122 57124 459790 41 API calls 57117->57124 57120 455090 43 API calls 57118->57120 57125 4517f0 41 API calls 57119->57125 57120->57086 57127 454730 46 API calls 57121->57127 57128 45a590 41 API calls 57122->57128 57130 45a4b7 57124->57130 57126 45a130 57125->57126 57131 4543f0 46 API calls 57126->57131 57132 45a22e 57127->57132 57133 45a0e5 57128->57133 57135 454730 46 API calls 57130->57135 57137 45a148 57131->57137 57138 45a590 41 API calls 57132->57138 57139 44d060 39 API calls 57133->57139 57136 45a4cc 57135->57136 57141 45a590 41 API calls 57136->57141 57142 459790 41 API calls 57137->57142 57143 45a23d 57138->57143 57144 45a0f4 57139->57144 57140 44d060 39 API calls 57145 45a048 57140->57145 57146 45a4db 57141->57146 57147 45a16d 57142->57147 57148 44d060 39 API calls 57143->57148 57149 438d50 14 API calls 57144->57149 57287 438d50 57145->57287 57151 44d060 39 API calls 57146->57151 57152 454730 46 API calls 57147->57152 57153 45a24c 57148->57153 57149->57154 57155 45a4ea 57151->57155 57156 45a182 57152->57156 57157 438d50 14 API calls 57153->57157 57154->57070 57154->57072 57158 438d50 14 API calls 57155->57158 57159 45a590 41 API calls 57156->57159 57157->57154 57158->57154 57160 45a191 57159->57160 57161 44d060 39 API calls 57160->57161 57162 45a1a0 57161->57162 57163 438d50 14 API calls 57162->57163 57163->57154 57165 460b97 57164->57165 57166 460b0c 57164->57166 57167 460c12 57165->57167 57168 460b9f 57165->57168 57297 44d3b0 57166->57297 57173 44d3b0 41 API calls 57167->57173 57171 460bf0 57168->57171 57172 460bb0 57168->57172 57330 468060 41 API calls 2 library calls 57171->57330 57175 44d3b0 41 API calls 57172->57175 57177 460c42 57173->57177 57174 44d3b0 41 API calls 57178 460b8d 57174->57178 57175->57178 57179 44d3b0 41 API calls 57177->57179 57178->57099 57179->57178 57181 4550aa 57180->57181 57185 4550cb 57180->57185 57348 456790 57181->57348 57182 456790 43 API calls 57182->57185 57185->57182 57188 4550d2 57185->57188 57192 455124 57185->57192 57186 456790 43 API calls 57187 4550bd 57186->57187 57187->57188 57189 456790 43 API calls 57187->57189 57190 4abbf5 _ValidateLocalCookies 5 API calls 57188->57190 57189->57185 57191 4553ab 57190->57191 57191->57091 57191->57092 57192->57188 57193 456790 43 API calls 57192->57193 57193->57192 57197 46330e 57194->57197 57195 46336e 57198 4abc08 std::_Facet_Register 41 API calls 57195->57198 57196 46341a 57513 4351b0 41 API calls 57196->57513 57197->57195 57197->57196 57204 463342 57197->57204 57200 46338f 57198->57200 57474 44bad0 57200->57474 57203 4633ae 57490 44ca70 57203->57490 57204->57101 57206 4633c5 57206->57101 57208 4517f0 41 API calls 57207->57208 57209 454470 57208->57209 57210 4544b3 57209->57210 57523 457160 41 API calls 57209->57523 57214 4544c0 57210->57214 57529 4520f0 57210->57529 57213 454499 57524 44b9d0 57213->57524 57216 4544ff 57214->57216 57222 454559 57214->57222 57218 454730 46 API calls 57216->57218 57217 4544a7 57219 44d060 39 API calls 57217->57219 57220 45450f 57218->57220 57219->57210 57544 45a6d0 41 API calls 57220->57544 57222->57222 57224 4545bc 57222->57224 57545 4516d0 57222->57545 57223 454532 57225 44b9d0 41 API calls 57223->57225 57228 4520f0 41 API calls 57224->57228 57230 4545d2 _Yarn 57224->57230 57227 454541 57225->57227 57229 44d060 39 API calls 57227->57229 57228->57230 57231 45454d 57229->57231 57560 44b960 57230->57560 57233 44d060 39 API calls 57231->57233 57237 45462f 57233->57237 57234 45460a 57235 44b9d0 41 API calls 57234->57235 57235->57231 57236 45470c 57247 459790 57236->57247 57237->57236 57238 45469e 57237->57238 57239 4516d0 41 API calls 57237->57239 57240 4520f0 41 API calls 57238->57240 57241 4546b4 _Yarn 57238->57241 57239->57238 57240->57241 57242 44b960 41 API calls 57241->57242 57243 4546ef 57242->57243 57244 44b9d0 41 API calls 57243->57244 57245 4546fa 57244->57245 57246 44d060 39 API calls 57245->57246 57246->57236 57248 459817 57247->57248 57249 4517f0 41 API calls 57247->57249 57569 438b10 57248->57569 57249->57248 57252 4517f0 41 API calls 57253 459855 57252->57253 57588 438780 57253->57588 57258 44d060 39 API calls 57259 459894 57258->57259 57260 44d060 39 API calls 57259->57260 57261 4598a0 57260->57261 57262 44d060 39 API calls 57261->57262 57263 4598af 57262->57263 57264 44d060 39 API calls 57263->57264 57265 4598c9 57264->57265 57624 4386d0 57265->57624 57268 44d060 39 API calls 57269 45990a 57268->57269 57270 4abbf5 _ValidateLocalCookies 5 API calls 57269->57270 57271 459924 57270->57271 57272 454730 57271->57272 57273 454833 57272->57273 57278 4547c2 57272->57278 57274 4abbf5 _ValidateLocalCookies 5 API calls 57273->57274 57275 45484c 57274->57275 57280 45a590 57275->57280 57277 451e50 41 API calls 57277->57278 57278->57273 57278->57277 57279 44b960 41 API calls 57278->57279 57635 434bc0 44 API calls 57278->57635 57279->57278 57281 45a039 57280->57281 57282 45a5a8 57280->57282 57281->57140 57636 44d1a0 40 API calls 57282->57636 57284 45a5b3 57637 4afa0c RaiseException 57284->57637 57286 45a5c1 57638 4ad441 57287->57638 57290 4ad441 ___std_exception_destroy 14 API calls 57291 438db1 57290->57291 57291->57154 57293 45411b 57292->57293 57294 45413b error_info_injector 57292->57294 57293->57294 57642 497d39 39 API calls 2 library calls 57293->57642 57294->57073 57298 44d3fb 57297->57298 57300 44d495 57298->57300 57301 44d43f 57298->57301 57303 44d5f6 57298->57303 57324 44d633 error_info_injector 57298->57324 57299 4abbf5 _ValidateLocalCookies 5 API calls 57302 44d694 57299->57302 57304 44d69d 57300->57304 57305 44d4aa 57300->57305 57318 44d4b6 57300->57318 57301->57304 57306 44d463 57301->57306 57326 44d46f 57301->57326 57302->57174 57307 44d655 57303->57307 57308 44d660 57303->57308 57309 44d61a 57303->57309 57310 44d64a 57303->57310 57303->57324 57346 449730 41 API calls 57304->57346 57333 452540 41 API calls 2 library calls 57305->57333 57331 452540 41 API calls 2 library calls 57306->57331 57322 44d060 39 API calls 57307->57322 57339 454ec0 57308->57339 57337 452630 41 API calls error_info_injector 57309->57337 57338 44de70 41 API calls error_info_injector 57310->57338 57315 44d5e4 57336 44de70 41 API calls error_info_injector 57315->57336 57327 44d490 57318->57327 57334 451c60 41 API calls 57318->57334 57322->57324 57324->57299 57325 44aa40 41 API calls 57325->57327 57326->57327 57332 451c60 41 API calls 57326->57332 57327->57315 57327->57325 57328 451c60 41 API calls 57327->57328 57335 452630 41 API calls error_info_injector 57327->57335 57328->57327 57330->57178 57331->57326 57332->57326 57333->57318 57334->57318 57335->57327 57336->57303 57337->57324 57338->57324 57340 454eeb 57339->57340 57341 454f08 error_info_injector 57339->57341 57340->57341 57347 497d39 39 API calls 2 library calls 57340->57347 57341->57324 57349 4567ac 57348->57349 57350 4567a6 57348->57350 57352 4567c0 57349->57352 57356 449e50 57349->57356 57351 4550af 57350->57351 57372 460310 57350->57372 57351->57185 57351->57186 57352->57350 57406 436640 57352->57406 57357 449e88 57356->57357 57359 449ef4 57357->57359 57360 449edc 57357->57360 57364 449e93 57357->57364 57358 4abbf5 _ValidateLocalCookies 5 API calls 57361 44a052 57358->57361 57363 494a65 41 API calls 57359->57363 57415 494a65 57360->57415 57361->57352 57370 449f2a _Yarn 57363->57370 57364->57358 57365 44a027 57366 44d060 39 API calls 57365->57366 57366->57364 57368 44a06b 57368->57365 57450 497466 41 API calls 3 library calls 57368->57450 57370->57365 57370->57368 57371 494a65 41 API calls 57370->57371 57435 451e50 57370->57435 57371->57370 57373 4604af 57372->57373 57374 46035f 57372->57374 57468 449730 41 API calls 57373->57468 57376 460379 57374->57376 57378 4603d4 57374->57378 57379 4603c4 57374->57379 57384 46038c _Yarn 57374->57384 57381 4abc08 std::_Facet_Register 41 API calls 57376->57381 57377 4604b4 57469 434f80 41 API calls 2 library calls 57377->57469 57382 4abc08 std::_Facet_Register 41 API calls 57378->57382 57379->57376 57379->57377 57381->57384 57382->57384 57390 460463 error_info_injector 57384->57390 57470 497d39 39 API calls 2 library calls 57384->57470 57390->57351 57407 436662 57406->57407 57408 43665a 57406->57408 57407->57350 57410 436672 57408->57410 57471 4afa0c RaiseException 57408->57471 57472 436560 41 API calls 57410->57472 57412 4366a8 57473 4afa0c RaiseException 57412->57473 57414 4366b7 std::ios_base::_Ios_base_dtor 57414->57350 57416 494a71 ___scrt_is_nonwritable_in_current_image 57415->57416 57417 494a7b 57416->57417 57418 494a93 57416->57418 57459 4950d4 14 API calls __Strcoll 57417->57459 57451 494ce8 EnterCriticalSection 57418->57451 57421 494a9e 57424 498cea __fread_nolock 39 API calls 57421->57424 57427 494ab6 57421->57427 57422 494a80 57460 497d29 39 API calls __fread_nolock 57422->57460 57424->57427 57425 494b1e 57461 4950d4 14 API calls __Strcoll 57425->57461 57426 494b46 57452 494a29 57426->57452 57427->57425 57427->57426 57430 494b23 57462 497d29 39 API calls __fread_nolock 57430->57462 57431 494b4c 57463 494b76 LeaveCriticalSection __fread_nolock 57431->57463 57434 494a8b 57434->57364 57436 451e74 57435->57436 57437 451f7a 57435->57437 57438 451e8a 57436->57438 57443 451ee8 57436->57443 57444 451edb 57436->57444 57447 451e9a _Yarn 57436->57447 57439 4350b0 41 API calls 57437->57439 57442 4abc08 std::_Facet_Register 41 API calls 57438->57442 57440 451f7f 57439->57440 57466 434f80 41 API calls 2 library calls 57440->57466 57442->57447 57446 4abc08 std::_Facet_Register 41 API calls 57443->57446 57444->57438 57444->57440 57446->57447 57449 451f3c _Yarn error_info_injector 57447->57449 57467 497d39 39 API calls 2 library calls 57447->57467 57449->57370 57450->57368 57451->57421 57453 494a35 57452->57453 57455 494a4a __fread_nolock 57452->57455 57464 4950d4 14 API calls __Strcoll 57453->57464 57455->57431 57456 494a3a 57465 497d29 39 API calls __fread_nolock 57456->57465 57458 494a45 57458->57431 57459->57422 57460->57434 57461->57430 57462->57434 57463->57434 57464->57456 57465->57458 57466->57447 57469->57384 57471->57410 57472->57412 57473->57414 57475 44bafc 57474->57475 57476 44bbae 57475->57476 57482 44bb0d 57475->57482 57477 4350b0 41 API calls 57476->57477 57480 44bbb3 57477->57480 57478 44bb12 _Yarn 57478->57203 57479 44bb3a 57483 4abc08 std::_Facet_Register 41 API calls 57479->57483 57514 434f80 41 API calls 2 library calls 57480->57514 57482->57478 57482->57479 57485 44bb82 57482->57485 57486 44bb79 57482->57486 57484 44bb4d 57483->57484 57484->57478 57515 497d39 39 API calls 2 library calls 57484->57515 57488 4abc08 std::_Facet_Register 41 API calls 57485->57488 57486->57479 57486->57480 57488->57478 57491 44cc1d 57490->57491 57492 44cabf 57490->57492 57497 44cc2b 57491->57497 57509 44cacb 57491->57509 57492->57491 57493 44cb35 57492->57493 57494 44cac6 57492->57494 57495 44cacd 57492->57495 57496 44cb8d 57492->57496 57492->57509 57503 4abc08 std::_Facet_Register 41 API calls 57493->57503 57516 451310 41 API calls 2 library calls 57494->57516 57500 4abc08 std::_Facet_Register 41 API calls 57495->57500 57499 4abc08 std::_Facet_Register 41 API calls 57496->57499 57517 44ba90 57497->57517 57499->57509 57500->57509 57501 4abbf5 _ValidateLocalCookies 5 API calls 57504 44cb2c 57501->57504 57506 44cb44 57503->57506 57504->57206 57508 4517f0 41 API calls 57506->57508 57508->57509 57509->57501 57510 44cc4c 57522 4afa0c RaiseException 57510->57522 57512 44cc5d 57514->57484 57516->57509 57518 44bab3 57517->57518 57518->57518 57519 4517f0 41 API calls 57518->57519 57520 44bac5 57519->57520 57521 451b00 41 API calls _ValidateLocalCookies 57520->57521 57521->57510 57522->57512 57523->57213 57525 44b9e4 57524->57525 57526 4520f0 41 API calls 57525->57526 57528 44b9f4 _Yarn 57525->57528 57527 44ba36 57526->57527 57527->57217 57528->57217 57530 452238 57529->57530 57534 45211b 57529->57534 57531 4350b0 41 API calls 57530->57531 57532 45223d 57531->57532 57565 434f80 41 API calls 2 library calls 57532->57565 57536 452181 57534->57536 57537 45218e 57534->57537 57540 452130 57534->57540 57543 452140 _Yarn 57534->57543 57535 4abc08 std::_Facet_Register 41 API calls 57535->57543 57536->57532 57536->57540 57541 4abc08 std::_Facet_Register 41 API calls 57537->57541 57538 4521f6 _Yarn error_info_injector 57538->57214 57540->57535 57541->57543 57543->57538 57566 497d39 39 API calls 2 library calls 57543->57566 57544->57223 57546 4517da 57545->57546 57549 4516f5 57545->57549 57547 4350b0 41 API calls 57546->57547 57548 4517df 57547->57548 57567 434f80 41 API calls 2 library calls 57548->57567 57551 451763 57549->57551 57552 45175a 57549->57552 57554 451709 57549->57554 57558 451719 _Yarn 57549->57558 57555 4abc08 std::_Facet_Register 41 API calls 57551->57555 57552->57548 57552->57554 57553 4abc08 std::_Facet_Register 41 API calls 57553->57558 57554->57553 57555->57558 57556 4517aa _Yarn error_info_injector 57556->57224 57558->57556 57568 497d39 39 API calls 2 library calls 57558->57568 57561 44b970 57560->57561 57561->57561 57562 4520f0 41 API calls 57561->57562 57564 44b987 _Yarn 57561->57564 57563 44b9be 57562->57563 57563->57234 57564->57234 57565->57543 57567->57558 57629 4350c0 57569->57629 57572 4350c0 41 API calls 57573 438b7d 57572->57573 57574 4516d0 41 API calls 57573->57574 57575 438bce 57573->57575 57574->57575 57576 4520f0 41 API calls 57575->57576 57577 438bdd _Yarn 57575->57577 57576->57577 57578 44b9d0 41 API calls 57577->57578 57579 438c20 57578->57579 57580 4520f0 41 API calls 57579->57580 57581 438c2f _Yarn 57579->57581 57580->57581 57582 44b9d0 41 API calls 57581->57582 57583 438c74 57582->57583 57584 44d060 39 API calls 57583->57584 57585 438c9b 57584->57585 57586 44d060 39 API calls 57585->57586 57587 438ca7 57586->57587 57587->57252 57589 4387e1 57588->57589 57590 438869 57589->57590 57591 4517f0 41 API calls 57589->57591 57592 4388f8 57590->57592 57593 4516d0 41 API calls 57590->57593 57591->57590 57594 4520f0 41 API calls 57592->57594 57595 43890c _Yarn 57592->57595 57593->57592 57594->57595 57596 44b9d0 41 API calls 57595->57596 57597 43893d 57596->57597 57598 438947 57597->57598 57599 451e50 41 API calls 57597->57599 57600 44b9d0 41 API calls 57598->57600 57599->57598 57601 438977 57600->57601 57602 438986 57601->57602 57603 4520f0 41 API calls 57601->57603 57604 44d060 39 API calls 57602->57604 57603->57602 57605 4389dd 57604->57605 57606 4abbf5 _ValidateLocalCookies 5 API calls 57605->57606 57607 4389f6 57606->57607 57608 4582b0 57607->57608 57609 458351 57608->57609 57610 458341 57608->57610 57612 44b9d0 41 API calls 57609->57612 57611 4516d0 41 API calls 57610->57611 57611->57609 57613 45835e 57612->57613 57614 44b960 41 API calls 57613->57614 57615 45836a 57614->57615 57616 44b9d0 41 API calls 57615->57616 57617 458374 57616->57617 57618 44b960 41 API calls 57617->57618 57619 458380 57618->57619 57620 44b9d0 41 API calls 57619->57620 57621 45838a 57620->57621 57622 44b9d0 41 API calls 57621->57622 57623 458394 57622->57623 57623->57258 57625 4ad3de ___std_exception_copy 40 API calls 57624->57625 57626 43874a 57625->57626 57627 4abbf5 _ValidateLocalCookies 5 API calls 57626->57627 57628 438777 57627->57628 57628->57268 57630 435106 57629->57630 57630->57630 57631 435148 57630->57631 57632 4517f0 41 API calls 57630->57632 57633 4abbf5 _ValidateLocalCookies 5 API calls 57631->57633 57632->57631 57634 4351a4 57633->57634 57634->57572 57635->57278 57636->57284 57637->57286 57639 4ad44e 57638->57639 57641 438d9b 57638->57641 57640 497357 _Yarn 14 API calls 57639->57640 57640->57641 57641->57290 57643 455e8e 57644 456790 43 API calls 57643->57644 57645 455e95 57644->57645 57646 45607f 57645->57646 57647 455ee9 57645->57647 57648 45600b 57645->57648 57649 455e51 57645->57649 57650 455f97 57645->57650 57651 455f23 57645->57651 57652 455eaf 57645->57652 57653 456045 57645->57653 57654 455fd1 57645->57654 57656 455f5d 57645->57656 57693 456920 43 API calls _ValidateLocalCookies 57646->57693 57658 451e50 41 API calls 57647->57658 57668 455e4a 57647->57668 57659 451e50 41 API calls 57648->57659 57648->57668 57655 4abbf5 _ValidateLocalCookies 5 API calls 57649->57655 57664 451e50 41 API calls 57650->57664 57650->57668 57660 451e50 41 API calls 57651->57660 57651->57668 57665 451e50 41 API calls 57652->57665 57652->57668 57661 451e50 41 API calls 57653->57661 57653->57668 57667 451e50 41 API calls 57654->57667 57654->57668 57666 456432 57655->57666 57662 451e50 41 API calls 57656->57662 57656->57668 57658->57668 57659->57668 57660->57668 57661->57668 57662->57668 57663 456086 57663->57649 57670 456790 43 API calls 57663->57670 57691 4560c7 57663->57691 57664->57668 57665->57668 57667->57668 57669 456790 43 API calls 57668->57669 57669->57649 57671 4560a7 57670->57671 57671->57649 57678 456790 43 API calls 57671->57678 57672 45611c 57675 456131 57672->57675 57676 456180 57672->57676 57677 456159 57672->57677 57673 45610f 57695 456740 41 API calls 57673->57695 57701 456740 41 API calls 57675->57701 57699 456740 41 API calls 57676->57699 57696 456740 41 API calls 57677->57696 57679 4560b7 57678->57679 57679->57649 57694 456920 43 API calls _ValidateLocalCookies 57679->57694 57683 456167 57697 456740 41 API calls 57683->57697 57684 45618e 57700 456740 41 API calls 57684->57700 57685 4561b0 57702 456740 41 API calls 57685->57702 57690 456171 57698 456740 41 API calls 57690->57698 57691->57649 57691->57672 57691->57673 57693->57663 57694->57691 57695->57668 57696->57683 57697->57690 57698->57668 57699->57684 57700->57675 57701->57685 57702->57668 57703 48d6e6 57704 48d6ff 57703->57704 57723 48d6f3 57703->57723 57705 48d709 57704->57705 57719 48d898 57704->57719 57722 48d742 57705->57722 57748 44b8f0 57705->57748 57706 4abbf5 _ValidateLocalCookies 5 API calls 57708 48e0d0 57706->57708 57707 48d915 57710 48e1c0 46 API calls 57707->57710 57712 48d92a 57710->57712 57711 48e1c0 46 API calls 57711->57719 57716 48d6a0 5 API calls 57712->57716 57713 48d7fa 57715 48e1c0 46 API calls 57713->57715 57718 48d83e 57715->57718 57716->57723 57717 48d6a0 5 API calls 57717->57719 57721 48d6a0 5 API calls 57718->57721 57719->57707 57719->57711 57719->57717 57721->57723 57722->57713 57724 48e1c0 57722->57724 57744 48d6a0 57722->57744 57723->57706 57726 48e212 57724->57726 57733 48e3fa 57724->57733 57725 48e47a 57767 48e550 41 API calls 57725->57767 57726->57725 57735 48e3f4 57726->57735 57754 48e0dc 57726->57754 57759 48e110 57726->57759 57764 434bc0 44 API calls 57726->57764 57729 48e485 57730 4350c0 41 API calls 57729->57730 57731 48e499 57730->57731 57768 48ef40 41 API calls 57731->57768 57733->57722 57734 48e474 57769 4511a0 41 API calls _ValidateLocalCookies 57734->57769 57735->57733 57765 48e550 41 API calls 57735->57765 57738 48e464 57766 48f020 41 API calls 57738->57766 57739 48e4c0 57770 4afa0c RaiseException 57739->57770 57745 48d6df 57744->57745 57746 4abbf5 _ValidateLocalCookies 5 API calls 57745->57746 57747 48e0d0 57746->57747 57747->57722 57749 44b8fe 57748->57749 57750 44b912 57748->57750 57749->57722 57753 44b920 __fread_nolock 57750->57753 57771 451f90 57750->57771 57752 44b953 57752->57722 57753->57722 57755 48e103 57754->57755 57758 48e129 _Yarn 57754->57758 57756 4520f0 41 API calls 57755->57756 57755->57758 57757 48e15d 57756->57757 57757->57726 57758->57726 57760 48e150 57759->57760 57763 48e129 _Yarn 57759->57763 57761 4520f0 41 API calls 57760->57761 57762 48e15d 57761->57762 57762->57726 57763->57726 57764->57726 57765->57738 57766->57734 57767->57729 57768->57734 57769->57739 57772 4520d9 57771->57772 57775 451fb5 57771->57775 57773 4350b0 41 API calls 57772->57773 57774 4520de 57773->57774 57786 434f80 41 API calls 2 library calls 57774->57786 57777 452028 57775->57777 57778 45201b 57775->57778 57781 451fca 57775->57781 57785 451fda _Yarn __fread_nolock 57775->57785 57782 4abc08 std::_Facet_Register 41 API calls 57777->57782 57778->57774 57778->57781 57779 4abc08 std::_Facet_Register 41 API calls 57779->57785 57781->57779 57782->57785 57783 452097 _Yarn __fread_nolock error_info_injector 57783->57752 57785->57783 57787 497d39 39 API calls 2 library calls 57785->57787 57786->57785 57788 48d95a 57789 48d976 57788->57789 57802 48d96a 57788->57802 57790 48d980 57789->57790 57797 48daad 57789->57797 57796 44b8f0 41 API calls 57790->57796 57801 48d9b9 57790->57801 57791 4abbf5 _ValidateLocalCookies 5 API calls 57793 48e0d0 57791->57793 57792 48daf5 57794 48d6a0 5 API calls 57792->57794 57794->57802 57795 48d6a0 5 API calls 57795->57797 57796->57801 57797->57792 57797->57795 57798 48da31 57799 48d6a0 5 API calls 57798->57799 57799->57802 57800 48d6a0 5 API calls 57800->57801 57801->57798 57801->57800 57802->57791 57803 49865a 57804 49866a 57803->57804 57805 49867d 57803->57805 57842 4950d4 14 API calls __Strcoll 57804->57842 57807 49868f 57805->57807 57815 4986a2 57805->57815 57844 4950d4 14 API calls __Strcoll 57807->57844 57808 49866f 57843 497d29 39 API calls __fread_nolock 57808->57843 57810 4986c2 57846 4950d4 14 API calls __Strcoll 57810->57846 57811 4986d3 57834 4a1286 57811->57834 57813 498694 57845 497d29 39 API calls __fread_nolock 57813->57845 57815->57810 57815->57811 57820 4986ea 57821 4988e0 57820->57821 57854 4a06a5 57820->57854 57870 497d56 IsProcessorFeaturePresent 57821->57870 57824 4986fc 57824->57821 57861 4a06d1 57824->57861 57825 4988ea 57827 49870e 57827->57821 57828 498717 57827->57828 57829 49879c 57828->57829 57830 498738 57828->57830 57833 498679 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 57829->57833 57869 4a12e3 39 API calls 2 library calls 57829->57869 57830->57833 57868 4a12e3 39 API calls 2 library calls 57830->57868 57835 4a1292 ___scrt_is_nonwritable_in_current_image 57834->57835 57836 4986d8 57835->57836 57874 49b2e1 EnterCriticalSection 57835->57874 57847 4a0679 57836->57847 57838 4a12a3 57839 4a12b7 57838->57839 57875 4a11ce 57838->57875 57887 4a12da LeaveCriticalSection std::_Lockit::~_Lockit 57839->57887 57842->57808 57843->57833 57844->57813 57845->57833 57846->57833 57848 4a069a 57847->57848 57849 4a0685 57847->57849 57848->57820 58003 4950d4 14 API calls __Strcoll 57849->58003 57851 4a068a 58004 497d29 39 API calls __fread_nolock 57851->58004 57853 4a0695 57853->57820 57855 4a06b1 57854->57855 57856 4a06c6 57854->57856 58005 4950d4 14 API calls __Strcoll 57855->58005 57856->57824 57858 4a06b6 58006 497d29 39 API calls __fread_nolock 57858->58006 57860 4a06c1 57860->57824 57862 4a06dd 57861->57862 57863 4a06f2 57861->57863 58007 4950d4 14 API calls __Strcoll 57862->58007 57863->57827 57865 4a06e2 58008 497d29 39 API calls __fread_nolock 57865->58008 57867 4a06ed 57867->57827 57868->57833 57869->57833 57871 497d62 57870->57871 58009 497b2d 57871->58009 57874->57838 57888 4a0d24 57875->57888 57878 4a122a 57880 4a1227 57878->57880 57957 4a1074 57878->57957 57879 4a1221 57897 4a0de2 57879->57897 57883 49c0bd __freea 14 API calls 57880->57883 57884 4a1235 57883->57884 57885 4abbf5 _ValidateLocalCookies 5 API calls 57884->57885 57886 4a1242 57885->57886 57886->57839 57887->57836 57889 4a0d43 _strftime 57888->57889 57894 4a0d4a 57889->57894 57989 49d15a 15 API calls 3 library calls 57889->57989 57891 4a0d6b 57892 49c0bd __freea 14 API calls 57891->57892 57892->57894 57893 4a0d64 _strftime 57893->57891 57895 4a0d8d 57893->57895 57894->57878 57894->57879 57896 49c0bd __freea 14 API calls 57895->57896 57896->57894 57898 4a0df2 _strftime 57897->57898 57899 4a06d1 _strftime 39 API calls 57898->57899 57900 4a0e13 57899->57900 57901 4a1067 57900->57901 57903 4a0679 _strftime 39 API calls 57900->57903 57902 497d56 __Getcoll 11 API calls 57901->57902 57904 4a1073 _strftime 57902->57904 57905 4a0e25 57903->57905 57908 4a06d1 _strftime 39 API calls 57904->57908 57905->57901 57909 4a0e9b 57905->57909 57990 49d15a 15 API calls 3 library calls 57905->57990 57907 4a0e8c 57910 4a0e93 57907->57910 57911 4a0ea1 57907->57911 57912 4a10a1 57908->57912 57909->57880 57913 49c0bd __freea 14 API calls 57910->57913 57914 49c0bd __freea 14 API calls 57911->57914 57915 4a11c3 57912->57915 57918 4a0679 _strftime 39 API calls 57912->57918 57913->57909 57917 4a0eac 57914->57917 57916 497d56 __Getcoll 11 API calls 57915->57916 57919 4a11cd 57916->57919 57991 4a4e67 39 API calls 2 library calls 57917->57991 57920 4a10b3 57918->57920 57921 4a0d24 _strftime 15 API calls 57919->57921 57920->57915 57923 4a06a5 _strftime 39 API calls 57920->57923 57924 4a1207 57921->57924 57926 4a10c5 57923->57926 57928 4a122a 57924->57928 57930 4a1221 57924->57930 57925 4a0ed3 57925->57901 57940 4a0ede __fread_nolock 57925->57940 57926->57915 57927 4a10ce 57926->57927 57929 49c0bd __freea 14 API calls 57927->57929 57931 4a1227 57928->57931 57932 4a1074 _strftime 44 API calls 57928->57932 57933 4a10d9 GetTimeZoneInformation 57929->57933 57934 4a0de2 _strftime 44 API calls 57930->57934 57935 49c0bd __freea 14 API calls 57931->57935 57932->57931 57938 4a119d _strftime 57933->57938 57941 4a10f5 __fread_nolock 57933->57941 57934->57931 57936 4a1235 57935->57936 57937 4abbf5 _ValidateLocalCookies 5 API calls 57936->57937 57939 4a1242 57937->57939 57938->57880 57939->57880 57992 4a0d9b 45 API calls 6 library calls 57940->57992 57997 4a3e20 39 API calls __Strcoll 57941->57997 57943 4a0f23 57993 4949e3 40 API calls 2 library calls 57943->57993 57946 4a1178 57998 4a1244 45 API calls 4 library calls 57946->57998 57948 4a1189 57999 4a1244 45 API calls 4 library calls 57948->57999 57949 4a0f57 57951 4a0fe9 57949->57951 57994 4949e3 40 API calls 2 library calls 57949->57994 57955 4a104b _strftime 57951->57955 57996 4a0d9b 45 API calls 6 library calls 57951->57996 57954 4a0f94 57954->57951 57995 4949e3 40 API calls 2 library calls 57954->57995 57955->57901 57958 4a1084 _strftime 57957->57958 57959 4a06d1 _strftime 39 API calls 57958->57959 57960 4a10a1 57959->57960 57961 4a11c3 57960->57961 57963 4a0679 _strftime 39 API calls 57960->57963 57962 497d56 __Getcoll 11 API calls 57961->57962 57964 4a11cd 57962->57964 57965 4a10b3 57963->57965 57966 4a0d24 _strftime 15 API calls 57964->57966 57965->57961 57967 4a06a5 _strftime 39 API calls 57965->57967 57968 4a1207 57966->57968 57969 4a10c5 57967->57969 57971 4a122a 57968->57971 57973 4a1221 57968->57973 57969->57961 57970 4a10ce 57969->57970 57972 49c0bd __freea 14 API calls 57970->57972 57974 4a1227 57971->57974 57975 4a1074 _strftime 44 API calls 57971->57975 57976 4a10d9 GetTimeZoneInformation 57972->57976 57977 4a0de2 _strftime 44 API calls 57973->57977 57978 49c0bd __freea 14 API calls 57974->57978 57975->57974 57979 4a10f5 __fread_nolock 57976->57979 57982 4a119d _strftime 57976->57982 57977->57974 57980 4a1235 57978->57980 58000 4a3e20 39 API calls __Strcoll 57979->58000 57981 4abbf5 _ValidateLocalCookies 5 API calls 57980->57981 57983 4a1242 57981->57983 57982->57880 57983->57880 57985 4a1178 58001 4a1244 45 API calls 4 library calls 57985->58001 57987 4a1189 58002 4a1244 45 API calls 4 library calls 57987->58002 57989->57893 57990->57907 57991->57925 57992->57943 57993->57949 57994->57954 57995->57951 57996->57955 57997->57946 57998->57948 57999->57938 58000->57985 58001->57987 58002->57982 58003->57851 58004->57853 58005->57858 58006->57860 58007->57865 58008->57867 58010 497b49 __fread_nolock __CreateFrameInfo 58009->58010 58011 497b75 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 58010->58011 58012 497c46 __CreateFrameInfo 58011->58012 58013 4abbf5 _ValidateLocalCookies 5 API calls 58012->58013 58014 497c64 GetCurrentProcess TerminateProcess 58013->58014 58014->57825 58015 4ac379 58016 4ac385 ___scrt_is_nonwritable_in_current_image 58015->58016 58043 4abdc3 58016->58043 58018 4ac38c 58019 4ac4df 58018->58019 58030 4ac3b6 ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 58018->58030 58140 4ac6bf 4 API calls 2 library calls 58019->58140 58021 4ac4e6 58141 4a2a0e 21 API calls __CreateFrameInfo 58021->58141 58023 4ac4ec 58142 4a29d2 21 API calls __CreateFrameInfo 58023->58142 58025 4ac4f4 58026 4ac3d5 58027 4ac456 58054 4ac7d4 58027->58054 58030->58026 58030->58027 58136 4a29e8 39 API calls 4 library calls 58030->58136 58044 4abdcc 58043->58044 58143 4aca4b IsProcessorFeaturePresent 58044->58143 58046 4abdd8 58144 4af9d6 10 API calls 2 library calls 58046->58144 58048 4abddd 58049 4abde1 58048->58049 58145 4ba4fc 58048->58145 58049->58018 58052 4abdf8 58052->58018 58208 4ade50 58054->58208 58057 4ac45c 58058 4ba53e 58057->58058 58210 4a3a7a 58058->58210 58060 4ba547 58061 4ac464 58060->58061 58216 4bb09f 39 API calls 58060->58216 58063 47e240 GetCurrentProcess OpenProcessToken 58061->58063 58064 47e2b4 GetTokenInformation 58063->58064 58065 47e2d8 58063->58065 58064->58065 58066 47e2f2 CloseHandle 58065->58066 58067 47e2f9 58065->58067 58066->58067 58068 47e337 58067->58068 58069 47e2fd 58067->58069 58219 48cb50 58068->58219 59345 481970 42 API calls 2 library calls 58069->59345 58073 47e308 59346 48aa80 61 API calls _ValidateLocalCookies 58073->59346 58074 48cb50 10 API calls 58076 47e34b 58074->58076 58229 47ecc0 58076->58229 58077 47e316 58078 47e328 ExitProcess 58077->58078 58081 44d060 39 API calls 58082 47e3fe OpenMutexA 58081->58082 58083 47e426 CreateMutexA 58082->58083 58084 47e41b ExitProcess 58082->58084 58233 479130 58083->58233 58136->58027 58140->58021 58141->58023 58142->58025 58143->58046 58144->58048 58149 4bb0d0 58145->58149 58148 4af9f5 7 API calls 2 library calls 58148->58049 58150 4bb0e0 58149->58150 58151 4abdea 58149->58151 58150->58151 58154 49ae1f 58150->58154 58166 49ad6f 58150->58166 58151->58052 58151->58148 58155 49ae2b ___scrt_is_nonwritable_in_current_image 58154->58155 58171 49b2e1 EnterCriticalSection 58155->58171 58157 49ae32 58172 4a2ddd 58157->58172 58162 49ae4b 58164 49ad6f 2 API calls 58162->58164 58163 49ae61 58163->58150 58165 49ae50 58164->58165 58186 49ae76 LeaveCriticalSection std::_Lockit::~_Lockit 58165->58186 58167 49ad76 58166->58167 58168 49adb9 GetStdHandle 58167->58168 58169 49ae1b 58167->58169 58170 49adcc GetFileType 58167->58170 58168->58167 58169->58150 58170->58167 58171->58157 58173 4a2de9 ___scrt_is_nonwritable_in_current_image 58172->58173 58174 4a2df2 58173->58174 58175 4a2e13 58173->58175 58195 4950d4 14 API calls __Strcoll 58174->58195 58187 49b2e1 EnterCriticalSection 58175->58187 58178 4a2df7 58196 497d29 39 API calls __fread_nolock 58178->58196 58180 4a2e4b 58197 4a2e72 LeaveCriticalSection std::_Lockit::~_Lockit 58180->58197 58181 49ae41 58181->58165 58185 49acb9 42 API calls 58181->58185 58182 4a2e1f 58182->58180 58188 4a2d2d 58182->58188 58185->58162 58186->58163 58187->58182 58198 49c6a4 58188->58198 58190 4a2d3f 58194 4a2d4c 58190->58194 58205 49cd70 6 API calls std::_Lockit::_Lockit 58190->58205 58191 49c0bd __freea 14 API calls 58192 4a2da1 58191->58192 58192->58182 58194->58191 58195->58178 58196->58181 58197->58181 58199 49c6b1 _strftime 58198->58199 58200 49c6f1 58199->58200 58201 49c6dc RtlAllocateHeap 58199->58201 58206 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 58199->58206 58207 4950d4 14 API calls __Strcoll 58200->58207 58201->58199 58202 49c6ef 58201->58202 58202->58190 58205->58190 58206->58199 58207->58202 58209 4ac7e7 GetStartupInfoW 58208->58209 58209->58057 58211 4a3ab5 58210->58211 58212 4a3a83 58210->58212 58211->58060 58217 499362 39 API calls 3 library calls 58212->58217 58214 4a3aa6 58218 4a3885 49 API calls 3 library calls 58214->58218 58216->58060 58217->58214 58218->58211 58220 48cbb0 58219->58220 58220->58220 58221 48cbbb GetCurrentProcess OpenProcessToken 58220->58221 58222 48cc1d 58221->58222 58223 48cbd2 LookupPrivilegeValueW 58221->58223 58225 48cc2d CloseHandle 58222->58225 58226 48cc37 58222->58226 58223->58222 58224 48cbe9 AdjustTokenPrivileges 58223->58224 58224->58222 58225->58226 58227 4abbf5 _ValidateLocalCookies 5 API calls 58226->58227 58228 47e341 58227->58228 58228->58074 58230 47ed00 58229->58230 58230->58230 59349 4740f0 58230->59349 58232 47e3ec 58232->58081 59355 478d40 58233->59355 58236 4517f0 41 API calls 58237 479249 58236->58237 58238 4517f0 41 API calls 58237->58238 58239 47930d 58238->58239 58240 4517f0 41 API calls 58239->58240 58241 4793d1 58240->58241 58242 4517f0 41 API calls 58241->58242 58243 479499 58242->58243 58244 4517f0 41 API calls 58243->58244 58245 47955d 58244->58245 58246 4517f0 41 API calls 58245->58246 58247 479621 58246->58247 58248 4517f0 41 API calls 58247->58248 58249 4796e9 58248->58249 58250 4517f0 41 API calls 58249->58250 58251 4797ad 58250->58251 58252 4517f0 41 API calls 58251->58252 58253 479871 58252->58253 58254 4517f0 41 API calls 58253->58254 58255 479939 58254->58255 59380 479ec0 58255->59380 58257 47996e 59406 44d7d0 58257->59406 58259 4799a2 59421 4738e0 58259->59421 58262 44ba90 41 API calls 58263 4799ed 58262->58263 59432 44eb90 58263->59432 58270 479a38 59470 44c960 58270->59470 58271 44c960 41 API calls 58271->58270 58273 479a70 58274 44d060 39 API calls 58273->58274 58275 479a7f 58274->58275 58276 44d060 39 API calls 58275->58276 58277 479a8e 58276->58277 58278 44eb90 41 API calls 58277->58278 58279 479a9b 58278->58279 59479 479c20 58279->59479 58282 44eb90 41 API calls 58283 479ab5 58282->58283 59488 479d70 58283->59488 59345->58073 59346->58077 59350 474178 59349->59350 59353 47410a _Yarn 59349->59353 59354 477640 44 API calls 5 library calls 59350->59354 59352 474186 59352->58232 59353->58232 59354->59352 59356 4517f0 41 API calls 59355->59356 59358 478dc8 _Yarn 59356->59358 59496 44fe10 59358->59496 59360 4517f0 41 API calls 59361 478ee8 59360->59361 59362 44fe10 41 API calls 59361->59362 59363 478efd 59362->59363 59364 44d060 39 API calls 59363->59364 59365 478f0c 59364->59365 59366 4517f0 41 API calls 59365->59366 59367 478f3c 59366->59367 59368 44fe10 41 API calls 59367->59368 59369 478f51 59368->59369 59370 44d060 39 API calls 59369->59370 59375 478f60 59370->59375 59371 44d060 39 API calls 59372 4790ef 59371->59372 59373 44d060 39 API calls 59372->59373 59374 4790fe 59373->59374 59376 44d060 39 API calls 59374->59376 59375->59371 59375->59375 59377 47910a 59376->59377 59378 4abbf5 _ValidateLocalCookies 5 API calls 59377->59378 59379 479127 59378->59379 59379->58236 59381 479ef7 59380->59381 59382 479fdc 59380->59382 59384 47a0c0 59381->59384 59404 479f03 59381->59404 59383 47a062 59382->59383 59401 47a001 59382->59401 59394 47a094 59383->59394 59395 44d7d0 41 API calls 59383->59395 59504 449730 41 API calls 59384->59504 59386 47a0c5 59505 497d39 39 API calls 2 library calls 59386->59505 59389 44d060 39 API calls 59389->59394 59390 47a053 59390->58257 59391 479f44 59391->59386 59396 479f84 error_info_injector 59391->59396 59393 47a03c 59503 47a0d0 41 API calls _ValidateLocalCookies 59393->59503 59394->59389 59398 47a0b1 59394->59398 59395->59383 59501 454e60 41 API calls 2 library calls 59396->59501 59397 44d7d0 41 API calls 59397->59401 59398->58257 59400 44d060 39 API calls 59400->59404 59401->59393 59401->59397 59402 479fb1 59502 47a0d0 41 API calls _ValidateLocalCookies 59402->59502 59404->59391 59404->59396 59404->59400 59405 479fcd 59405->58257 59409 44d814 59406->59409 59411 44d7ee _Yarn 59406->59411 59407 44d8f4 59408 4350b0 41 API calls 59407->59408 59410 44d8f9 59408->59410 59409->59407 59414 44d857 59409->59414 59415 44d88b 59409->59415 59419 44d84b _Yarn 59409->59419 59507 434f80 41 API calls 2 library calls 59410->59507 59411->58259 59412 4abc08 std::_Facet_Register 41 API calls 59412->59419 59414->59410 59414->59412 59417 4abc08 std::_Facet_Register 41 API calls 59415->59417 59416 44d8fe 59417->59419 59420 44d8d6 error_info_injector 59419->59420 59506 497d39 39 API calls 2 library calls 59419->59506 59420->58259 59422 44ca70 41 API calls 59421->59422 59423 473957 59422->59423 59508 4759f0 59423->59508 59428 44d060 39 API calls 59429 4739e6 59428->59429 59430 454ec0 39 API calls 59429->59430 59431 4739f2 59430->59431 59431->58262 59433 44ebf1 59432->59433 59433->59433 59434 4517f0 41 API calls 59433->59434 59435 44ec06 59434->59435 59732 44a980 59435->59732 59438 44f070 59439 44f0ef 59438->59439 59441 44f13c 59438->59441 59440 44f10a 59439->59440 59442 44d7d0 41 API calls 59439->59442 59449 44f180 59440->59449 59763 4510c0 41 API calls 59441->59763 59442->59440 59444 44f155 59764 4511a0 41 API calls _ValidateLocalCookies 59444->59764 59446 44f16a 59765 4afa0c RaiseException 59446->59765 59448 44f17b 59458 44f220 59449->59458 59450 44f31c 59451 44f3e6 59450->59451 59452 44f343 59450->59452 59768 44d7c0 41 API calls 59451->59768 59454 4517f0 41 API calls 59452->59454 59457 44f362 59454->59457 59455 4517f0 41 API calls 59455->59458 59459 44f373 59457->59459 59767 45ffe0 41 API calls 59457->59767 59458->59450 59458->59451 59458->59455 59460 44d060 39 API calls 59458->59460 59465 44bad0 41 API calls 59458->59465 59766 458940 41 API calls 59458->59766 59462 44d060 39 API calls 59459->59462 59460->59458 59463 44f3ba 59462->59463 59464 44d060 39 API calls 59463->59464 59466 44f3c6 59464->59466 59465->59458 59468 4abbf5 _ValidateLocalCookies 5 API calls 59466->59468 59469 44f3df 59468->59469 59469->58270 59469->58271 59471 44c98d 59470->59471 59474 44c9d8 error_info_injector 59470->59474 59472 44c9a2 59471->59472 59473 44d060 39 API calls 59471->59473 59472->59474 59769 497d39 39 API calls 2 library calls 59472->59769 59473->59471 59474->58273 59480 479c53 59479->59480 59481 479aa2 59480->59481 59770 4510c0 41 API calls 59480->59770 59481->58282 59483 479d14 59771 4511a0 41 API calls _ValidateLocalCookies 59483->59771 59485 479d29 59772 4afa0c RaiseException 59485->59772 59487 479d3a 59489 479da3 59488->59489 59773 4510c0 41 API calls 59489->59773 59491 479e63 59774 4511a0 41 API calls _ValidateLocalCookies 59491->59774 59493 479e78 59775 4afa0c RaiseException 59493->59775 59495 479e89 59497 44b8f0 41 API calls 59496->59497 59500 44fea4 _Yarn 59497->59500 59498 44b8f0 41 API calls 59499 44ffad 59498->59499 59499->59360 59500->59498 59501->59402 59502->59405 59503->59390 59507->59416 59510 475a5c 59508->59510 59590 494d10 59510->59590 59513 4739ba 59514 473b90 59513->59514 59515 473e7f 59514->59515 59518 473bec __fread_nolock 59514->59518 59727 476a20 46 API calls _ValidateLocalCookies 59515->59727 59517 473eca 59519 474190 44 API calls 59517->59519 59724 454180 41 API calls 59518->59724 59520 473eda 59519->59520 59522 474003 59520->59522 59524 4517f0 41 API calls 59520->59524 59525 474076 59522->59525 59528 44ca70 41 API calls 59522->59528 59523 473c61 59725 475df0 46 API calls _ValidateLocalCookies 59523->59725 59527 473f16 59524->59527 59530 4540f0 39 API calls 59525->59530 59531 4543f0 46 API calls 59527->59531 59532 474029 59528->59532 59529 473c76 59533 474190 44 API calls 59529->59533 59534 473e7a 59530->59534 59535 473f31 59531->59535 59536 44d3b0 41 API calls 59532->59536 59537 473c7e 59533->59537 59538 4abbf5 _ValidateLocalCookies 5 API calls 59534->59538 59539 459790 41 API calls 59535->59539 59536->59525 59540 473d96 59537->59540 59545 4517f0 41 API calls 59537->59545 59541 4739cd 59538->59541 59544 473f5f 59539->59544 59542 473df6 59540->59542 59543 473d9c 59540->59543 59541->59428 59547 473e68 59542->59547 59551 44ca70 41 API calls 59542->59551 59546 44ca70 41 API calls 59543->59546 59548 454730 46 API calls 59544->59548 59549 473cae 59545->59549 59550 473dbc 59546->59550 59726 453fe0 41 API calls 59547->59726 59552 473f7a 59548->59552 59554 4543f0 46 API calls 59549->59554 59560 44d3b0 41 API calls 59550->59560 59551->59550 59556 473f8c 59552->59556 59557 4740c9 59552->59557 59555 473cc6 59554->59555 59558 459790 41 API calls 59555->59558 59561 44d060 39 API calls 59556->59561 59730 44d1a0 40 API calls 59557->59730 59562 473cf4 59558->59562 59560->59547 59564 473f9b 59561->59564 59565 454730 46 API calls 59562->59565 59563 4740d5 59731 4afa0c RaiseException 59563->59731 59567 4ad441 ___std_exception_destroy 14 API calls 59564->59567 59568 473d10 59565->59568 59570 473fc5 59567->59570 59571 4740a7 59568->59571 59572 473d22 59568->59572 59569 4740e6 59573 4ad441 ___std_exception_destroy 14 API calls 59570->59573 59728 44d1a0 40 API calls 59571->59728 59576 44d060 39 API calls 59572->59576 59575 473fe2 59573->59575 59578 44d060 39 API calls 59575->59578 59579 473d31 59576->59579 59577 4740b8 59729 4afa0c RaiseException 59577->59729 59581 473ff4 59578->59581 59582 4ad441 ___std_exception_destroy 14 API calls 59579->59582 59583 44d060 39 API calls 59581->59583 59584 473d5b 59582->59584 59583->59522 59585 4ad441 ___std_exception_destroy 14 API calls 59584->59585 59586 473d78 59585->59586 59587 44d060 39 API calls 59586->59587 59588 473d8a 59587->59588 59589 44d060 39 API calls 59588->59589 59589->59540 59661 4992a7 GetLastError 59590->59661 59595 474190 59596 4741a9 59595->59596 59602 4741ec 59595->59602 59713 475760 41 API calls 59596->59713 59599 47421b 59601 474243 59599->59601 59604 474389 59599->59604 59717 474d00 41 API calls 59599->59717 59718 474460 41 API calls 59599->59718 59600 4741ae 59600->59602 59714 475760 41 API calls 59600->59714 59601->59604 59607 474286 59601->59607 59608 474324 59601->59608 59609 4742c2 59601->59609 59610 4742ae 59601->59610 59611 474349 59601->59611 59612 4742d6 59601->59612 59613 474375 59601->59613 59614 474272 59601->59614 59615 47435f 59601->59615 59616 47425e 59601->59616 59617 4742fb 59601->59617 59618 47429a 59601->59618 59716 474460 41 API calls 59602->59716 59630 4abbf5 _ValidateLocalCookies 5 API calls 59604->59630 59605 4741bc 59626 4741d1 59605->59626 59715 475760 41 API calls 59605->59715 59624 4abbf5 _ValidateLocalCookies 5 API calls 59607->59624 59721 4744f0 41 API calls 59608->59721 59631 4abbf5 _ValidateLocalCookies 5 API calls 59609->59631 59629 4abbf5 _ValidateLocalCookies 5 API calls 59610->59629 59722 474e30 41 API calls _ValidateLocalCookies 59611->59722 59719 4744f0 41 API calls 59612->59719 59628 4abbf5 _ValidateLocalCookies 5 API calls 59613->59628 59623 4abbf5 _ValidateLocalCookies 5 API calls 59614->59623 59723 4745a0 44 API calls 2 library calls 59615->59723 59621 4abbf5 _ValidateLocalCookies 5 API calls 59616->59621 59720 4744f0 41 API calls 59617->59720 59627 4abbf5 _ValidateLocalCookies 5 API calls 59618->59627 59635 47426e 59621->59635 59637 474282 59623->59637 59638 474296 59624->59638 59642 4abbf5 _ValidateLocalCookies 5 API calls 59626->59642 59641 4742aa 59627->59641 59643 474385 59628->59643 59644 4742be 59629->59644 59645 4743a0 59630->59645 59646 4742d2 59631->59646 59633 474315 59648 4abbf5 _ValidateLocalCookies 5 API calls 59633->59648 59634 47433a 59650 4abbf5 _ValidateLocalCookies 5 API calls 59634->59650 59635->59513 59636 474350 59651 4abbf5 _ValidateLocalCookies 5 API calls 59636->59651 59637->59513 59638->59513 59639 474366 59652 4abbf5 _ValidateLocalCookies 5 API calls 59639->59652 59641->59513 59654 4741e8 59642->59654 59643->59513 59644->59513 59645->59513 59646->59513 59647 4742ec 59655 4abbf5 _ValidateLocalCookies 5 API calls 59647->59655 59657 474320 59648->59657 59658 474345 59650->59658 59659 47435b 59651->59659 59660 474371 59652->59660 59653 4741ca 59653->59602 59653->59626 59654->59513 59656 4742f7 59655->59656 59656->59513 59657->59513 59658->59513 59659->59513 59660->59513 59662 4992bd 59661->59662 59663 4992c3 59661->59663 59692 49cbd8 6 API calls std::_Lockit::_Lockit 59662->59692 59686 4992c7 SetLastError 59663->59686 59693 49cc17 6 API calls std::_Lockit::_Lockit 59663->59693 59666 4992df 59668 49c6a4 __Strcoll 14 API calls 59666->59668 59666->59686 59671 4992f4 59668->59671 59669 49935c 59698 498ca6 59669->59698 59670 494d1b 59688 49b0ec 59670->59688 59672 49930d 59671->59672 59673 4992fc 59671->59673 59695 49cc17 6 API calls std::_Lockit::_Lockit 59672->59695 59694 49cc17 6 API calls std::_Lockit::_Lockit 59673->59694 59678 49930a 59683 49c0bd __freea 14 API calls 59678->59683 59679 499319 59680 49931d 59679->59680 59681 499334 59679->59681 59696 49cc17 6 API calls std::_Lockit::_Lockit 59680->59696 59697 4990d5 14 API calls __Strcoll 59681->59697 59683->59686 59685 49933f 59687 49c0bd __freea 14 API calls 59685->59687 59686->59669 59686->59670 59687->59686 59689 49b0ff 59688->59689 59690 475b5c 59688->59690 59689->59690 59712 4a342d 39 API calls 4 library calls 59689->59712 59690->59595 59692->59663 59693->59666 59694->59678 59695->59679 59696->59678 59697->59685 59709 4a2af6 EnterCriticalSection LeaveCriticalSection __CreateFrameInfo 59698->59709 59700 498cab 59701 498cb6 59700->59701 59710 4a2b3b 39 API calls 6 library calls 59700->59710 59703 498cc0 IsProcessorFeaturePresent 59701->59703 59708 498cdf 59701->59708 59705 498ccc 59703->59705 59706 497b2d __CreateFrameInfo 8 API calls 59705->59706 59706->59708 59707 498ce9 59711 4a29d2 21 API calls __CreateFrameInfo 59708->59711 59709->59700 59710->59701 59711->59707 59712->59690 59713->59600 59714->59605 59715->59653 59716->59599 59717->59599 59718->59599 59719->59647 59720->59633 59721->59634 59722->59636 59723->59639 59724->59523 59725->59529 59726->59534 59727->59517 59728->59577 59729->59557 59730->59563 59731->59569 59733 44a9b5 59732->59733 59734 44a9bd 59732->59734 59758 451310 41 API calls 2 library calls 59733->59758 59736 44a9c5 59734->59736 59737 44a9fe 59734->59737 59748 458110 59736->59748 59759 4513c0 41 API calls 59737->59759 59739 44a9d6 59741 44d060 39 API calls 59739->59741 59743 44a9e8 59741->59743 59742 44aa14 59760 4511a0 41 API calls _ValidateLocalCookies 59742->59760 59743->59438 59745 44aa26 59761 4afa0c RaiseException 59745->59761 59747 44aa37 59755 458164 59748->59755 59749 4581c4 59751 4abc08 std::_Facet_Register 41 API calls 59749->59751 59750 4582a0 59762 4351b0 41 API calls 59750->59762 59753 4581e5 59751->59753 59756 44ca70 41 API calls 59753->59756 59755->59749 59755->59750 59757 4581a4 59755->59757 59756->59757 59757->59739 59758->59734 59759->59742 59760->59745 59761->59747 59763->59444 59764->59446 59765->59448 59766->59458 59767->59459 59770->59483 59771->59485 59772->59487 59773->59491 59774->59493 59775->59495 61928 44a0b0 61929 44a0bc 61928->61929 61930 44a0c7 61929->61930 61932 449e50 43 API calls 61929->61932 61931 44a0d4 61932->61931 61933 470ef0 61934 4385b0 51 API calls 61933->61934 61935 470f74 61934->61935 61936 4385b0 51 API calls 61935->61936 61938 4717ff 61936->61938 61937 471c5b 61939 4abbf5 _ValidateLocalCookies 5 API calls 61937->61939 61938->61937 61941 44e320 41 API calls 61938->61941 61940 471c72 61939->61940 61942 471873 61941->61942 61943 436ee0 47 API calls 61942->61943 61944 47188f 61943->61944 62018 4735e0 61944->62018 61947 44d060 39 API calls 61948 4718b3 61947->61948 61949 44cfd0 39 API calls 61948->61949 61950 4718d9 61949->61950 61951 481830 145 API calls 61950->61951 61952 4718e7 61951->61952 61953 471c37 61952->61953 61955 44cd00 41 API calls 61952->61955 61954 471c49 61953->61954 61956 44d060 39 API calls 61953->61956 61958 44d060 39 API calls 61954->61958 61957 471908 61955->61957 61956->61954 61959 44d3b0 41 API calls 61957->61959 61958->61937 61960 47194e 61959->61960 61961 4abc08 std::_Facet_Register 41 API calls 61960->61961 61962 471964 61961->61962 61963 44bad0 41 API calls 61962->61963 61964 471984 61963->61964 61965 4517f0 41 API calls 61964->61965 61966 4719d0 61965->61966 61967 44a980 41 API calls 61966->61967 61968 4719e0 61967->61968 61969 44d3b0 41 API calls 61968->61969 61970 471a2f 61969->61970 61970->61953 61971 471c9c 61970->61971 61972 4368a0 RaiseException 61971->61972 61973 471ca1 61972->61973 61974 44e320 41 API calls 61973->61974 61975 471d45 61974->61975 61976 436ee0 47 API calls 61975->61976 61977 471d61 61976->61977 61978 44cfd0 39 API calls 61977->61978 61979 471d88 61978->61979 61980 44eaf0 44 API calls 61979->61980 61981 472133 61980->61981 61982 437150 41 API calls 61981->61982 61983 47214e 61982->61983 61984 44cfd0 39 API calls 61983->61984 61985 472161 61984->61985 61986 44ba90 41 API calls 61985->61986 61987 472348 61986->61987 61988 45d680 44 API calls 61987->61988 61989 47238c 61988->61989 61990 437150 41 API calls 61989->61990 61991 4723c3 61990->61991 61992 481110 145 API calls 61991->61992 61993 4723d7 61992->61993 61994 44cfd0 39 API calls 61993->61994 61995 4723ea 61994->61995 61996 44cfd0 39 API calls 61995->61996 61997 4723fd 61996->61997 62022 449510 72 API calls 61997->62022 61999 4727e0 62000 472dc5 61999->62000 62023 4384a0 61999->62023 62003 438f80 39 API calls 62000->62003 62004 472de3 62003->62004 62006 44d060 39 API calls 62004->62006 62005 472e47 62007 4368a0 RaiseException 62005->62007 62008 472def 62006->62008 62009 472e4c 62007->62009 62011 44cfd0 39 API calls 62008->62011 62010 437c30 46 API calls 62009->62010 62012 472e60 62010->62012 62013 472e02 62011->62013 62014 44d060 39 API calls 62013->62014 62015 472e29 62014->62015 62016 4abbf5 _ValidateLocalCookies 5 API calls 62015->62016 62017 472e40 62016->62017 62019 47361a 62018->62019 62020 4740f0 44 API calls 62019->62020 62021 4718a1 62020->62021 62021->61947 62022->61999 62024 4385b0 51 API calls 62023->62024 62025 4384bc 62024->62025 62026 4384dc 62025->62026 62027 4384f7 62025->62027 62029 4abbf5 _ValidateLocalCookies 5 API calls 62026->62029 62028 437c30 46 API calls 62027->62028 62030 438505 62028->62030 62031 4384ed 62029->62031 62031->62000 62031->62005 62032 4865d0 62063 47fd70 62032->62063 62035 48689b 62070 47fb50 62035->62070 62039 48666c 62040 44e320 41 API calls 62039->62040 62044 4866cf 62040->62044 62045 44cfd0 39 API calls 62044->62045 62048 486715 GetVolumeInformationW 62045->62048 62049 44cfd0 39 API calls 62048->62049 62052 486778 __fread_nolock 62049->62052 62050 48677c 62051 4abbf5 _ValidateLocalCookies 5 API calls 62050->62051 62053 486894 62051->62053 62052->62050 62077 47b120 72 API calls 62052->62077 62055 4867c5 62078 47b1e0 70 API calls 62055->62078 62057 4867fa 62058 448cc0 41 API calls 62057->62058 62059 48680c 62058->62059 62060 44d060 39 API calls 62059->62060 62061 48686c 62060->62061 62062 447920 39 API calls 62061->62062 62062->62050 62064 47fe28 62063->62064 62067 47fe0c 62063->62067 62064->62067 62083 451cf0 41 API calls 2 library calls 62064->62083 62069 47ff2c 62067->62069 62079 4b8517 GetCurrentDirectoryW 62067->62079 62084 451cf0 41 API calls 2 library calls 62067->62084 62069->62035 62069->62039 62071 44ba90 41 API calls 62070->62071 62072 47fb9d 62071->62072 62085 437450 41 API calls 62072->62085 62074 47fbb5 62086 4afa0c RaiseException 62074->62086 62076 47fbc6 62077->62055 62078->62057 62080 4b852d 62079->62080 62081 4b8536 GetLastError 62079->62081 62080->62081 62082 4b8532 62080->62082 62081->62082 62082->62067 62083->62067 62084->62067 62085->62074 62086->62076 62087 4561bf 62088 4561cf 62087->62088 62089 451e50 41 API calls 62088->62089 62090 456200 62089->62090 62091 451e50 41 API calls 62090->62091 62091->62090 62092 4bb697 62097 4bb3a9 62092->62097 62095 4bb6d6 62103 4bb3d7 ___vcrt_FlsSetValue 62097->62103 62099 4bb602 62116 497d29 39 API calls __fread_nolock 62099->62116 62101 4bb532 62101->62095 62109 4bc8a4 62101->62109 62102 4bb527 62102->62101 62115 4950d4 14 API calls __Strcoll 62102->62115 62103->62102 62103->62103 62112 4a92c0 40 API calls 2 library calls 62103->62112 62105 4bb58f 62105->62102 62113 4a92c0 40 API calls 2 library calls 62105->62113 62107 4bb5ad 62107->62102 62114 4a92c0 40 API calls 2 library calls 62107->62114 62117 4bbeff 62109->62117 62112->62105 62113->62107 62114->62102 62115->62099 62116->62101 62120 4bbf0b ___scrt_is_nonwritable_in_current_image 62117->62120 62118 4bbf12 62175 4950d4 14 API calls __Strcoll 62118->62175 62120->62118 62122 4bbf3d 62120->62122 62121 4bbf17 62176 497d29 39 API calls __fread_nolock 62121->62176 62128 4bc57a 62122->62128 62127 4bbf21 62127->62095 62178 4bc2c8 62128->62178 62131 4bc5ac 62209 4950c1 14 API calls __Strcoll 62131->62209 62132 4bc5c5 62195 4a2f56 62132->62195 62135 4bc5b1 62210 4950d4 14 API calls __Strcoll 62135->62210 62137 4bc5ea 62208 4bc233 CreateFileW 62137->62208 62138 4bc5d3 62211 4950c1 14 API calls __Strcoll 62138->62211 62142 4bc5d8 62212 4950d4 14 API calls __Strcoll 62142->62212 62144 4bc6a0 GetFileType 62145 4bc6ab GetLastError 62144->62145 62146 4bc6f2 62144->62146 62215 49507a 14 API calls 2 library calls 62145->62215 62217 4a2e9e 15 API calls 3 library calls 62146->62217 62147 4bc675 GetLastError 62214 49507a 14 API calls 2 library calls 62147->62214 62149 4bc623 62149->62144 62149->62147 62213 4bc233 CreateFileW 62149->62213 62151 4bc6b9 CloseHandle 62151->62135 62153 4bc6e2 62151->62153 62216 4950d4 14 API calls __Strcoll 62153->62216 62155 4bc668 62155->62144 62155->62147 62157 4bc6e7 62157->62135 62158 4bc713 62159 4bc75f 62158->62159 62218 4bc442 73 API calls 4 library calls 62158->62218 62163 4bc766 62159->62163 62220 4bbfdd 73 API calls 4 library calls 62159->62220 62162 4bc794 62162->62163 62164 4bc7a2 62162->62164 62219 49c22b 42 API calls __wsopen_s 62163->62219 62166 4bbf61 62164->62166 62167 4bc81e CloseHandle 62164->62167 62177 4bbf94 LeaveCriticalSection __wsopen_s 62166->62177 62221 4bc233 CreateFileW 62167->62221 62169 4bc849 62170 4bc853 GetLastError 62169->62170 62171 4bc87f 62169->62171 62222 49507a 14 API calls 2 library calls 62170->62222 62171->62166 62173 4bc85f 62223 4a3069 15 API calls 3 library calls 62173->62223 62175->62121 62176->62127 62177->62127 62179 4bc2e9 62178->62179 62180 4bc303 62178->62180 62179->62180 62231 4950d4 14 API calls __Strcoll 62179->62231 62224 4bc258 62180->62224 62183 4bc2f8 62232 497d29 39 API calls __fread_nolock 62183->62232 62185 4bc33b 62186 4bc36a 62185->62186 62233 4950d4 14 API calls __Strcoll 62185->62233 62189 4bc3bd 62186->62189 62235 4ba591 39 API calls 2 library calls 62186->62235 62189->62131 62189->62132 62190 4bc35f 62234 497d29 39 API calls __fread_nolock 62190->62234 62191 4bc3b8 62191->62189 62193 497d56 __Getcoll 11 API calls 62191->62193 62194 4bc441 62193->62194 62196 4a2f62 ___scrt_is_nonwritable_in_current_image 62195->62196 62238 49b2e1 EnterCriticalSection 62196->62238 62198 4a2f69 62199 4a2f8e 62198->62199 62204 4a2ffd EnterCriticalSection 62198->62204 62206 4a2fb0 62198->62206 62201 4a2d2d __wsopen_s 15 API calls 62199->62201 62203 4a2f93 62201->62203 62203->62206 62242 4a2e7b EnterCriticalSection 62203->62242 62205 4a300a LeaveCriticalSection 62204->62205 62204->62206 62205->62198 62239 4a3060 62206->62239 62208->62149 62209->62135 62210->62166 62211->62142 62212->62135 62213->62155 62214->62135 62215->62151 62216->62157 62217->62158 62218->62159 62219->62166 62220->62162 62221->62169 62222->62173 62223->62171 62225 4bc270 62224->62225 62227 4bc28b 62225->62227 62236 4950d4 14 API calls __Strcoll 62225->62236 62227->62185 62228 4bc2af 62237 497d29 39 API calls __fread_nolock 62228->62237 62230 4bc2ba 62230->62185 62231->62183 62232->62180 62233->62190 62234->62186 62235->62191 62236->62228 62237->62230 62238->62198 62243 49b329 LeaveCriticalSection 62239->62243 62241 4a2fd0 62241->62137 62241->62138 62242->62206 62243->62241 62244 48db16 62245 48db1e 62244->62245 62246 48e1c0 46 API calls 62245->62246 62247 48db2a 62246->62247 62248 4abbf5 _ValidateLocalCookies 5 API calls 62247->62248 62249 48e0d0 62248->62249

                                                            Executed Functions

                                                            Function 00485F00 Relevance: 31.7, APIs: 21, Instructions: 205windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • KiUserCallbackDispatcher.NTDLL(0000004C), ref: 00485F72
                                                            • GetSystemMetrics.USER32(0000004D), ref: 00485F7C
                                                            • GetSystemMetrics.USER32(0000004E), ref: 00485F86
                                                            • GetSystemMetrics.USER32(0000004F), ref: 00485F90
                                                            • GetDC.USER32(00000000), ref: 00485F9A
                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 00485FAF
                                                            • GetDeviceCaps.GDI32(?,0000000A), ref: 00485FBB
                                                            • CreateCompatibleDC.GDI32(?), ref: 00485FC5
                                                            • CreateCompatibleBitmap.GDI32(?,00000000,00000000), ref: 00485FDA
                                                            • SelectObject.GDI32(?,00000000), ref: 00485FEE
                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,40CC0020), ref: 0048601D
                                                            • SHCreateMemStream.SHLWAPI(00000000,00000000), ref: 0048604F
                                                            • DeleteDC.GDI32(?), ref: 0048606E
                                                            • ReleaseDC.USER32(00000000,?), ref: 00486077
                                                            • DeleteObject.GDI32(?), ref: 00486083
                                                            • IStream_Size.SHLWAPI(?,?,?), ref: 004860F5
                                                            • IStream_Reset.SHLWAPI(?), ref: 00486104
                                                            • IStream_Read.SHLWAPI(?,00000000,?,?), ref: 0048611E
                                                            • DeleteDC.GDI32(?), ref: 00486175
                                                            • ReleaseDC.USER32(00000000,?), ref: 00486183
                                                            • DeleteObject.GDI32(?), ref: 0048618F
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Delete$CreateMetricsObjectStream_System$CapsCompatibleDeviceRelease$BitmapCallbackDispatcherReadResetSelectSizeStreamUser
                                                            • String ID:
                                                            • API String ID: 2798906502-0
                                                            • Opcode ID: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                                            • Instruction ID: 1540f068b23de5c11a4fec01122546931e44dbb37a8a944e45ab45a1281bc334
                                                            • Opcode Fuzzy Hash: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                                            • Instruction Fuzzy Hash: F4812971C01218AFDB11EB64DC49BEDBBB8EF09314F1041AAE509B7291DB742E84CF99
                                                            Function 00488400 Relevance: 27.7, APIs: 5, Strings: 10, Instructions: 1461COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 37 488400-488efa call 486990 call 4868b0 call 486c50 call 4863f0 call 4864e0 call 488190 call 486250 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 GlobalMemoryStatusEx call 4bcea0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 156 488f01-488f06 37->156 156->156 157 488f08-48908f call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 485f00 156->157 170 489091 157->170 171 489093-4890ec call 44e890 call 44ed10 157->171 170->171 176 4890f0-4890f5 171->176 176->176 177 4890f7-48945b call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 GetDesktopWindow GetWindowRect call 47fa30 * 2 call 44e220 call 48f1f0 call 44d060 * 3 call 44ed10 176->177 208 489462-489467 177->208 208->208 209 489469-489590 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 497ec8 call 4988eb call 498c76 208->209 228 489597-48959c 209->228 228->228 229 48959e-4897c4 call 4517f0 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 4ade50 GetModuleFileNameA 228->229 248 4897c7-4897cc 229->248 248->248 249 4897ce-48986b call 4517f0 call 44e890 call 44ed10 248->249 256 489870-489875 249->256 256->256 257 489877-489975 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 487780 256->257 274 489979-489bdc call 44e890 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 44e890 call 44ed10 257->274 275 489977 257->275 298 489be0-489be5 274->298 275->274 298->298 299 489be7-489c9a call 4517f0 call 44a980 call 44d3b0 call 44d060 298->299 308 489ca0-489dcd call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 299->308 309 489dd2-489e7d call 4517f0 call 44a980 call 44ca70 call 4517f0 call 44a980 299->309 330 489e83-489f21 call 44d3b0 call 44d060 * 7 call 4abbf5 308->330 309->330
                                                            APIs
                                                              • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000000,00000348,00000001), ref: 00486A68
                                                              • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000001,00000348,00000001), ref: 00486ABD
                                                              • Part of subcall function 004868B0: RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                              • Part of subcall function 004863F0: GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                                              • Part of subcall function 004864E0: GetComputerNameW.KERNEL32(?,?), ref: 00486554
                                                              • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                                              • Part of subcall function 0044BAD0: Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                                            • GlobalMemoryStatusEx.KERNEL32(?,00000003), ref: 00488A6C
                                                            • GetDesktopWindow.USER32 ref: 0048936A
                                                            • GetWindowRect.USER32(00000000), ref: 00489371
                                                            • _strftime.LIBCMT ref: 0048956B
                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,system,00000006), ref: 0048979A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Name$Concurrency::cancel_current_taskDevicesDisplayEnumWindow$ComputerDesktopFileGlobalMemoryModuleRectStatusUserValue_strftime
                                                            • String ID: %d-%m-%Y, %H:%M:%S$>wfw$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                            • API String ID: 3994675093-2215247992
                                                            • Opcode ID: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                                            • Instruction ID: 1ab1bce1cb2369babe93dc2c843a9f66333b387f055d73d8335e63cf3a34051b
                                                            • Opcode Fuzzy Hash: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                                            • Instruction Fuzzy Hash: FC037970C052A99BDB26DF28C8547DDBBB1AF19308F2482DEE44867242DB751F85CF92
                                                            Function 0047E240 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 199synchronizationCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000008,00000000,8047B0C5), ref: 0047E2A3
                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 0047E2AA
                                                            • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,00000004), ref: 0047E2CE
                                                            • CloseHandle.KERNEL32(00000000), ref: 0047E2F3
                                                            • ExitProcess.KERNEL32 ref: 0047E32D
                                                            • OpenMutexA.KERNEL32(001F0001,00000000,?), ref: 0047E411
                                                            • ExitProcess.KERNEL32 ref: 0047E420
                                                            • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0047E436
                                                            • ExitProcess.KERNEL32 ref: 0047E457
                                                            • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                            • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Process$ExitMutex$CloseHandleOpenToken$CreateCurrentInformationRelease
                                                            • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                            • API String ID: 1905835197-3768118664
                                                            • Opcode ID: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                                            • Instruction ID: e600725b129d9e3f70f3f4d3925b8df88ff981f4a24a656009bcaac003b6a44b
                                                            • Opcode Fuzzy Hash: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                                            • Instruction Fuzzy Hash: 80817F70D01258EFDB00EFE6D9457DDBBB4EF08308F10815EE51AA7281DB785A05DB69
                                                            Function 00446400 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 833libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1266 446400-44650e LoadLibraryA 1267 446514-446a39 GetProcAddress * 6 1266->1267 1268 44738b-447390 1266->1268 1269 447385 1267->1269 1270 446a3f-446a46 1267->1270 1271 447392-447395 1268->1271 1272 44739c-44739e 1268->1272 1269->1268 1270->1269 1273 446a4c-446a53 1270->1273 1271->1272 1274 4473a7-4473c4 call 4abbf5 1272->1274 1275 4473a0-4473a1 FreeLibrary 1272->1275 1273->1269 1276 446a59-446a60 1273->1276 1275->1274 1276->1269 1279 446a66-446a68 1276->1279 1279->1269 1281 446a6e-446a70 1279->1281 1281->1269 1282 446a76-446a84 1281->1282 1282->1269 1284 446a8a-446a95 1282->1284 1284->1269 1285 446a9b-446a9d 1284->1285 1286 446aa3-446aba 1285->1286 1288 447366-44737f 1286->1288 1289 446ac0-446ade 1286->1289 1288->1269 1288->1286 1289->1288 1291 446ae4-446aed 1289->1291 1292 447352-44735a 1291->1292 1293 446af3-446b06 1291->1293 1292->1288 1294 446b10-446b54 call 4abc08 1293->1294 1298 446d5e-446d62 1294->1298 1299 446b5a-446b5f 1294->1299 1300 446f6e-446f9d 1298->1300 1301 446d68-446d6d 1298->1301 1299->1298 1302 446b65-446c5d call 47a340 1299->1302 1309 4471c6-4471cd 1300->1309 1310 446fa3-446fae 1300->1310 1301->1300 1303 446d73-446e6b call 47a340 1301->1303 1311 446c60-446c65 1302->1311 1312 446e70-446e75 1303->1312 1313 447302-447340 call 452630 call 4abfa3 1309->1313 1314 4471d3-4472fc call 4517f0 call 44a980 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 46b040 call 44a850 call 44d3b0 1309->1314 1315 446fb4-446fb9 1310->1315 1316 4471bb-4471bd 1310->1316 1311->1311 1317 446c67-446d58 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 1311->1317 1312->1312 1320 446e77-446f68 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 1312->1320 1313->1294 1343 447346-44734c 1313->1343 1314->1313 1315->1316 1323 446fbf-4470ad call 47a340 1315->1323 1316->1309 1319 4471bf 1316->1319 1317->1298 1319->1309 1320->1300 1338 4470b7-4470bc 1323->1338 1338->1338 1339 4470be-4471b5 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 1338->1339 1339->1316 1343->1292
                                                            APIs
                                                            • LoadLibraryA.KERNEL32(?,8047B0C5), ref: 004464FE
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 0044664C
                                                            • GetProcAddress.KERNEL32(?,?), ref: 0044678C
                                                            • GetProcAddress.KERNEL32(?,?), ref: 00446831
                                                            • GetProcAddress.KERNEL32(?,?), ref: 004468D6
                                                            • GetProcAddress.KERNEL32(?,?), ref: 0044697B
                                                            • GetProcAddress.KERNEL32(?,?), ref: 00446A27
                                                            • FreeLibrary.KERNEL32(00000000), ref: 004473A1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AddressProc$Library$FreeLoad
                                                            • String ID: system$vault$!F
                                                            • API String ID: 2449869053-2452413646
                                                            • Opcode ID: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                                            • Instruction ID: b3fd50756066dde9c2bcdca3b11f87412f5b17b86e41c1a20d378922be8368ac
                                                            • Opcode Fuzzy Hash: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                                            • Instruction Fuzzy Hash: 2CA2DFB4D0426D8BDB25CFA8C884BEEBBB1BF59304F1081DAD948B7251DB385A85CF54
                                                            Function 00485840 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 364networkfileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1601 485840-485a7a 1602 485a84-485a89 1601->1602 1602->1602 1603 485a8b-485ac7 call 4517f0 InternetOpenA 1602->1603 1606 485ac9-485aeb 1603->1606 1607 485af0-485b0f 1603->1607 1608 485e01-485e2f call 44d060 call 4abbf5 1606->1608 1609 485b11 1607->1609 1610 485b13-485b37 InternetOpenUrlA 1607->1610 1609->1610 1611 485b39-485b58 1610->1611 1612 485b5d-485b87 HttpQueryInfoW 1610->1612 1615 485df4-485df8 1611->1615 1616 485b89-485ba8 1612->1616 1617 485bad-485c15 call 4ade50 HttpQueryInfoW 1612->1617 1615->1608 1619 485de9-485dee InternetCloseHandle 1616->1619 1623 485c46-485c57 InternetQueryDataAvailable 1617->1623 1624 485c17-485c2a call 4949e3 1617->1624 1619->1615 1625 485d8a-485de4 call 44d060 1623->1625 1626 485c5d-485c5f 1623->1626 1624->1623 1633 485c2c-485c40 call 4516d0 1624->1633 1625->1619 1628 485c60-485c6b 1626->1628 1631 485d81 1628->1631 1632 485c71-485ce8 call 465e90 call 4ade50 InternetReadFile 1628->1632 1635 485d84 1631->1635 1641 485cee-485cf3 1632->1641 1642 485d73-485d7f call 454ec0 1632->1642 1633->1623 1635->1625 1644 485d70 1641->1644 1645 485cf5-485d05 1641->1645 1642->1635 1644->1642 1647 485d31-485d3e call 4520f0 1645->1647 1648 485d07-485d2f call 4ad8d0 1645->1648 1652 485d43-485d63 call 454ec0 InternetQueryDataAvailable 1647->1652 1648->1652 1652->1635 1655 485d65-485d6b 1652->1655 1655->1628
                                                            APIs
                                                            • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00485AB8
                                                            • InternetOpenUrlA.WININET(00000000,?,?,00000000,84880100,00000000), ref: 00485B23
                                                            • HttpQueryInfoW.WININET(00000000,00000013,?,?,00000000), ref: 00485B7C
                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,00000040,00000000), ref: 00485C0D
                                                            • InternetQueryDataAvailable.WININET(00000000,?,00000000,00000000), ref: 00485C4F
                                                            • InternetReadFile.WININET(00000000,00000000,?,0B911A77), ref: 00485CE0
                                                            • InternetCloseHandle.WININET(00000000), ref: 00485DEE
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Internet$Query$HttpInfoOpen$AvailableCloseDataFileHandleRead
                                                            • String ID: dk{u
                                                            • API String ID: 1359475806-1025949191
                                                            • Opcode ID: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                                            • Instruction ID: 61ea4010c365d261526b7633df9a1f3866779007c1279ae13805143fd257e1b9
                                                            • Opcode Fuzzy Hash: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                                            • Instruction Fuzzy Hash: 320203B0D057599BDB20CFA4C944BDDBBB5BF19304F20819AE848BB241EB746A84CF95
                                                            Function 004B8545 Relevance: 15.2, APIs: 10, Instructions: 200fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1656 4b8545-4b857a 1657 4b858d-4b8596 1656->1657 1658 4b857c-4b8583 1656->1658 1660 4b8598-4b859b 1657->1660 1661 4b85b0-4b85b2 1657->1661 1658->1657 1659 4b8585-4b8588 1658->1659 1662 4b87a0-4b87ae call 4abbf5 1659->1662 1660->1661 1663 4b859d-4b85a4 1660->1663 1664 4b85b8-4b85bb 1661->1664 1665 4b879e 1661->1665 1666 4b85aa-4b85ad 1663->1666 1667 4b85a6-4b85a8 1663->1667 1668 4b85c1-4b85c4 1664->1668 1669 4b86b4-4b86e1 call 4b8827 1664->1669 1665->1662 1666->1661 1667->1661 1667->1666 1672 4b85d6-4b85e5 GetFileAttributesExW 1668->1672 1673 4b85c6-4b85cc 1668->1673 1680 4b86ea-4b86ed 1669->1680 1681 4b86e3-4b86e5 1669->1681 1677 4b864d-4b8668 1672->1677 1678 4b85e7-4b85f0 GetLastError 1672->1678 1673->1672 1676 4b85ce-4b85d0 1673->1676 1676->1669 1676->1672 1679 4b866e-4b8676 1677->1679 1678->1662 1682 4b85f6-4b8607 FindFirstFileW 1678->1682 1683 4b8678-4b867f 1679->1683 1684 4b8681-4b86a8 1679->1684 1686 4b86ef-4b8700 GetFileInformationByHandleEx 1680->1686 1687 4b875c-4b875f 1680->1687 1685 4b8794-4b879c call 4b830c 1681->1685 1688 4b8609-4b860f GetLastError 1682->1688 1689 4b8614-4b864b FindClose 1682->1689 1683->1684 1690 4b86ae 1683->1690 1684->1665 1684->1690 1685->1662 1694 4b870f-4b872a 1686->1694 1695 4b8702-4b870a GetLastError 1686->1695 1691 4b8789-4b878b 1687->1691 1692 4b8761-4b8772 GetFileInformationByHandleEx 1687->1692 1688->1662 1689->1679 1690->1669 1697 4b878d-4b878f 1691->1697 1698 4b8791-4b8793 1691->1698 1692->1695 1696 4b8774-4b8786 1692->1696 1694->1687 1700 4b872c-4b8732 1694->1700 1695->1685 1696->1691 1697->1685 1698->1685 1701 4b8755 1700->1701 1702 4b8734-4b8748 GetFileInformationByHandleEx 1700->1702 1704 4b8759 1701->1704 1702->1695 1703 4b874a-4b8753 1702->1703 1703->1704 1704->1687
                                                            APIs
                                                            • GetFileAttributesExW.KERNEL32(000000FF,00000000,?,00000001,?,?), ref: 004B85DD
                                                            • GetLastError.KERNEL32 ref: 004B85E7
                                                            • FindFirstFileW.KERNEL32(000000FF,?), ref: 004B85FE
                                                            • GetLastError.KERNEL32 ref: 004B8609
                                                            • FindClose.KERNEL32(00000000), ref: 004B8615
                                                            • ___std_fs_open_handle@16.LIBCPMT ref: 004B86CE
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorFileFindLast$AttributesCloseFirst___std_fs_open_handle@16
                                                            • String ID:
                                                            • API String ID: 2340820627-0
                                                            • Opcode ID: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                                            • Instruction ID: b482ff722bd6c6e5562e69f300935f677b27db246a655513dfd80cbad8c50a56
                                                            • Opcode Fuzzy Hash: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                                            • Instruction Fuzzy Hash: 6271A174A01619AFCB60CF28DC84BEAB7B8BF15314F24466AE854E3380DF389D41CB65
                                                            Function 0048CB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2024 48cb50-48cbae 2025 48cbb0-48cbb9 2024->2025 2025->2025 2026 48cbbb-48cbd0 GetCurrentProcess OpenProcessToken 2025->2026 2027 48cc1d 2026->2027 2028 48cbd2-48cbe7 LookupPrivilegeValueW 2026->2028 2030 48cc1f-48cc2b 2027->2030 2028->2027 2029 48cbe9-48cc1b AdjustTokenPrivileges 2028->2029 2029->2030 2031 48cc2d-48cc34 CloseHandle 2030->2031 2032 48cc37-48cc54 call 4abbf5 2030->2032 2031->2032
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(00000028,8047B0C5,8047B0C5,00000000,00000000), ref: 0048CBC1
                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 0048CBC8
                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 0048CBDF
                                                            • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000), ref: 0048CC10
                                                            • CloseHandle.KERNEL32(00000000), ref: 0048CC2E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                            • String ID: SeDebugPrivilege
                                                            • API String ID: 3038321057-2896544425
                                                            • Opcode ID: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                                            • Instruction ID: c2b5bf8999928723eaabf61e86e1a0babf1022b92d12b441156265fc3f808218
                                                            • Opcode Fuzzy Hash: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                                            • Instruction Fuzzy Hash: 4631A471D01208AFDB10DFA5DD85BEEBBB8EB09710F14422BE911B7280DB745A44CBB5
                                                            Function 004402D0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 333fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004403C0
                                                            • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileFind$FirstNext
                                                            • String ID: Grabber$content$filename
                                                            • API String ID: 1690352074-1559270721
                                                            • Opcode ID: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                                            • Instruction ID: 3fd07a7a2c97014430c74f1e6d5836f1a3ad12268408335d8deab24a75892f91
                                                            • Opcode Fuzzy Hash: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                                            • Instruction Fuzzy Hash: 2BD1D430D01249DBEB15EB64CD457EEBBB4AF21308F1440AEE505A7292DB785F48CB96
                                                            Function 004473D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 301processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8047B0C5), ref: 0044741C
                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 004475CD
                                                            • CloseHandle.KERNEL32(?), ref: 004478D2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                            • String ID: [PID:
                                                            • API String ID: 420147892-2210602247
                                                            • Opcode ID: cefa39f860a061b5cdc928b49f93e6ea5fa11b751c85222641e7e19468bf29e5
                                                            • Instruction ID: 3632983ffbfa210010dfb9a713b5006bf5dbac80d679a8e5b8b4f374b17b9b69
                                                            • Opcode Fuzzy Hash: cefa39f860a061b5cdc928b49f93e6ea5fa11b751c85222641e7e19468bf29e5
                                                            • Instruction Fuzzy Hash: 0AE14770D112689BDB2ADF24CC807AEBBB9BF59304F1481D9E84867251DB346F89CF45
                                                            Function 00485350 Relevance: 6.3, APIs: 4, Instructions: 316networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                            • recv.WS2_32(?,00000001,00000000), ref: 004857E2
                                                            • closesocket.WS2_32(00000268), ref: 004857EE
                                                            • WSACleanup.WS2_32 ref: 004857F4
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: recv$Cleanupclosesocket
                                                            • String ID:
                                                            • API String ID: 146070474-0
                                                            • Opcode ID: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                                            • Instruction ID: ea48c0c3f42896101b1dfecbe024c21eb3956ad5c3a4809403442742827d540a
                                                            • Opcode Fuzzy Hash: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                                            • Instruction Fuzzy Hash: 4CE19C70D01298DEDB14EB64CC49BDEBBB2BF14308F1041DAE449AB292DB745E88DF95
                                                            Function 00487780 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 515timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetTimeZoneInformation.KERNEL32(?,8047B0C5,00000000,000000BF), ref: 00487C87
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InformationTimeZone
                                                            • String ID: @Zb=$[UTC
                                                            • API String ID: 565725191-730387550
                                                            • Opcode ID: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                                            • Instruction ID: 6d71337f0f8cf227c7c56c381cd8fae4285dcd83216f0cb77706b7edbf0b928b
                                                            • Opcode Fuzzy Hash: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                                            • Instruction Fuzzy Hash: E0520270D052688BDB25CF28CC947DDBBB1BF59304F1082DAD949AB281DB756B85CF84
                                                            Function 004A1074 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0049C0BD: RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                                              • Part of subcall function 0049C0BD: GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                                            • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorFreeHeapInformationLastTimeZone
                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                            • API String ID: 3335090040-239921721
                                                            • Opcode ID: ad663869331fc52042eea7bfe790139a2e80b582501180bae3c234ee24cd9100
                                                            • Instruction ID: 53762b2ebd1cb462dfa51e434dc7c6f7f2cc61e8d19f93444a713380c049c16d
                                                            • Opcode Fuzzy Hash: ad663869331fc52042eea7bfe790139a2e80b582501180bae3c234ee24cd9100
                                                            • Instruction Fuzzy Hash: 73410871C00224ABDB10AF76DC45A9F7BB8EF6A754F10415BF510EB2A1E7349D04DB98
                                                            Function 004B84C0 Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • FindClose.KERNEL32(000000FF,?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,8047B0C5,00000001), ref: 004B84CC
                                                            • FindFirstFileExW.KERNEL32(000000FF,00000001,8047B0C5,00000000,00000000,00000000,00000001,00000001,?,?,004B84EE,00000001,?,?,00437D69,?), ref: 004B84FB
                                                            • GetLastError.KERNEL32(?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,8047B0C5,00000001), ref: 004B850D
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Find$CloseErrorFileFirstLast
                                                            • String ID:
                                                            • API String ID: 4020440971-0
                                                            • Opcode ID: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                                            • Instruction ID: a5a0d7868366c0cca89b591e166bcddb9b03d08ebbd2c2fb18ba3c3c76c3338f
                                                            • Opcode Fuzzy Hash: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                                            • Instruction Fuzzy Hash: 0AF03071001109BFDB216FA4EC08AAA7B9DEB14360B10862ABD28C55A0EA359961DB79
                                                            Function 004479C0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 647COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00487290: RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,8047B0C5,?,0051C288), ref: 0048735B
                                                              • Part of subcall function 00487290: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                                              • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8047B0C5,0051C570,0051C2A0), ref: 00487182
                                                              • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004487A3
                                                              • Part of subcall function 004870B0: RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Open$CloseEnumIos_base_dtorQueryValuestd::ios_base::_
                                                            • String ID: 0hC
                                                            • API String ID: 3553622603-2581318919
                                                            • Opcode ID: ade7bf363ed15e6875cf1af1c8a60079e7d2754fd8a921585c80e4634e37238f
                                                            • Instruction ID: d381e0b8d15ce89c3a027b92e8a5ae116750b180a2e65f5cba22683de7249f8f
                                                            • Opcode Fuzzy Hash: ade7bf363ed15e6875cf1af1c8a60079e7d2754fd8a921585c80e4634e37238f
                                                            • Instruction Fuzzy Hash: EA82CEB4E152688FEB25CF18C8957DDBBB0BF5A304F5082DAD98DA7241DB305A85CF81
                                                            Function 0047A610 Relevance: 3.1, APIs: 2, Instructions: 119encryptionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                                            • LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CryptDataFreeLocalUnprotect
                                                            • String ID:
                                                            • API String ID: 1561624719-0
                                                            • Opcode ID: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                                            • Instruction ID: 0fc5e8941a16b16f9458543aa06cdc6e77fe0ca1878954e15eaf8ff6be4b297f
                                                            • Opcode Fuzzy Hash: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                                            • Instruction Fuzzy Hash: 86518B70C00249EBEB00DFA5D845BDEFBB4FF54708F14821AE81477281D7B96A98CBA5
                                                            Function 00487550 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDriveStringsW.KERNEL32(00000104,?,8047B0C5), ref: 00487605
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: DriveLogicalStrings
                                                            • String ID:
                                                            • API String ID: 2022863570-0
                                                            • Opcode ID: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                                            • Instruction ID: 0be71067b94349f3b163f10fc7865c9901b3f86c171c2f757c76e38bbf7f7ec5
                                                            • Opcode Fuzzy Hash: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                                            • Instruction Fuzzy Hash: 3351BD70C05318DBDB20DF64D85979EB7B0EF18304F1082DED409A7291EBB86A88CB95
                                                            Function 004863F0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: NameUser
                                                            • String ID:
                                                            • API String ID: 2645101109-0
                                                            • Opcode ID: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                                            • Instruction ID: 991b9e5c4f1dd7985d860474454b41f109cd49006b683c09ab2e27c6457cb47f
                                                            • Opcode Fuzzy Hash: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                                            • Instruction Fuzzy Hash: AF217FB0D043189BD721DF15C844B9ABBF4FB08714F0046AEE84997380DBB9A6849BE5
                                                            Function 00486C50 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: cores
                                                            • API String ID: 0-2370456839
                                                            • Opcode ID: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                                            • Instruction ID: e3a9e89045bf121aadbf864e887aeb25ba0c58f762de233e8adf5c73134b1a6d
                                                            • Opcode Fuzzy Hash: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                                            • Instruction Fuzzy Hash: 2B916871D003599BDB00CFA8C9547EEFBB4FF59304F14825AE404BB292EBB56A84CB91
                                                            Function 00480C80 Relevance: 19.8, APIs: 13, Instructions: 258windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1396 480c80-480cd2 call 4808f0 1399 480d19 1396->1399 1400 480cd4-480ce1 EnterCriticalSection 1396->1400 1403 480d1e-480d3e call 4abbf5 1399->1403 1401 480d41-480d58 LeaveCriticalSection GdipGetImageEncodersSize 1400->1401 1402 480ce3-480d10 GdiplusStartup 1400->1402 1401->1399 1406 480d5a-480d6e 1401->1406 1402->1401 1404 480d12-480d13 LeaveCriticalSection 1402->1404 1404->1399 1408 480d8a-480d91 1406->1408 1409 480d70-480d77 call 480510 1406->1409 1410 480f79-480f83 call 4805d0 1408->1410 1411 480d97-480da5 call 497e9c 1408->1411 1416 480d79-480d85 call 4ac9f0 1409->1416 1417 480d87 1409->1417 1421 480db5 1411->1421 1422 480da7-480db2 1411->1422 1424 480db8-480dbd 1416->1424 1417->1408 1421->1424 1422->1421 1425 480dc9-480dd6 GdipGetImageEncoders 1424->1425 1426 480dbf-480dc4 1424->1426 1428 480f39-480f3e 1425->1428 1429 480ddc-480de2 1425->1429 1427 480f54-480f5d 1426->1427 1430 480f5f 1427->1430 1431 480f72-480f74 1427->1431 1428->1427 1432 480e32 1429->1432 1433 480de4-480ded 1429->1433 1434 480f60-480f70 call 497357 1430->1434 1431->1403 1435 480e39-480e4a 1432->1435 1436 480df0-480dfa 1433->1436 1434->1431 1439 480e50-480e54 1435->1439 1437 480e00-480e04 1436->1437 1440 480e1d-480e30 1437->1440 1441 480e06-480e0f 1437->1441 1443 480e6b-480e80 1439->1443 1444 480e56-480e5f 1439->1444 1440->1432 1440->1436 1441->1437 1445 480e11-480e1b 1441->1445 1447 480ee1-480f22 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 1443->1447 1448 480e82-480ed8 GdipCreateBitmapFromScan0 GdipSaveImageToStream 1443->1448 1444->1439 1446 480e61-480e66 1444->1446 1445->1435 1446->1427 1451 480f40-480f52 GdipDisposeImage 1447->1451 1452 480f24 1447->1452 1449 480eda-480edd 1448->1449 1450 480edf 1448->1450 1453 480f27-480f33 GdipDisposeImage 1449->1453 1450->1451 1451->1427 1452->1453 1453->1428
                                                            APIs
                                                              • Part of subcall function 004808F0: InitializeCriticalSectionEx.KERNEL32(0051C7AC,00000000,00000000), ref: 0048096F
                                                              • Part of subcall function 004808F0: GetLastError.KERNEL32 ref: 00480979
                                                            • EnterCriticalSection.KERNEL32(00000004,8047B0C5,?,?), ref: 00480CD8
                                                            • GdiplusStartup.GDIPLUS(00000000,00000001,?), ref: 00480D08
                                                            • LeaveCriticalSection.KERNEL32(00000004), ref: 00480D13
                                                            • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00480D42
                                                            • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00480D50
                                                            • __alloca_probe_16.LIBCMT ref: 00480D7E
                                                            • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00480DCE
                                                            • GdipCreateBitmapFromScan0.GDIPLUS(?,?,?,0026200A,?,?), ref: 00480EB3
                                                            • GdipSaveImageToStream.GDIPLUS(00000000,?,?,00000000), ref: 00480ED0
                                                            • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F33
                                                            • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F4C
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream__alloca_probe_16
                                                            • String ID:
                                                            • API String ID: 1308617310-0
                                                            • Opcode ID: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                                            • Instruction ID: f4feccb951fe1b922ecb3dfaf5b8302156747445c0b76c240fb24b0f4f51c94e
                                                            • Opcode Fuzzy Hash: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                                            • Instruction Fuzzy Hash: D1A165B1D10208DFDB50DFA4C984BAEBBF4FF49314F24452AE905A7340D778A949CBA9
                                                            Function 00481B10 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 293networkCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1454 481b10-481c8d call 485e30 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 WSAStartup 1473 481de1 1454->1473 1474 481c93-481ca6 socket 1454->1474 1477 481de5-481e14 call 44d060 call 4abbf5 1473->1477 1475 481ddb WSACleanup 1474->1475 1476 481cac-481cde htons 1474->1476 1475->1473 1479 481e34-481ea7 call 480f90 call 44cfd0 * 2 call 480f90 1476->1479 1480 481ce4-481ceb 1476->1480 1507 481eac-481efd call 44cfd0 * 2 1479->1507 1483 481ced-481cf1 1480->1483 1484 481cf3-481cf5 1480->1484 1485 481cf7-481cfc 1483->1485 1484->1485 1488 481d18-481d1e 1485->1488 1489 481cfe 1485->1489 1493 481d20 1488->1493 1494 481d22-481d36 call 473550 1488->1494 1492 481d00-481d0e call 498020 1489->1492 1503 481d10-481d13 1492->1503 1504 481d15 1492->1504 1493->1494 1505 481d38-481d44 1494->1505 1506 481d46-481d53 1494->1506 1503->1492 1503->1504 1504->1488 1508 481d55 1505->1508 1506->1508 1509 481d57-481d5c 1506->1509 1507->1477 1508->1509 1510 481d5e 1509->1510 1511 481d81-481d96 call 473550 1509->1511 1513 481d61-481d75 call 498020 1510->1513 1521 481d98 1511->1521 1522 481d9a-481dbe inet_pton connect 1511->1522 1523 481d7e 1513->1523 1524 481d77-481d7c 1513->1524 1521->1522 1525 481dc0-481dc9 1522->1525 1526 481e15-481e1b 1522->1526 1523->1511 1524->1513 1524->1523 1525->1480 1528 481dcf-481dd5 closesocket 1525->1528 1526->1479 1527 481e1d-481e24 1526->1527 1529 481e28-481e2f call 44d7d0 1527->1529 1530 481e26 1527->1530 1528->1475 1529->1479 1530->1529
                                                            APIs
                                                              • Part of subcall function 00485E30: GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                                              • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                                              • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                                            • WSAStartup.WS2_32(00000202,00516D04), ref: 00481C85
                                                            • socket.WS2_32(00000002,00000001,00000000), ref: 00481C98
                                                            • htons.WS2_32(00000002), ref: 00481CBF
                                                            • inet_pton.WS2_32(00000002,014BDCE8,00516E98), ref: 00481DA2
                                                            • connect.WS2_32(00516E94,00000010), ref: 00481DB5
                                                            • closesocket.WS2_32 ref: 00481DD5
                                                            • WSACleanup.WS2_32 ref: 00481DDB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                            • String ID: 66.63.187.173$NG$geo$system
                                                            • API String ID: 213021568-1796492518
                                                            • Opcode ID: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                                            • Instruction ID: a79096e42c26a1a604384fcb43a931ed9af1c00745f33276f8ffcea807cfd111
                                                            • Opcode Fuzzy Hash: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                                            • Instruction Fuzzy Hash: 1DC1AE70D01248DBDB00EFA8C8457DEBBB5FF15308F14421BE854AB391EBB86A85CB95
                                                            Function 004BC57A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1532 4bc57a-4bc5aa call 4bc2c8 1535 4bc5ac-4bc5b7 call 4950c1 1532->1535 1536 4bc5c5-4bc5d1 call 4a2f56 1532->1536 1543 4bc5b9-4bc5c0 call 4950d4 1535->1543 1541 4bc5ea-4bc633 call 4bc233 1536->1541 1542 4bc5d3-4bc5e8 call 4950c1 call 4950d4 1536->1542 1551 4bc6a0-4bc6a9 GetFileType 1541->1551 1552 4bc635-4bc63e 1541->1552 1542->1543 1553 4bc89f-4bc8a3 1543->1553 1554 4bc6ab-4bc6dc GetLastError call 49507a CloseHandle 1551->1554 1555 4bc6f2-4bc6f5 1551->1555 1557 4bc640-4bc644 1552->1557 1558 4bc675-4bc69b GetLastError call 49507a 1552->1558 1554->1543 1569 4bc6e2-4bc6ed call 4950d4 1554->1569 1560 4bc6fe-4bc704 1555->1560 1561 4bc6f7-4bc6fc 1555->1561 1557->1558 1562 4bc646-4bc673 call 4bc233 1557->1562 1558->1543 1565 4bc708-4bc756 call 4a2e9e 1560->1565 1566 4bc706 1560->1566 1561->1565 1562->1551 1562->1558 1575 4bc758-4bc764 call 4bc442 1565->1575 1576 4bc775-4bc79d call 4bbfdd 1565->1576 1566->1565 1569->1543 1575->1576 1581 4bc766 1575->1581 1582 4bc79f-4bc7a0 1576->1582 1583 4bc7a2-4bc7e3 1576->1583 1584 4bc768-4bc770 call 49c22b 1581->1584 1582->1584 1585 4bc7e5-4bc7e9 1583->1585 1586 4bc804-4bc812 1583->1586 1584->1553 1585->1586 1588 4bc7eb-4bc7ff 1585->1588 1589 4bc818-4bc81c 1586->1589 1590 4bc89d 1586->1590 1588->1586 1589->1590 1592 4bc81e-4bc851 CloseHandle call 4bc233 1589->1592 1590->1553 1595 4bc853-4bc87f GetLastError call 49507a call 4a3069 1592->1595 1596 4bc885-4bc899 1592->1596 1595->1596 1596->1590
                                                            APIs
                                                              • Part of subcall function 004BC233: CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                                            • GetLastError.KERNEL32 ref: 004BC68E
                                                            • __dosmaperr.LIBCMT ref: 004BC695
                                                            • GetFileType.KERNEL32(00000000), ref: 004BC6A1
                                                            • GetLastError.KERNEL32 ref: 004BC6AB
                                                            • __dosmaperr.LIBCMT ref: 004BC6B4
                                                            • CloseHandle.KERNEL32(00000000), ref: 004BC6D4
                                                            • CloseHandle.KERNEL32(004BB653), ref: 004BC821
                                                            • GetLastError.KERNEL32 ref: 004BC853
                                                            • __dosmaperr.LIBCMT ref: 004BC85A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                            • String ID: H
                                                            • API String ID: 4237864984-2852464175
                                                            • Opcode ID: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                                            • Instruction ID: e4caf95108e2d56c13f9780512823c5111e6df0be3dd416bceb2684eca6e9c1f
                                                            • Opcode Fuzzy Hash: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                                            • Instruction Fuzzy Hash: 65A13632A041549FCF19AF68DCD1BEE3BA1AB46314F14015FF8119F391CB798906CBA9
                                                            Function 00481110 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 526fileCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1752 481110-481191 call 4385b0 1755 4817e2-4817e4 1752->1755 1756 481197-48119f 1752->1756 1757 48181b-48188f call 437c30 call 481110 1755->1757 1758 4817e6-4817f1 1755->1758 1756->1758 1759 4811a5-4811fd call 4ade50 call 44ee20 1756->1759 1774 48191f-481927 1757->1774 1775 481895-4818aa call 44e890 1757->1775 1760 4817fb-48181a call 4abbf5 1758->1760 1772 481551-481589 call 466040 call 465f20 1759->1772 1773 481203-481209 1759->1773 1795 48158b-48159a call 4516d0 1772->1795 1796 4815a2-481625 call 466040 call 48fa10 1772->1796 1777 48120b 1773->1777 1778 48120d-48122d call 489f30 call 48a0a0 1773->1778 1782 48192e-481939 1774->1782 1784 4818af-48191d call 44d060 1775->1784 1777->1778 1798 4812f9-481312 GetFileSize 1778->1798 1799 481233-4812f4 call 44d060 call 44a340 call 4b94ea 1778->1799 1786 48193b-48193e call 44d060 1782->1786 1787 481943-481961 call 4abbf5 1782->1787 1784->1782 1786->1787 1803 48159f 1795->1803 1819 48163b-48164b call 48fab0 1796->1819 1820 481627-481639 1796->1820 1804 481328-48133a 1798->1804 1805 481314-481326 1798->1805 1799->1760 1803->1796 1809 481368-481375 call 451f90 1804->1809 1810 48133c-481366 call 4ade50 1804->1810 1808 48137a-4813ac SetFilePointer ReadFile 1805->1808 1814 48149f-481542 call 44d060 call 44a340 1808->1814 1815 4813b2-481490 call 44d060 call 44a340 1808->1815 1809->1808 1810->1808 1814->1772 1815->1814 1822 481650-48165a 1819->1822 1820->1822 1827 48165c-481680 1822->1827 1828 481682-481693 call 44d7d0 1822->1828 1833 481698-48169f call 44d060 1827->1833 1828->1833 1840 4816a4-4816d5 call 436640 call 44c7a0 1833->1840 1846 481700-4817d3 call 44d060 call 44a340 1840->1846 1847 4816d7-4816fb call 436640 1840->1847 1846->1755 1847->1846
                                                            APIs
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004812EC
                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,000000B8), ref: 004812FC
                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00481388
                                                            • ReadFile.KERNEL32(00000000,00000000,00516C10,00000000,00000000), ref: 004813A4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: File$Ios_base_dtorPointerReadSizestd::ios_base::_
                                                            • String ID: 0hC$exists
                                                            • API String ID: 418202444-4085241440
                                                            • Opcode ID: 484f58a7a18a46d98bb1edb3502d40a625e7069bcaa41c24cad3f5034e0e3b9d
                                                            • Instruction ID: 03b619e30c80654d4b10cf1501dd509fce63877f60a48615618d7203a258c35b
                                                            • Opcode Fuzzy Hash: 484f58a7a18a46d98bb1edb3502d40a625e7069bcaa41c24cad3f5034e0e3b9d
                                                            • Instruction Fuzzy Hash: 3E425D70D01248DFDB10DFA9C9447DDBBF4BF19308F10819AE849A7291DB746A89CF95
                                                            Function 00453280 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 340COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00453446
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00453463
                                                              • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,8047B0C5), ref: 004AFA6C
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 004536B0
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 004536CD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_destroy$ExceptionRaise
                                                            • String ID: MC$value
                                                            • API String ID: 299339551-3840657116
                                                            • Opcode ID: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                                            • Instruction ID: 0b049260404a019bd3923239173dd3b15bf9369a861e2bc94eedd162a5d5976f
                                                            • Opcode Fuzzy Hash: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                                            • Instruction Fuzzy Hash: 1EF16B70C05298DEEB20DB65C954BDEFBB4AF19304F1481DED84963282E7746B88CF96
                                                            Function 004823F0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 280COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                            • String ID: 0$0hC$encrypted_key$exists$os_crypt
                                                            • API String ID: 323602529-3393968299
                                                            • Opcode ID: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                                            • Instruction ID: 8ad686ceee80f5ac92384c61aa111afe13dce58c6585d204e44adfbc4e8d440e
                                                            • Opcode Fuzzy Hash: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                                            • Instruction Fuzzy Hash: 81D18070D0528CDAEB10DBA8CA45BDCBBF4AF19308F2440DDE4456B282DBB95F48DB56
                                                            Function 0049EF0E Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccfc0c2450c919e5ca8e87a3f3fa153f15bbe28b91ce2660b0eab54348b933ba
                                                            • Instruction ID: af9c87e70908a1ee06dfbc346dd9d7a470d4d3b04964572cafa80a59c2292356
                                                            • Opcode Fuzzy Hash: ccfc0c2450c919e5ca8e87a3f3fa153f15bbe28b91ce2660b0eab54348b933ba
                                                            • Instruction Fuzzy Hash: ACB13274A04249EFEF11CF99C841BAE7FB1AF46304F14417AE5009B392C7B99D4ACB99
                                                            Function 0049865A Relevance: 9.3, APIs: 6, Instructions: 265COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __allrem.LIBCMT ref: 004987E2
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004987FE
                                                            • __allrem.LIBCMT ref: 00498815
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498833
                                                            • __allrem.LIBCMT ref: 0049884A
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498868
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                            • String ID:
                                                            • API String ID: 1992179935-0
                                                            • Opcode ID: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                                            • Instruction ID: bac2f8d64b4771d1480d5067db4f3a3676e567bfb19d99c183f063f20f68270c
                                                            • Opcode Fuzzy Hash: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                                            • Instruction Fuzzy Hash: A68107B26007069BDB20EA6DCC41B5B7BE9AF52364F24453FF111DB791EB78D9008B98
                                                            Function 00481F10 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 282COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D726
                                                              • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D750
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00482387
                                                              • Part of subcall function 0043E440: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043E4CF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Ios_base_dtor___std_fs_convert_narrow_to_wide@20std::ios_base::_
                                                            • String ID: 0hC$Local State$exists$os_crypt
                                                            • API String ID: 1525435645-426690132
                                                            • Opcode ID: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                                            • Instruction ID: 349907f898d0770bf1c6c6bee16b757a414fbaa0545e2b95a55e182eb82389be
                                                            • Opcode Fuzzy Hash: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                                            • Instruction Fuzzy Hash: 1ED19F70D0528CDAEB10DBA8CA45BDCBBF0AF19308F2480DDD4456B282D7B95F58DB56
                                                            Function 004865D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 230registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0047FD70: ___std_fs_get_current_path@8.LIBCPMT ref: 0047FE92
                                                            • GetVolumeInformationW.KERNEL32(?,?,00000100,?,?,?,?,00000100,00000000,?,8047B0C5,?,?), ref: 00486757
                                                            • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                            Strings
                                                            • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                                            • ProductName, xrefs: 00486900
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InformationValueVolume___std_fs_get_current_path@8
                                                            • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                            • API String ID: 2814272438-1787575317
                                                            • Opcode ID: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                                            • Instruction ID: 5513a57b40c567382305f19abecc614c7fb65df7785b10e0462d816fc7d7abf5
                                                            • Opcode Fuzzy Hash: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                                            • Instruction Fuzzy Hash: DFA18BB1C012199BDB21DF55CD59BE9B7B4FF14304F1042EAE419A7281EB786B88CF94
                                                            Function 004A0DE2 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InformationTimeZone
                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                            • API String ID: 565725191-239921721
                                                            • Opcode ID: f479341c917e5b85ea8d4f872af5b2a7ed3f0ffe6aef50257419f0e8574b0954
                                                            • Instruction ID: d63cae11faca7fbaaedfd5ec0c01f193a5a5e64d1a9f5e85edff99bc4745f09f
                                                            • Opcode Fuzzy Hash: f479341c917e5b85ea8d4f872af5b2a7ed3f0ffe6aef50257419f0e8574b0954
                                                            • Instruction Fuzzy Hash: D5C15872D00211ABDB20AB65CC02ABF7BB9EF76754F10405BF901EB291E7788E41D798
                                                            Function 0047EE90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 177COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0047F1C0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8047B0C5), ref: 0047F211
                                                              • Part of subcall function 0047F1C0: RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047F194
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseIos_base_dtorOpenstd::ios_base::_
                                                            • String ID: 0hC$Profiles
                                                            • API String ID: 1131316584-941608981
                                                            • Opcode ID: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                                            • Instruction ID: cfb713b882ce29762410958d43b6c09695d359a02ab63b143eff75d03a191730
                                                            • Opcode Fuzzy Hash: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                                            • Instruction Fuzzy Hash: 59911674C00298CBDB20DF68C845BDDBBB0AB19314F1086EAD45977282DB746E88CF95
                                                            Function 00438180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 004381BC
                                                              • Part of subcall function 004B849F: FindNextFileW.KERNELBASE(?,00000001,?,00437D97,?,00000001,?,004BDC4D,00000001,?,?,?,8047B0C5,00000001), ref: 004B84A8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                                            • String ID: .$directory_iterator::operator++
                                                            • API String ID: 3878998205-1036657373
                                                            • Opcode ID: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                                            • Instruction ID: 735a56af49808cf236c7d8626bd4983a1e4e1118483563b87a501f55d85a1d57
                                                            • Opcode Fuzzy Hash: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                                            • Instruction Fuzzy Hash: C7318D70A047188BCF30DF59C8887ABF7B4EB49310F14429EE45997391DB395E85CA84
                                                            Function 004868B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                            Strings
                                                            • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                                            • ProductName, xrefs: 00486900
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Value
                                                            • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                            • API String ID: 3702945584-1787575317
                                                            • Opcode ID: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                                            • Instruction ID: c2d08890748770af0873008191db5a05c2fa34d27609d4939fc155a72502f57e
                                                            • Opcode Fuzzy Hash: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                                            • Instruction Fuzzy Hash: 95218EB09003599BDB20DF54C805BEABBF8FF04704F10465EE845A7681DBB86A44CB95
                                                            Function 00487290 Relevance: 4.7, APIs: 3, Instructions: 178registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,8047B0C5,?,0051C288), ref: 0048735B
                                                            • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0048751D
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseEnumOpen
                                                            • String ID:
                                                            • API String ID: 1332880857-0
                                                            • Opcode ID: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                                            • Instruction ID: e90b3dd054a924dd9803ab5f17a38fc1c4cefb0d6438d00707aa441ccba3a8d8
                                                            • Opcode Fuzzy Hash: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                                            • Instruction Fuzzy Hash: E3717FF0D012189FDB20DF24CD94B9DB7B4EB54304F1082DAEA19A7281D774AE88CF99
                                                            Function 004870B0 Relevance: 4.6, APIs: 3, Instructions: 115registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8047B0C5,0051C570,0051C2A0), ref: 00487182
                                                            • RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseOpenQueryValue
                                                            • String ID:
                                                            • API String ID: 3677997916-0
                                                            • Opcode ID: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                                            • Instruction ID: b9c4edd99e38da91ddb4c738108b0054469e00b62f6e0a688ac56e9026d709b2
                                                            • Opcode Fuzzy Hash: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                                            • Instruction Fuzzy Hash: 905130B0D042189BDB20DF15CD54B9AB7F8FF45708F5042DEE609A7281DB74AA88CF99
                                                            Function 00485E30 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                                            • GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                                            • GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Info$User
                                                            • String ID:
                                                            • API String ID: 2017065092-0
                                                            • Opcode ID: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                                            • Instruction ID: dee3d2b381a88aa75edb4726eebd2668ef991be1adfc48943d59dd3409b8a73b
                                                            • Opcode Fuzzy Hash: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                                            • Instruction Fuzzy Hash: 60219D70A40305ABE730DF65DD09B5BBBF8EB44B14F104A1EF545AB6C0D7B9AA048BE4
                                                            Function 00486F20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentHwProfileW.ADVAPI32(?), ref: 00486F86
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CurrentProfile
                                                            • String ID: Unknown
                                                            • API String ID: 2104809126-1654365787
                                                            • Opcode ID: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                                            • Instruction ID: 4cfd0b05124d6ad0cc2ed0fe670d1554fe3cca3eb32f1e14fa8b394e0e179909
                                                            • Opcode Fuzzy Hash: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                                            • Instruction Fuzzy Hash: 74418B71D00258CBDB20DF69C8407DEFBF4EF49704F1082AAD899A7281D774AA88CF91
                                                            Function 004ABC08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_copy
                                                            • String ID: MC
                                                            • API String ID: 2659868963-1829682832
                                                            • Opcode ID: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                                            • Instruction ID: 040724f085c67d798f1d490f9b73413860191a50a7d7deb79defe6124e27c29a
                                                            • Opcode Fuzzy Hash: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                                            • Instruction Fuzzy Hash: 3611EB71800308ABCB10DF58DC01B9AB7ACEB15724F10466FF81597780EB79A940CBD8
                                                            Function 00447920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0044799C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                            • String ID: 0hC
                                                            • API String ID: 323602529-2581318919
                                                            • Opcode ID: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                                            • Instruction ID: 8ca8b340eaa0dfe9bad33bee777e0704730a4b63aab2394a13b70ad755bbc225
                                                            • Opcode Fuzzy Hash: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                                            • Instruction Fuzzy Hash: CD11ADB0840609DFDB10DF59C840A9DFBF8FB05328F208A6EE85197390EB74AA05CB80
                                                            Function 00460310 Relevance: 3.3, APIs: 2, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 004604B4
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: 8b13a2037e7e0b03ddde8346a73a64acbab074baffae8b20c15079bbed3282a0
                                                            • Instruction ID: 66707b960993136107624c9d81ef05c918eca4bbb2b21c6d520a63eb0cd0cd41
                                                            • Opcode Fuzzy Hash: 8b13a2037e7e0b03ddde8346a73a64acbab074baffae8b20c15079bbed3282a0
                                                            • Instruction Fuzzy Hash: 04A191B1E002159FDB14DF68C981AAFBBB4EB49314F24422FE815E7385E738AD05CB95
                                                            Function 00437CB0 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00437D64
                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00437D92
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                                            • String ID:
                                                            • API String ID: 3016148460-0
                                                            • Opcode ID: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                                            • Instruction ID: c774fac7b26238caf8a18ea1cc9dfb162d547f418ec2e445b27f5ef4f4107e88
                                                            • Opcode Fuzzy Hash: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                                            • Instruction Fuzzy Hash: E841A0B1D04218DBCB34DF64C480AEEB7B4EF19324F00516BE851AB381EB789D44CB94
                                                            Function 00480F90 Relevance: 3.1, APIs: 2, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SHGetKnownFolderPath.SHELL32(004E05C0,00000000,00000000,?,8047B0C5,?,?), ref: 0048101E
                                                            • CoTaskMemFree.OLE32(?), ref: 004810DC
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FolderFreeKnownPathTask
                                                            • String ID:
                                                            • API String ID: 969438705-0
                                                            • Opcode ID: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                                            • Instruction ID: 3e538bd659216d3e4857fbb8bc962106784e19cd0647cea7878622876b38b54a
                                                            • Opcode Fuzzy Hash: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                                            • Instruction Fuzzy Hash: 4241ACB0D01748DBDB10CFA5C9457AEFBF4EF58314F20421EE811A7280EBB86A44CB94
                                                            Function 0047F1C0 Relevance: 3.1, APIs: 2, Instructions: 82registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8047B0C5), ref: 0047F211
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseOpen
                                                            • String ID:
                                                            • API String ID: 47109696-0
                                                            • Opcode ID: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                                            • Instruction ID: 54b3090d3cf4edc9b1beeea5084ab922e7ff7cf66e968ba670c482e571a875e7
                                                            • Opcode Fuzzy Hash: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                                            • Instruction Fuzzy Hash: 1021F675E002199BDB10EF95DC81BEFB7B4EB48714F14827EE819B7382EB399D048694
                                                            Function 0049AD6F Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetStdHandle.KERNEL32(000000F6), ref: 0049ADBB
                                                            • GetFileType.KERNEL32(00000000), ref: 0049ADCD
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileHandleType
                                                            • String ID:
                                                            • API String ID: 3000768030-0
                                                            • Opcode ID: 4f32fbaeb40bbd2ddea1473ad080d3a809991d13d49bec4850263f289b53d757
                                                            • Instruction ID: 9b806bec79c801feb13e2bd810877b0a9fec2b0519df56a68c4b4061daa9a1e0
                                                            • Opcode Fuzzy Hash: 4f32fbaeb40bbd2ddea1473ad080d3a809991d13d49bec4850263f289b53d757
                                                            • Instruction Fuzzy Hash: B611B7311047514ACF304A3E8C886677E96AB56331B39073FD4B687AF1C338D9A691CB
                                                            Function 0049F3BE Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000), ref: 0049F3FA
                                                            • GetLastError.KERNEL32(00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000,?,0049BE05,00000000,00000000,00000000,00000002,00000000,00000000), ref: 0049F407
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorFileLastPointer
                                                            • String ID:
                                                            • API String ID: 2976181284-0
                                                            • Opcode ID: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                                            • Instruction ID: e391caa542caa0dd86735aa216be2178a54a5bfb1c46ce41420e93566301b438
                                                            • Opcode Fuzzy Hash: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                                            • Instruction Fuzzy Hash: 57012232614215AFCF058F69DC49D9E3F2AEF95324F24422AF811DB290E775EE41CB94
                                                            Function 0047E47D Relevance: 3.1, APIs: 2, Instructions: 51synchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004473D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8047B0C5), ref: 0044741C
                                                              • Part of subcall function 004473D0: Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                                              • Part of subcall function 00445950: CredEnumerateA.ADVAPI32(00000000,00000000,?,?,8047B0C5,00000000,?), ref: 004459B2
                                                              • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                            • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                            • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                            • String ID:
                                                            • API String ID: 420082584-0
                                                            • Opcode ID: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                                            • Instruction ID: 21d12501465ffecb104f3396b5f4d487cf58cbb0265569f00e2db2d4d6eee1e0
                                                            • Opcode Fuzzy Hash: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                                            • Instruction Fuzzy Hash: D9114C71806548EAEB00FBF7950639DB7A0AF0431CF10C59FE90623182DF7D1A0596AF
                                                            Function 0047E4C8 Relevance: 3.0, APIs: 2, Instructions: 40synchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                            • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                            • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseHandleMutexReleaserecv
                                                            • String ID:
                                                            • API String ID: 2659716615-0
                                                            • Opcode ID: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                                            • Instruction ID: d8074609c4b6b56a118d8c4864159468ec2ce210cc92c7876c64f9fcb1cee0d4
                                                            • Opcode Fuzzy Hash: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                                            • Instruction Fuzzy Hash: CD017171806518DAE710FBE2D50679DB7A0AF0931CF50869FE90623282DF791A0187AE
                                                            Function 0049C0BD Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                                            • GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 485612231-0
                                                            • Opcode ID: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                                            • Instruction ID: 589170845ab709ad3b3b60fb6adb52998bb4654d1de7eee66c817f55301082a8
                                                            • Opcode Fuzzy Hash: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                                            • Instruction Fuzzy Hash: 9BE08631500614A7CF222BA1EC0D7893F58DB40355F104036F60897160DF398940CB88
                                                            Function 0048FAB0 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0048FCEA
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                                            • Instruction ID: 258a51d4530bdfdbcfb978a880514f411ab203130510da66870d02f2c2448e76
                                                            • Opcode Fuzzy Hash: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                                            • Instruction Fuzzy Hash: DB71F671A002088FCB24EF28C490B6E77A5BF15314F244A7FE865CB791D739EA49CB95
                                                            Function 0044AF90 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                                            • Instruction ID: 5047db877c7d9ae38b531aa0dda64427d2377832e7d6361d0852b000475400c5
                                                            • Opcode Fuzzy Hash: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                                            • Instruction Fuzzy Hash: F45180B5A0060ADFDB18CF28D480999FBB4FF4A320B5082AAE819C7B51D735ED55CBD4
                                                            Function 0049E314 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                                            • Instruction ID: 7d9f16a24b0820fe6bfe4efb506255557b861a5981f24711c09fdeca13a2084c
                                                            • Opcode Fuzzy Hash: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                                            • Instruction Fuzzy Hash: 8751C470A00104EFDF14CF5ACC85AAE7FA5AF99324F28816AE8095B352D379DE41CB95
                                                            Function 00458550 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 004586AF
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                                            • Instruction ID: 39eac46aceff4f274d7df031c3ad8bb7d561d247c585fc64f7f09dd83a036c2e
                                                            • Opcode Fuzzy Hash: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                                            • Instruction Fuzzy Hash: E941A4B1E001159FDB04DFA8C841AAEBBB5EF48315F10422EE815F7386DB34AE09CB95
                                                            Function 004520F0 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0045223D
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                                            • Instruction ID: 543f2dd5f5f38f41d79c3b3e326d175c20dbca08f8aec97f7e4552ad9d8ce088
                                                            • Opcode Fuzzy Hash: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                                            • Instruction Fuzzy Hash: E1411272E001149BCB05EF68CD806AFB7A5EF56311F1402AFFC15EB302D6789E158B99
                                                            Function 00451F90 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 004520DE
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                                            • Instruction ID: 53fc907bca80d66a09b4c03435f3e8acb878ccb904669eb33cf36a05cbe64725
                                                            • Opcode Fuzzy Hash: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                                            • Instruction Fuzzy Hash: E7414272D001049BCB15AF68CD806AEBBA5AF4A305F1002ABED15EB342D7749E158BD9
                                                            Function 0048F890 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0048F9FA
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                                            • Instruction ID: 91311e753e2fbbf9cdae31aef67f458025fa5287f257254b7d49e4ed808e7769
                                                            • Opcode Fuzzy Hash: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                                            • Instruction Fuzzy Hash: 4F41B3B2E005049FDB14EF68C985A6EBBA9EB49320F24473EE815D7385DB349D04CB95
                                                            Function 00451E50 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00451F7F
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                                            • Instruction ID: dbfd0375bb16cbcb281b8a1501cab73851c3df864c0bb83deedb38d5f1c134ec
                                                            • Opcode Fuzzy Hash: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                                            • Instruction Fuzzy Hash: 72312572A001049BCB14DF688881B9FBBA5AB59315B24426FEC15CB303DB34DE5987D9
                                                            Function 004516D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 004517DF
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                                            • Instruction ID: 65e916faade23ef3c336758c75d3ad3b55c144e32e026a5ec30b5c92d10e86c8
                                                            • Opcode Fuzzy Hash: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                                            • Instruction Fuzzy Hash: BB316772E001105BCB18EE6D9880A6FB7E9EB88312B24427FEC15D7352DA38DD0987D9
                                                            Function 0044D7D0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0044D8F9
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                                            • Instruction ID: 6687ec20b77dec97c90771c2cbe71989815263d1b8fcacfb2e06f2ee49a1853a
                                                            • Opcode Fuzzy Hash: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                                            • Instruction Fuzzy Hash: C3310A71E002045BE714AE6DD880A7EB7A4EF55324F24477FF865C7382D67899408759
                                                            Function 0044BAD0 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                                              • Part of subcall function 00434F80: ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task___std_exception_copy
                                                            • String ID:
                                                            • API String ID: 1979911387-0
                                                            • Opcode ID: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                                            • Instruction ID: f8cf7cd3dcf405c094d14d4edd2427269fc308b55f739c6c677f8adad7f52d2f
                                                            • Opcode Fuzzy Hash: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                                            • Instruction Fuzzy Hash: 902126B1E006059BE7149F25D48166AB7A4EF15324F20036FE8258BB91E739FE90C7D6
                                                            Function 004BB697 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: __wsopen_s
                                                            • String ID:
                                                            • API String ID: 3347428461-0
                                                            • Opcode ID: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                                            • Instruction ID: 7232828ef0ab4ea1277fc9c55e8108ad49929c9e06a984f5114aae078e858d40
                                                            • Opcode Fuzzy Hash: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                                            • Instruction Fuzzy Hash: B9113671A0010AAFCB05DF58E9819CF7BF4EF88304F00405AF808AB311D770D9118BA4
                                                            Function 00482930 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • send.WS2_32(?,?,00000000), ref: 00482968
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: send
                                                            • String ID:
                                                            • API String ID: 2809346765-0
                                                            • Opcode ID: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                                            • Instruction ID: 15365ef676efcd120e403479619ae1d38f6ec3fc5171ce29fb9a7f72e5811cf6
                                                            • Opcode Fuzzy Hash: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                                            • Instruction Fuzzy Hash: 93F0B472302115AB83109A5DAD4096BF7DEDBCA7B0B2003A7FC2CC33E0E9618C0153D4
                                                            Function 0049C6A4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000008,0043FE48,00000001,?,00499445,00000001,00000364,00000001,00000006,000000FF,?,004AD408,0043FE4A,0043FE44,?), ref: 0049C6E5
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 934b5854b3b2fba1ba84eb25d33e8f66ddb7b9c5617b0a1ffb822db2bfc3c07a
                                                            • Instruction ID: bf89d2d5fe5833ab0f4bff440cdb33f04d1e0b68cec02520bce29c64fa949510
                                                            • Opcode Fuzzy Hash: 934b5854b3b2fba1ba84eb25d33e8f66ddb7b9c5617b0a1ffb822db2bfc3c07a
                                                            • Instruction Fuzzy Hash: 82F0BE322852256BAF215B229D85B5B3F589B417E0F195037FC08EA290CE78EC008AEC
                                                            Function 004406AD Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileFindNext
                                                            • String ID:
                                                            • API String ID: 2029273394-0
                                                            • Opcode ID: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                                            • Instruction ID: a1ffe5c8ce5f1f1a4397a2b9345f76ae3c812c30bf0ac5870f9d4861cf5b4c4e
                                                            • Opcode Fuzzy Hash: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                                            • Instruction Fuzzy Hash: 95015631A0625DDFEB20DFA4D988BAEBBB4EF14314F2040DAD909A7282C7346E04DF55
                                                            Function 0049D15A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,00000001,0043FE44,?,004AD408,0043FE4A,0043FE44,?,?,?,00434C2F,0043FE48,0043FE48), ref: 0049D18C
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                                            • Instruction ID: de2ad87b2feeaf860c8dfd974d012cc9eb33a1afe18dd843800594eb24cb3dbb
                                                            • Opcode Fuzzy Hash: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                                            • Instruction Fuzzy Hash: 08E0E533A0132166EF212BA6AD02B5B3E48CB513A0F190137EC18962C4CB28DC0082ED
                                                            Function 004BC233 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                                            • Instruction ID: c65ff2ef24fd0563ec255788cd93a1d7270b85fbbbb51eec7110af243f851585
                                                            • Opcode Fuzzy Hash: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                                            • Instruction Fuzzy Hash: 05D06C3200010DBBDF028F84EC06FDA3BAAFB48714F018010BA1866020C732E821ABA4
                                                            Function 004B9AE2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,00486DD6,?,?,?,8047B0C5,?,?), ref: 004B9AEC
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InfoNativeSystem
                                                            • String ID:
                                                            • API String ID: 1721193555-0
                                                            • Opcode ID: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                                            • Instruction ID: f88b8e15ca571a688dc5d535dfb7cb0f1e1a76fd2fb5174ce8f8aecae7ce3306
                                                            • Opcode Fuzzy Hash: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                                            • Instruction Fuzzy Hash: 0EC09B7490610E97CF00E7E5D94D88E77FCA608204F4004A1D551E3140E770FD45C795

                                                            Non-executed Functions

                                                            Function 0048A0A0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 325nativelibraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,NtDuplicateObject,8047B0C5,?,?), ref: 0048A0F7
                                                            • GetProcAddress.KERNEL32(00000000), ref: 0048A0FE
                                                            • OpenProcess.KERNEL32(00000040,00000000,00000000), ref: 0048A12A
                                                            • NtQuerySystemInformation.NTDLL ref: 0048A153
                                                            • NtQuerySystemInformation.NTDLL ref: 0048A178
                                                            • GetCurrentProcess.KERNEL32 ref: 0048A1FD
                                                            • NtQueryObject.NTDLL ref: 0048A22B
                                                            • GetFinalPathNameByHandleA.KERNEL32(00000000,00000000,00000104,00000000,00000104,?,00000104,00000000), ref: 0048A315
                                                            • CloseHandle.KERNEL32(00000000), ref: 0048A3E6
                                                            • CloseHandle.KERNEL32(00000000), ref: 0048A441
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                            • String ID: File$NtDuplicateObject$ntdll.dll
                                                            • API String ID: 2729825427-3955674919
                                                            • Opcode ID: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                                            • Instruction ID: 0800680efb81c18e2f896ca5fb1c4f1751909ec1a20682d0b449f1ef79601e33
                                                            • Opcode Fuzzy Hash: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                                            • Instruction Fuzzy Hash: C3C1DE71D00218AFEF10EFA4DC45BAEBBB5FF44704F14452AE801A7281E7B9AD45CB96
                                                            Function 0048A710 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 215stringmemorynativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAcquirePebLock.NTDLL(8047B0C5,00000000,00000000), ref: 0048A766
                                                            • NtAllocateVirtualMemory.NTDLL ref: 0048A78F
                                                            • lstrcpyW.KERNEL32(?), ref: 0048A7C6
                                                            • lstrcatW.KERNEL32(?), ref: 0048A8CD
                                                            • NtAllocateVirtualMemory.NTDLL ref: 0048A904
                                                            • lstrcpyW.KERNEL32(?), ref: 0048AA0F
                                                            • RtlInitUnicodeString.NTDLL(-00000037), ref: 0048AA28
                                                            • RtlInitUnicodeString.NTDLL(-0000003F), ref: 0048AA37
                                                            • LdrEnumerateLoadedModules.NTDLL(00000000,Function_0008A6B0,00000000), ref: 0048AA44
                                                            • RtlReleasePebLock.NTDLL ref: 0048AA4A
                                                              • Part of subcall function 00480F90: SHGetKnownFolderPath.SHELL32(004E05C0,00000000,00000000,?,8047B0C5,?,?), ref: 0048101E
                                                              • Part of subcall function 00480F90: CoTaskMemFree.OLE32(?), ref: 004810DC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateInitLockMemoryStringUnicodeVirtuallstrcpy$AcquireEnumerateFolderFreeKnownLoadedModulesPathReleaseTasklstrcat
                                                            • String ID: 0Q8w
                                                            • API String ID: 573923072-1710177118
                                                            • Opcode ID: 9f0bc586ea1a7da28060736a8c13b163a192ecd6657979f9a74a2ad2d362be03
                                                            • Instruction ID: 1d72f842e61e5ce7feef92d17fc1071c4f69874d6174494518bfda03acdacd70
                                                            • Opcode Fuzzy Hash: 9f0bc586ea1a7da28060736a8c13b163a192ecd6657979f9a74a2ad2d362be03
                                                            • Instruction Fuzzy Hash: D6B190B4D05268EFDB14CFA9D885A9DBBB5FF08314F10822AE825A7361DB346946CF44
                                                            Function 00477EE0 Relevance: 18.3, APIs: 12, Instructions: 289COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CoInitializeEx.OLE32(00000000,00000000,8047B0C5,?,?), ref: 00477F5C
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Initialize
                                                            • String ID:
                                                            • API String ID: 2538663250-0
                                                            • Opcode ID: eec43777c261d8a2dab22aea29dbdf31e886a527831d6dfb0425ac795999018e
                                                            • Instruction ID: d5989f67fd172e1006781f95ff6e7d6cbd1369fc69074948a5cb2319df95c689
                                                            • Opcode Fuzzy Hash: eec43777c261d8a2dab22aea29dbdf31e886a527831d6dfb0425ac795999018e
                                                            • Instruction Fuzzy Hash: 12D1F170D04288DBDB11CFA8D848BEDBBB0FF15314F14824AE508BB291DB796AC9DB55
                                                            Function 0047D2F0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 410COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                                              • Part of subcall function 0044DCC0: std::ios_base::_Addstd.LIBCPMT ref: 0044DDEF
                                                              • Part of subcall function 00436640: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047D95A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: std::ios_base::_$Ios_base_dtor$AddstdConcurrency::cancel_current_task
                                                            • String ID: .cmd$.exe$.ps1$.vbs$.G$0hC$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$open$runas
                                                            • API String ID: 2154145882-3307477358
                                                            • Opcode ID: 272a3eff05d2f0994a98a4670cb8ea359793a3df70236ba5e5f34b7e97b052ef
                                                            • Instruction ID: f5ba6b163c3a98fee3f853caf05b9595179ad2eb3f8f0c36a39513699dfd7300
                                                            • Opcode Fuzzy Hash: 272a3eff05d2f0994a98a4670cb8ea359793a3df70236ba5e5f34b7e97b052ef
                                                            • Instruction Fuzzy Hash: 6A122770D00268DFDB20DF64CD85BDEBBB4AF19304F1481EAE849A7282DB755A84CF95
                                                            Function 0047AE80 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000,00000001,?,0047AF9D,?,?,8047B0C5), ref: 0047AE91
                                                            • BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0047AEAB
                                                            • BCryptGenerateSymmetricKey.BCRYPT(?,?,00000000,00000000,?,?,00000000), ref: 0047AECF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Crypt$AlgorithmGenerateOpenPropertyProviderSymmetric
                                                            • String ID: AES$ChainingMode$ChainingModeGCM
                                                            • API String ID: 1692524283-1213888626
                                                            • Opcode ID: b81ac72cefcce56172d4d4bf7609f9087b605a60a83836cd33b6e41b4b4cf51e
                                                            • Instruction ID: 8d127e15825cd86a398cba4dadb085fb92217d3de15f733cf2195ed64ba2db48
                                                            • Opcode Fuzzy Hash: b81ac72cefcce56172d4d4bf7609f9087b605a60a83836cd33b6e41b4b4cf51e
                                                            • Instruction Fuzzy Hash: 1CF03031381710BBE7309E65AC4AFDB7BA8FB44F10F10492AFA41DA1D0D7A0F8559B5A
                                                            Function 0046B620 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 331COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B7DA
                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B81E
                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B924
                                                            • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B970
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_fs_directory_iterator_advance@8
                                                            • String ID: .
                                                            • API String ID: 2610647541-248832578
                                                            • Opcode ID: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                                            • Instruction ID: 99e23c5b304899c8ab8714ce46d423df57297e0934c6bc539a0dfe6d7ec6f1b4
                                                            • Opcode Fuzzy Hash: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                                            • Instruction Fuzzy Hash: 77C1BF75A016269FCB20DF18C8847AAB3B5FF44314F14829AD915D7390EB39AD85CFC6
                                                            Function 004A6109 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,004A641B,00000002,00000000,?,?,?,004A641B,?,00000000), ref: 004A61A2
                                                            • GetLocaleInfoW.KERNEL32(?,20001004,004A641B,00000002,00000000,?,?,?,004A641B,?,00000000), ref: 004A61CB
                                                            • GetACP.KERNEL32(?,?,004A641B,?,00000000), ref: 004A61E0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InfoLocale
                                                            • String ID: ACP$OCP
                                                            • API String ID: 2299586839-711371036
                                                            • Opcode ID: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                                            • Instruction ID: 02a1f9ff6d074017cf30d732e6d651dacf3b6180dce544ba7b26bbdffeda2481
                                                            • Opcode Fuzzy Hash: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                                            • Instruction Fuzzy Hash: 14217731B00101A6DB348F54C901A9BBBA7EB76B54B5F8466E909D7302EB36DE41C358
                                                            Function 0043D4A0 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 725COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Wallets$content$filename
                                                            • API String ID: 0-3216974685
                                                            • Opcode ID: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                                            • Instruction ID: d087ffba84baf14db51f89a037efaf3a0efd4671473d6540ebf1f333b1c0f3d3
                                                            • Opcode Fuzzy Hash: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                                            • Instruction Fuzzy Hash: 5392EEB0C052AC9BDB66DF68D9857DDBBB4AF18308F1441DAE80CA7252EB741B84CF45
                                                            Function 004A62E5 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 004A63ED
                                                            • IsValidCodePage.KERNEL32(00000000), ref: 004A642B
                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 004A643E
                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 004A6486
                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 004A64A1
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                            • String ID:
                                                            • API String ID: 415426439-0
                                                            • Opcode ID: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                                            • Instruction ID: c25bf07a23f3a9ec008bfe0b344d9b34e57977eb2ee5f51d57588e3c0d66081e
                                                            • Opcode Fuzzy Hash: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                                            • Instruction Fuzzy Hash: B351C031A00205ABDF10DFA5CC41AAF77B8BF2A700F09446BF905EB2C0D778D9058B68
                                                            Function 004A5970 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • GetACP.KERNEL32(?,?,?,?,?,?,00499D39,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 004A5A2F
                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00499D39,?,?,?,00000055,?,-00000050,?,?), ref: 004A5A66
                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004A5BC9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast$CodeInfoLocalePageValid
                                                            • String ID: utf8
                                                            • API String ID: 607553120-905460609
                                                            • Opcode ID: 04b3e337810216b61eac7fea49992564720a065615442711857ddc30d61a34d4
                                                            • Instruction ID: 57bf36a595626d2e68748195e450517760c1dbe6c14d68ec56d01c4c71c4df41
                                                            • Opcode Fuzzy Hash: 04b3e337810216b61eac7fea49992564720a065615442711857ddc30d61a34d4
                                                            • Instruction Fuzzy Hash: F771FA71600B01ABDB24AB75CD82BAB73ACEF66714F14052FF505D7281E778E940866D
                                                            Function 00497B2D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 00497C25
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00497C2F
                                                            • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000001), ref: 00497C3C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                            • String ID: /LC
                                                            • API String ID: 3906539128-2135541996
                                                            • Opcode ID: ba9b98a76fbca1403476e1f0242b14846ec85a4183b9da3279bb0f6910b30b28
                                                            • Instruction ID: bfbf58602b6ed5b9f74246d621f9e13e9ead8f3e4535d75d7aa199c35e3273ea
                                                            • Opcode Fuzzy Hash: ba9b98a76fbca1403476e1f0242b14846ec85a4183b9da3279bb0f6910b30b28
                                                            • Instruction Fuzzy Hash: 3231D274901229ABCB21DF65DC8878DBBB8BF18710F5041EAE40CA7250E7349F858F48
                                                            Function 00493800 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ea11f6e400efd71b53824ee55fa65b6dac5785e4ad25e6ab9d2c54b6af7400f
                                                            • Instruction ID: d1eb0eda3f30262f0aa428ac7e9151949e9d9ef7bd25f7153de96db8ebdefec9
                                                            • Opcode Fuzzy Hash: 4ea11f6e400efd71b53824ee55fa65b6dac5785e4ad25e6ab9d2c54b6af7400f
                                                            • Instruction Fuzzy Hash: DB023C71E002199BDF14CFA9C9806AEFBF1FF89315F24826AE519E7341D735AE018B94
                                                            Function 009ABF4B Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009AC03B
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FileFindFirst
                                                            • String ID:
                                                            • API String ID: 1974802433-0
                                                            • Opcode ID: 393662c4b31f6e868e927a2ea9c1ac4ce441615a2093b0085b786ae6c720d8d5
                                                            • Instruction ID: 361cf21a114be61aae24ad28b791fd7dfc5b1c57f930a5884e0693c4a4243192
                                                            • Opcode Fuzzy Hash: 393662c4b31f6e868e927a2ea9c1ac4ce441615a2093b0085b786ae6c720d8d5
                                                            • Instruction Fuzzy Hash: E571D8B19091689FDF20AF28CC8DABEB7B9EF46304F1441D9E40DA7252DB354E859F90
                                                            Function 00498574 Relevance: 6.1, APIs: 4, Instructions: 82memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0049859D
                                                            • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 004985B1
                                                            • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 00498602
                                                            • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00498617
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Virtual$AllocInfoProtectQuerySystem
                                                            • String ID:
                                                            • API String ID: 3562403962-0
                                                            • Opcode ID: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                                            • Instruction ID: 57c86550534b148c15952eeeaf39776b02a492ab104de77fe61266457f658886
                                                            • Opcode Fuzzy Hash: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                                            • Instruction Fuzzy Hash: 91217C72E00119ABCF20DFA9DD85AEFBBB8EF45754F05017AE905E7140EA349D04C794
                                                            Function 009A5027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009A5033
                                                            • IsDebuggerPresent.KERNEL32 ref: 009A50FF
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009A5118
                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 009A5122
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                            • String ID:
                                                            • API String ID: 254469556-0
                                                            • Opcode ID: d6b97f7b4cd2f8b46333d7f35612c9fd8b04a717fbe73125f88c229f4a7ae2d2
                                                            • Instruction ID: 322b30c106090feb4ba349b24dafb1523542fb2f956019d2a8b9c0bc2d5c8015
                                                            • Opcode Fuzzy Hash: d6b97f7b4cd2f8b46333d7f35612c9fd8b04a717fbe73125f88c229f4a7ae2d2
                                                            • Instruction Fuzzy Hash: 38312975D05218DBDF20EFA4D9497CDBBB8BF08300F1041AAE40CAB250EB709A84CF85
                                                            Function 004AC6BF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 004AC6CB
                                                            • IsDebuggerPresent.KERNEL32 ref: 004AC797
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004AC7B0
                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 004AC7BA
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                            • String ID:
                                                            • API String ID: 254469556-0
                                                            • Opcode ID: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                                            • Instruction ID: 70dc3419eb2b6db1900c7bd06373213fcab329736da06f39ceabfcfe7a7444e5
                                                            • Opcode Fuzzy Hash: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                                            • Instruction Fuzzy Hash: E1314A75C012189BDF21DF61DC897CEBBB8BF18700F1041AAE40DAB250E7759A84CF48
                                                            Function 004B824D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00435B2A,?,?), ref: 004B8261
                                                            • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000,?,?,00435B2A,?,?), ref: 004B8288
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FormatInfoLocaleMessage
                                                            • String ID: !x-sys-default-locale
                                                            • API String ID: 4235545615-2729719199
                                                            • Opcode ID: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                                            • Instruction ID: 4f66f40a8a4f046c7b0032d4e1a4b833dd41128cf422eed9181fa496fdef01a0
                                                            • Opcode Fuzzy Hash: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                                            • Instruction Fuzzy Hash: 1AF030B5511108FFEF089BD5DC0EEEB77ACEB09394F10416AB501D6150E6B0AE00D778
                                                            Function 004A5D8D Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5DE1
                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5E2B
                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5EF1
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InfoLocale$ErrorLast
                                                            • String ID:
                                                            • API String ID: 661929714-0
                                                            • Opcode ID: 4e5522a14392cd0b3bbc4aa0c2beba558a9818cfc0a7be593c71ffc28e535be1
                                                            • Instruction ID: 962ae09c726557bba2a742099c161f9beda31160a96e42ffbc7faebc0f235ca1
                                                            • Opcode Fuzzy Hash: 4e5522a14392cd0b3bbc4aa0c2beba558a9818cfc0a7be593c71ffc28e535be1
                                                            • Instruction Fuzzy Hash: D86190715416079FDB28DF28CE82BABB7A8EF25305F1440BBE905C6285E738DE41CB58
                                                            Function 0047AAE0 Relevance: 3.2, APIs: 2, Instructions: 249COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7a5cc1d22bd71ddba461825bf1e5a719f52907f0f441b03632678b65b188f3f2
                                                            • Instruction ID: 33f7787d24f7b6ada88b2ec4e837cc4b10ca5ac34968b166931d9a07c874724e
                                                            • Opcode Fuzzy Hash: 7a5cc1d22bd71ddba461825bf1e5a719f52907f0f441b03632678b65b188f3f2
                                                            • Instruction Fuzzy Hash: 21B1A170D04249DFDB10CFA4C884BEEBBB5FF89304F20825AD505AB381D778A984CB96
                                                            Function 00440B60 Relevance: 3.1, APIs: 2, Instructions: 137encryptionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,00000001,?), ref: 00440BFA
                                                            • LocalFree.KERNEL32(?,00000000), ref: 00440C8E
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CryptDataFreeLocalUnprotect
                                                            • String ID:
                                                            • API String ID: 1561624719-0
                                                            • Opcode ID: 691253dd090d0692abb79b75d9c07df8674f2c8687ba40f9476d8420fea36caa
                                                            • Instruction ID: f58a043fe36a424058588bce6ee5e9d112fd586f94ce921f9f6943f9dc7e0036
                                                            • Opcode Fuzzy Hash: 691253dd090d0692abb79b75d9c07df8674f2c8687ba40f9476d8420fea36caa
                                                            • Instruction Fuzzy Hash: 68517E70D00249DBEB00CFA9C8457DEFBB4FF14308F14821AE8547B281D7B96A48CBA5
                                                            Function 0047A950 Relevance: 3.1, APIs: 2, Instructions: 119encryptionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CryptProtectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A9B8
                                                            • LocalFree.KERNEL32(?,00000000), ref: 0047AA4F
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CryptDataFreeLocalProtect
                                                            • String ID:
                                                            • API String ID: 2714945720-0
                                                            • Opcode ID: 1650d13529f5b5e644ab9d1fc943a2e59ee628ce821009b7a4047a2a1a045cf0
                                                            • Instruction ID: 6fc12887242d51354b1d4be44c56afc8010d77d5c64fcd5971483ececb25fb38
                                                            • Opcode Fuzzy Hash: 1650d13529f5b5e644ab9d1fc943a2e59ee628ce821009b7a4047a2a1a045cf0
                                                            • Instruction Fuzzy Hash: 7351BF70D00249EBEB00CFA5D945BDEFBB4FF54308F10821AE81077281D7B96A58CBA5
                                                            Function 004A5FE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A6034
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast$InfoLocale
                                                            • String ID:
                                                            • API String ID: 3736152602-0
                                                            • Opcode ID: 56b126747d64a408f8cb97836ba55e90b6bea24853320db90e581c5e767a0a51
                                                            • Instruction ID: 4410453ce78f061189afbc458556258a4ff070a6a13362461f6e96f76a4d0aba
                                                            • Opcode Fuzzy Hash: 56b126747d64a408f8cb97836ba55e90b6bea24853320db90e581c5e767a0a51
                                                            • Instruction Fuzzy Hash: A121B232655206ABDF28DF25DC41A7B77ACEF61314B1500BFFA01C6281EB38ED408A58
                                                            Function 004A5C67 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • EnumSystemLocalesW.KERNEL32(004A5D8D,00000001,00000000,?,-00000050,?,004A63C1,00000000,?,?,?,00000055,?), ref: 004A5CD9
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                            • String ID:
                                                            • API String ID: 2417226690-0
                                                            • Opcode ID: e42620a4cb20c2da49a4224be13f12341b998f391a46648d9ba836fd2d73139f
                                                            • Instruction ID: 1406c895032231e24aa0afc96b0d01b76351fdf719fc880d52765eb770635e76
                                                            • Opcode Fuzzy Hash: e42620a4cb20c2da49a4224be13f12341b998f391a46648d9ba836fd2d73139f
                                                            • Instruction Fuzzy Hash: 1711E537600B015FDB18AF79C9916BABB92FF91368B18842EE94787B40E375A942C744
                                                            Function 004A620F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004A5FA9,00000000,00000000,?), ref: 004A623B
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast$InfoLocale
                                                            • String ID:
                                                            • API String ID: 3736152602-0
                                                            • Opcode ID: afed30a40adaf0fe2c2ae6d6b95a375c8a19700a8aa4b2d509547a2ce32d92aa
                                                            • Instruction ID: 9487850153f17b5aff8b54b84101990ee62d9d6b8c11e223cf6e38bc87e8a6da
                                                            • Opcode Fuzzy Hash: afed30a40adaf0fe2c2ae6d6b95a375c8a19700a8aa4b2d509547a2ce32d92aa
                                                            • Instruction Fuzzy Hash: 3C01DB33A10112ABDF286A658D06BBB7768DB51754F1A446FEC06A3680DA38ED41C698
                                                            Function 004A5D02 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • EnumSystemLocalesW.KERNEL32(004A5FE0,00000001,00000005,?,-00000050,?,004A6389,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 004A5D4C
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                            • String ID:
                                                            • API String ID: 2417226690-0
                                                            • Opcode ID: eaaeaeafc5fac60a840ad3651ae3e1ab29e3739c136bdf2006a19ad432905435
                                                            • Instruction ID: c98a1cf7b30e52ba405588815af828edc546cc3ef2e56581ce593e44f0a9addd
                                                            • Opcode Fuzzy Hash: eaaeaeafc5fac60a840ad3651ae3e1ab29e3739c136bdf2006a19ad432905435
                                                            • Instruction Fuzzy Hash: 2AF022362007041FCB246F799885A6A7BA5EB81368F14842EF9054B690C2759C02C658
                                                            Function 0049C70E Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0049B2E1: EnterCriticalSection.KERNEL32(-0051B45F,?,004A6D40,00000000,005137C8,0000000C,004A6D08,0043FE48,?,0049C6D7,0043FE48,?,00499445,00000001,00000364,00000001), ref: 0049B2F0
                                                            • EnumSystemLocalesW.KERNEL32(0049C701,00000001,00513580,0000000C,0049CB55,00000000), ref: 0049C746
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                            • String ID:
                                                            • API String ID: 1272433827-0
                                                            • Opcode ID: 69dda01542ccd3eab63414d956f3fcf1c5f44d3c23f22103bfe59f95768ac423
                                                            • Instruction ID: a78643f9f3df08ccc8addbe33751412e33acbb4152fc9e9c363d2dc9b4240f3c
                                                            • Opcode Fuzzy Hash: 69dda01542ccd3eab63414d956f3fcf1c5f44d3c23f22103bfe59f95768ac423
                                                            • Instruction Fuzzy Hash: A0F04972A40205EFEB00DFA9E882B9C7BF0FB55725F10816BF415EB2A0D77959049F44
                                                            Function 0047AE10 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • BCryptCloseAlgorithmProvider.BCRYPT(?,00000000,8047B0C5,?,?,?,004CB69D,000000FF), ref: 0047AE4A
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AlgorithmCloseCryptProvider
                                                            • String ID:
                                                            • API String ID: 3378198380-0
                                                            • Opcode ID: ba7b4d00b8746e9ab6913010367bb35a0b16d4da032a75110d36ee2580577608
                                                            • Instruction ID: 7a92f9e53ad6301b38de286dc83f6de03fbb372fed7888f050c821ed69dc0e63
                                                            • Opcode Fuzzy Hash: ba7b4d00b8746e9ab6913010367bb35a0b16d4da032a75110d36ee2580577608
                                                            • Instruction Fuzzy Hash: B1F06D71A44618ABD720CF58DC05B9AB7F8EB04B20F10476FE821A37C0D779A9008B94
                                                            Function 004A5C1C Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                              • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                            • EnumSystemLocalesW.KERNEL32(004A5B75,00000001,00000005,?,?,004A63E3,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 004A5C53
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                            • String ID:
                                                            • API String ID: 2417226690-0
                                                            • Opcode ID: f5bcbf328ab98889824a8f4a2aca38cb232a0aaea5e92dc81316268b5f07e0b0
                                                            • Instruction ID: 8029f739405c8b6d15305cd3561d0adeac93de3ed34cfe121213407b3ae16d1c
                                                            • Opcode Fuzzy Hash: f5bcbf328ab98889824a8f4a2aca38cb232a0aaea5e92dc81316268b5f07e0b0
                                                            • Instruction Fuzzy Hash: B1F05C3630030557CB049F35D84576A7F54EFD2724F06005EEA058B690C6769842C754
                                                            Function 0049CCB0 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0049A8AF,?,20001004,00000000,00000002,?,?,00499EA1), ref: 0049CCE4
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InfoLocale
                                                            • String ID:
                                                            • API String ID: 2299586839-0
                                                            • Opcode ID: f7abdc218717ea54d8d13a8a84f23afce84eed1fa1e88fe8fac7f9052fbf838e
                                                            • Instruction ID: eb41334156ced680ef33706ab3692b9e9ee117c5b5a07fe61c85a323d836a744
                                                            • Opcode Fuzzy Hash: f7abdc218717ea54d8d13a8a84f23afce84eed1fa1e88fe8fac7f9052fbf838e
                                                            • Instruction Fuzzy Hash: BDE04F35501228BBCF122F61DC04EAE7F16EF84761F004036FC0A66261CB368D21AAD9
                                                            Function 00477B00 Relevance: 31.7, APIs: 21, Instructions: 230processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8047B0C5,?,?), ref: 00477B54
                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00477BB9
                                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00477BE0
                                                            • OpenProcess.KERNEL32(00000400,00000000,?), ref: 00477BFD
                                                            • OpenProcessToken.ADVAPI32(00000000,0000000E,?), ref: 00477C2A
                                                            • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00477C4D
                                                            • GetLastError.KERNEL32 ref: 00477C5B
                                                            • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00477C9C
                                                            • CloseHandle.KERNEL32(00000000), ref: 00477CA7
                                                            • CloseHandle.KERNEL32(?), ref: 00477CAF
                                                            • CloseHandle.KERNEL32(?), ref: 00477E29
                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 00477E39
                                                            • CloseHandle.KERNEL32(?), ref: 00477E62
                                                            • CloseHandle.KERNEL32(00000000), ref: 00477E65
                                                            • CloseHandle.KERNEL32(00000000), ref: 00477E84
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$CreateErrorFirstLastSnapshotToolhelp32
                                                            • String ID:
                                                            • API String ID: 1236848392-0
                                                            • Opcode ID: 8196f859269c8a2d89c48d56fc566d1cdbd904d5535603d3da99df98a23cf43e
                                                            • Instruction ID: 454ab3ae29a80d327a78c61064fadb2005c2365cc5293efb4604dbbba27fe465
                                                            • Opcode Fuzzy Hash: 8196f859269c8a2d89c48d56fc566d1cdbd904d5535603d3da99df98a23cf43e
                                                            • Instruction Fuzzy Hash: F6A15B709052189FDF219F24DC89BAEBBB8EF44700F5441EAE90CA2250EB359E84DF59
                                                            Function 0044E020 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0044E070
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0044E092
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E0BA
                                                            • std::_Facet_Register.LIBCPMT ref: 0044E1D0
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E1FA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                            • String ID: cC$`aC$p]C
                                                            • API String ID: 459529453-2177106863
                                                            • Opcode ID: a449d14724036c8b5d7dcc6e3f8f606a5f6c47b464cfe817b38abf7381c673d4
                                                            • Instruction ID: 1ff138599dd9b712ad814e44402e9ca08be03e0a2a2e3ebe43d51928b08ed38c
                                                            • Opcode Fuzzy Hash: a449d14724036c8b5d7dcc6e3f8f606a5f6c47b464cfe817b38abf7381c673d4
                                                            • Instruction Fuzzy Hash: 99518BB0D00259DBEB10CF99C8457AEBBB4FB18314F24815ED811AB381DB79AA44CBA5
                                                            Function 004AAEF3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,004AA85F), ref: 004AAF0C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: DecodePointer
                                                            • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                            • API String ID: 3527080286-3064271455
                                                            • Opcode ID: 74ba9069d7c1eb0fdfb04e1fac74ca4f81e2e7f03cc06b4bb9d653b05ebe1574
                                                            • Instruction ID: 58aec3622616389bffb488f30e5ac45d5b57ecd31d6a71103e59991c775c814d
                                                            • Opcode Fuzzy Hash: 74ba9069d7c1eb0fdfb04e1fac74ca4f81e2e7f03cc06b4bb9d653b05ebe1574
                                                            • Instruction Fuzzy Hash: BE516C7090860ACFCF148F58D9481AFBFB0FB66300F558187E4A1A6355C7BD8966CB9A
                                                            Function 00452250 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0045228D
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 004522AF
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 004522D7
                                                            • __Getcoll.LIBCPMT ref: 0045239F
                                                            • std::_Facet_Register.LIBCPMT ref: 004523EB
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00452415
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                            • String ID: `aC$p]C
                                                            • API String ID: 1184649410-1363152631
                                                            • Opcode ID: bcac19400a142c5d17f9bc7acd982912d16d1a9c65db466b0de63643df1b93e3
                                                            • Instruction ID: 568a7e1164ae6cef3cf0599e82aad122ccc02b6897634e5ab4797aad8f19cd87
                                                            • Opcode Fuzzy Hash: bcac19400a142c5d17f9bc7acd982912d16d1a9c65db466b0de63643df1b93e3
                                                            • Instruction Fuzzy Hash: 49518B70800208DFDB01DF95C9457DEBBB4FF55318F24815ED805AB282DBB9AE49CBA9
                                                            Function 00450EF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00450F2D
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00450F4F
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00450F77
                                                            • std::_Facet_Register.LIBCPMT ref: 00451071
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0045109B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                            • String ID: PbC$`aC$p]C
                                                            • API String ID: 459529453-2418293346
                                                            • Opcode ID: c487c9fa1e9afb87366c1b148d14351f87e6f3e89ddbdc8a1e0c3778002b8b72
                                                            • Instruction ID: e392c769357d74c7cb0e8da2cb70d10442ea48cde3856dc7faeb71697ce32a0a
                                                            • Opcode Fuzzy Hash: c487c9fa1e9afb87366c1b148d14351f87e6f3e89ddbdc8a1e0c3778002b8b72
                                                            • Instruction Fuzzy Hash: 9A519E71900249DFDF20CF99C5417AEBBB0FB14318F24845ED805AB382D7B9AE49CB95
                                                            Function 004AFE4C Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • type_info::operator==.LIBVCRUNTIME ref: 004AFF6B
                                                            • ___TypeMatch.LIBVCRUNTIME ref: 004B0079
                                                            • CallUnexpected.LIBVCRUNTIME ref: 004B01E6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                            • String ID: <fM$csm$csm$csm
                                                            • API String ID: 1206542248-3599101812
                                                            • Opcode ID: aaac5c7749a7aa866996bcb2d51d73d9b1fe5293335fd4c63eebf0a3ecf9d180
                                                            • Instruction ID: 5ce913a956d0af8773c3ee17d9b542f15401108c10c26080aa375b564815456b
                                                            • Opcode Fuzzy Hash: aaac5c7749a7aa866996bcb2d51d73d9b1fe5293335fd4c63eebf0a3ecf9d180
                                                            • Instruction Fuzzy Hash: DBB19B71800209EFCF18DFA5C8809EFB7B5FF25315B10816BE8056B212D779DA15CBA9
                                                            Function 0047CF70 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0047D113
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0047D118
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0047D11D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID: `aC$false$p]C$true
                                                            • API String ID: 118556049-4224333681
                                                            • Opcode ID: 226f2742ad4bb82513da97dc0ea37b247d6440e1a842af39628b989b3fbf377a
                                                            • Instruction ID: 10a02a47a4876ff195f080d04569540bf2a908c30d6efafbe52ebceab6b25fd0
                                                            • Opcode Fuzzy Hash: 226f2742ad4bb82513da97dc0ea37b247d6440e1a842af39628b989b3fbf377a
                                                            • Instruction Fuzzy Hash: 73510871910745DBDB20DF65C801B9EBBF4EF04718F20862FE815A7781E7BAAA04CB95
                                                            Function 0047C6C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0047C6FD
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0047C71F
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C747
                                                            • std::_Facet_Register.LIBCPMT ref: 0047C834
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C85E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                            • String ID: `aC$p]C
                                                            • API String ID: 459529453-1363152631
                                                            • Opcode ID: e866effaa90865aaaa30be5826de822518346297a390443dd29a39b403041da2
                                                            • Instruction ID: 399bbb442a0c6c40ac274560e971594f6ebfe9651e6100c107b7a0aaef0602e2
                                                            • Opcode Fuzzy Hash: e866effaa90865aaaa30be5826de822518346297a390443dd29a39b403041da2
                                                            • Instruction Fuzzy Hash: 2C517A71900249DFDB15CF99C580BEEBBB4EB15318F24805ED409AB381DB79AE09CF95
                                                            Function 0047D190 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99networkfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InternetOpenW.WININET(File Downloader,00000001,00000000,00000000,00000000), ref: 0047D22D
                                                            • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 0047D256
                                                            • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D27C
                                                            • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D2B2
                                                            • InternetCloseHandle.WININET(00000000), ref: 0047D2B9
                                                            • InternetCloseHandle.WININET(?), ref: 0047D2C5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Internet$CloseFileHandleOpenRead
                                                            • String ID: File Downloader
                                                            • API String ID: 4038090926-3631955488
                                                            • Opcode ID: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                                            • Instruction ID: 638e9360adee8abd238f5bb9f06079602c51a7af3a4d5d450420b7b82b1eb562
                                                            • Opcode Fuzzy Hash: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                                            • Instruction Fuzzy Hash: 5B318370A01655ABD730CF55CC45BEAB7B8EF44700F1041AAF549E7290DBB8AE84DFA8
                                                            Function 009AF878 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: __freea$__alloca_probe_16$Info
                                                            • String ID:
                                                            • API String ID: 127012223-0
                                                            • Opcode ID: 66c2045ab667004fc2a2b3dbb927fae724643db204ecb98fddca6388b50e31b3
                                                            • Instruction ID: 30098e30e494c8bad2174f3113632eeb4d6fe41f97203ac291abca1d767197d7
                                                            • Opcode Fuzzy Hash: 66c2045ab667004fc2a2b3dbb927fae724643db204ecb98fddca6388b50e31b3
                                                            • Instruction Fuzzy Hash: B871A372A002066BDF209BD4CC71BEF77BD9F8B314F294465E959A7282E7359C0087E0
                                                            Function 004B9D99 Relevance: 12.2, APIs: 8, Instructions: 225COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 004B9E24
                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B9EB0
                                                            • __alloca_probe_16.LIBCMT ref: 004B9EDA
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B9F1B
                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B9F37
                                                            • __alloca_probe_16.LIBCMT ref: 004B9F5D
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B9F9A
                                                            • CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 004B9FB7
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                            • String ID:
                                                            • API String ID: 3603178046-0
                                                            • Opcode ID: 3ce074e6bcc7f87e0e4de1f7dc2ca851322fbe0f14b3b5897e042b4e817243f3
                                                            • Instruction ID: 05f54580d30f9e3720c8b3961695daa3f0f937b9c5610d8c2bd80885558d9d7b
                                                            • Opcode Fuzzy Hash: 3ce074e6bcc7f87e0e4de1f7dc2ca851322fbe0f14b3b5897e042b4e817243f3
                                                            • Instruction Fuzzy Hash: 7871AE3290021AABDF219F65CC85BFF7BB9AF05724F18405BEA04E6291D7398C40C7B9
                                                            Function 004B9AF7 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 004B9B40
                                                            • __alloca_probe_16.LIBCMT ref: 004B9B6C
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 004B9BAB
                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B9BC8
                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004B9C07
                                                            • __alloca_probe_16.LIBCMT ref: 004B9C24
                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B9C66
                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004B9C89
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                            • String ID:
                                                            • API String ID: 2040435927-0
                                                            • Opcode ID: 127654da753590042b08ac6595405d01716cfec311436dda6d72091204f46cc9
                                                            • Instruction ID: 0cb7a2a667138b596a59e049b57baa22d652deda395932da07ab0cb8239329c9
                                                            • Opcode Fuzzy Hash: 127654da753590042b08ac6595405d01716cfec311436dda6d72091204f46cc9
                                                            • Instruction Fuzzy Hash: A151BF7250020AABEF219F65CC44FEB7FB9EF50740F24412AFA05A6260D7399C11CB68
                                                            Function 00489F30 Relevance: 12.1, APIs: 8, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 00489F4B
                                                            • GetProcessId.KERNEL32(00000000), ref: 00489F52
                                                            • RmStartSession.RSTRTMGR(?,00000041,?), ref: 00489F76
                                                            • RmRegisterResources.RSTRTMGR(?,00000001,?,00000000,00000000,00000000,00000000), ref: 00489F91
                                                            • RmGetList.RSTRTMGR(?,?,?,00000003,?), ref: 00489FD4
                                                            • RmGetList.RSTRTMGR(?,?,?,00000000,?), ref: 0048A020
                                                            • RmEndSession.RSTRTMGR(?), ref: 0048A04A
                                                            • RmEndSession.RSTRTMGR(?), ref: 0048A07A
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                            • String ID:
                                                            • API String ID: 3299295986-0
                                                            • Opcode ID: c8fc720c6df2cefa911e5ab8bfb66f499295b1f9aa4f52cb019436ebaefd8700
                                                            • Instruction ID: 0c548674b0cea8079c7009f79d794e669f8d4684f59b10cf2f6688a8c9d6d6ed
                                                            • Opcode Fuzzy Hash: c8fc720c6df2cefa911e5ab8bfb66f499295b1f9aa4f52cb019436ebaefd8700
                                                            • Instruction Fuzzy Hash: A7417971E011589BEF10AFE4DC44AEEBBBCEB45300F14412BE902EB254EB7A9C058B95
                                                            Function 00473B90 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 333COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00473D56
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00473D73
                                                              • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,8047B0C5), ref: 004AFA6C
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00473FC0
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00473FDD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_destroy$ExceptionRaise
                                                            • String ID: MC$value
                                                            • API String ID: 299339551-3840657116
                                                            • Opcode ID: fad894e6791b73173a90b46eb5f7d570fcfb30b2d17f717ef1dd9171332bf87e
                                                            • Instruction ID: 838f8dd16b3ea7f4eeb45613560c02c2ef3b01355b1a5592379bf0a45a67ceab
                                                            • Opcode Fuzzy Hash: fad894e6791b73173a90b46eb5f7d570fcfb30b2d17f717ef1dd9171332bf87e
                                                            • Instruction Fuzzy Hash: 31F15A70C05298DEEB20DB65C954BDEFBB4AF19304F1482DAD44963282E7746B88CF96
                                                            Function 009A5C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 009A5CB7
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 009A5CBF
                                                            • _ValidateLocalCookies.LIBCMT ref: 009A5D48
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 009A5D73
                                                            • _ValidateLocalCookies.LIBCMT ref: 009A5DC8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                            • String ID: csm
                                                            • API String ID: 1170836740-1018135373
                                                            • Opcode ID: 84de25382fdff9bc768f5ef44ec691e27ee6db108f70e7680c5203d6dcd08c45
                                                            • Instruction ID: 461fd20b615458a13ebcc93630798c4ef1ff6a66eb2ccec7fcca31495f361113
                                                            • Opcode Fuzzy Hash: 84de25382fdff9bc768f5ef44ec691e27ee6db108f70e7680c5203d6dcd08c45
                                                            • Instruction Fuzzy Hash: 7441B334A00619EBCF10DF68C888A9EBBB5FF86324F158155E8149B392D731AE41CBD1
                                                            Function 004AD600 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 004AD637
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 004AD63F
                                                            • _ValidateLocalCookies.LIBCMT ref: 004AD6C8
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 004AD6F3
                                                            • _ValidateLocalCookies.LIBCMT ref: 004AD748
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                            • String ID: csm
                                                            • API String ID: 1170836740-1018135373
                                                            • Opcode ID: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                                            • Instruction ID: fca86a332ffc7d642b39a5fdc798139505592cae81a3a9a41e25a428a24f43dc
                                                            • Opcode Fuzzy Hash: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                                            • Instruction Fuzzy Hash: 2741D834E002089BCF10DF69C880A9E7BB5BF66318F14815BE81A5B752D739EA01CF95
                                                            Function 009A94CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,009A95DD,009A2442,?,00000000,?), ref: 009A958F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary
                                                            • String ID: api-ms-$ext-ms-
                                                            • API String ID: 3664257935-537541572
                                                            • Opcode ID: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                            • Instruction ID: a85474ac283111abf3178413e80806fcab9311c6e02d78736d2aacf71f32731b
                                                            • Opcode Fuzzy Hash: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                            • Instruction Fuzzy Hash: 1A215035E05211A7C7229B64DC41A6E77ACFB8B7B1F140610FD06A72D1DB70EE01D6D0
                                                            Function 0049C8FA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • FreeLibrary.KERNEL32(00000000,?,0049CA09,0043FE48,00434C2F,00000000,00000001,0043FE4A,?,0049CC33,00000022,FlsSetValue,004D294C,FlsSetValue,00000001), ref: 0049C9BB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeLibrary
                                                            • String ID: api-ms-$ext-ms-
                                                            • API String ID: 3664257935-537541572
                                                            • Opcode ID: 7c1f6f25a6eeb0dcc1b48f853c441653626ec7c6eb0710202be6e4b6adacda37
                                                            • Instruction ID: 9ca0f964f7470424b5d3057a4191f763ac6aa624da693043a33dcdca32e519f2
                                                            • Opcode Fuzzy Hash: 7c1f6f25a6eeb0dcc1b48f853c441653626ec7c6eb0710202be6e4b6adacda37
                                                            • Instruction Fuzzy Hash: A621E7B2A01211ABDF219B25ECC0B5F3B69AB527A4F250237E905A7390D738ED01C6DD
                                                            Function 00436640 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                                              • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,8047B0C5), ref: 004AFA6C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                            • String ID: (>Q$0hC$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                            • API String ID: 1903096808-798308736
                                                            • Opcode ID: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                                            • Instruction ID: 0e9c3b5a5aba75944b05d252eccadd5948fd44e578ec9c0118fa22ff265feac2
                                                            • Opcode Fuzzy Hash: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                                            • Instruction Fuzzy Hash: 4E1122B29046487BD710DB59DC02FAA7398EB09754F04862FFD58872C1EB3DA90487AA
                                                            Function 009A489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 009A48A5
                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 009A48B3
                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 009A48C4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$HandleModule
                                                            • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                            • API String ID: 667068680-1047828073
                                                            • Opcode ID: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                            • Instruction ID: b34c87e8097b9f3c3ee6df09a95954731a0815f6fec601da13503c03224605d2
                                                            • Opcode Fuzzy Hash: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                            • Instruction Fuzzy Hash: 80D09E316AA620AF8350AF747F0D8DB7EA9EB496B53064216F511E2261DBB44504DB90
                                                            Function 0049D57F Relevance: 9.3, APIs: 6, Instructions: 329COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                                            • Instruction ID: c45b587b2b6024bbc8d631f61cfde13028adc071dc65d72902c8bf59655bd6a7
                                                            • Opcode Fuzzy Hash: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                                            • Instruction Fuzzy Hash: 64B13572D00255AFDF11DF64CC81BAA7FA5EF55310F1441BBE454AB382D2789D01C7A9
                                                            Function 004A2113 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: __freea$__alloca_probe_16
                                                            • String ID: a/p$am/pm
                                                            • API String ID: 3509577899-3206640213
                                                            • Opcode ID: a9edef7a29c60dc922f9c04593671941a29bfc7d944e7fd23b6979b0c360fd65
                                                            • Instruction ID: 1d0f90a389a6ddb01c6eee3cfed114d4cdbff39c5c4e16d1e763b1923b69fac5
                                                            • Opcode Fuzzy Hash: a9edef7a29c60dc922f9c04593671941a29bfc7d944e7fd23b6979b0c360fd65
                                                            • Instruction Fuzzy Hash: 32C1BF35904212AADB298F6CCA947BB77B0FF2B300F14405BE905AB750D3BD9D42EB59
                                                            Function 0047CCA0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0047CCD6
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0047CCF9
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0047CD21
                                                            • std::_Facet_Register.LIBCPMT ref: 0047CD9A
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0047CDC4
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 0047CDE7
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                            • String ID:
                                                            • API String ID: 2081738530-0
                                                            • Opcode ID: 28da64327ea27554a00a06c9e40525b24cdd21d51c36f3309ffdeb549bf855e5
                                                            • Instruction ID: 5e0d328f53af4ec2248f8036dfe48c657d56e4526373956cc4eb9e978e4c29ea
                                                            • Opcode Fuzzy Hash: 28da64327ea27554a00a06c9e40525b24cdd21d51c36f3309ffdeb549bf855e5
                                                            • Instruction Fuzzy Hash: FE419A71800219CFCB21CF98C980BEFBBB4EB15714F14856ED80A67381D738AE04CBA5
                                                            Function 009A7F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,009A7F40,009A5A6B,009A5180), ref: 009A7F57
                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009A7F65
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009A7F7E
                                                            • SetLastError.KERNEL32(00000000,009A7F40,009A5A6B,009A5180), ref: 009A7FD0
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastValue___vcrt_
                                                            • String ID:
                                                            • API String ID: 3852720340-0
                                                            • Opcode ID: 281f552aa3e2bba910b2761de8ffc0b960c37172d35ba76c85da1259be1d8516
                                                            • Instruction ID: 0347aee122adfd4ccf86276ea0daabdae4a8c1a56758d8923d5243ba4a158e74
                                                            • Opcode Fuzzy Hash: 281f552aa3e2bba910b2761de8ffc0b960c37172d35ba76c85da1259be1d8516
                                                            • Instruction Fuzzy Hash: D701F77251D2127EE61527F4ADCBA67BBACDB877B47200339F410450F0EF114C02A1D0
                                                            Function 004AFADE Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,004AFAD5,004AF923,004AC85A), ref: 004AFAEC
                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004AFAFA
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004AFB13
                                                            • SetLastError.KERNEL32(00000000,004AFAD5,004AF923,004AC85A), ref: 004AFB65
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLastValue___vcrt_
                                                            • String ID:
                                                            • API String ID: 3852720340-0
                                                            • Opcode ID: 0a9cead03a1cbea0f2d00e28f649f33043dad87cbbba68afa2d7a2a72df1b0e0
                                                            • Instruction ID: 5c97271c99781371f32c50c56a2d0a191a69233ae1c55058bab721689d3f3b0d
                                                            • Opcode Fuzzy Hash: 0a9cead03a1cbea0f2d00e28f649f33043dad87cbbba68afa2d7a2a72df1b0e0
                                                            • Instruction Fuzzy Hash: 9001F9321093119E9A2417F5AC559972A65EB23379B24463FF514951E0FB1A5C0CA16C
                                                            Function 00480AC0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteObject.GDI32(?), ref: 00480B31
                                                            • EnterCriticalSection.KERNEL32(00000004,8047B0C5,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B42
                                                            • EnterCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B4F
                                                            • GdiplusShutdown.GDIPLUS(00000000,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B5C
                                                            • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B69
                                                            • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B70
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                            • String ID:
                                                            • API String ID: 4268643673-0
                                                            • Opcode ID: ab380d08308f5f7294dc0c8834127c13781bff22419dd726a23e31aeb0b35f9a
                                                            • Instruction ID: a49544f5ea7446c9cfb95f09875386710a40740b290a3353e41ff902735902d1
                                                            • Opcode Fuzzy Hash: ab380d08308f5f7294dc0c8834127c13781bff22419dd726a23e31aeb0b35f9a
                                                            • Instruction Fuzzy Hash: 8B117FB15002009FD3209F58D848B1A7BF8FF05728F20475EE4258B2D1C77AD806CB94
                                                            Function 009A87D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • type_info::operator==.LIBVCRUNTIME ref: 009A88F8
                                                            • CallUnexpected.LIBVCRUNTIME ref: 009A8B71
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CallUnexpectedtype_info::operator==
                                                            • String ID: csm$csm$csm
                                                            • API String ID: 2673424686-393685449
                                                            • Opcode ID: 87f1fc4f14b7b672f31a012a42c7667304171c4bef2b4a6e03036138273d3faf
                                                            • Instruction ID: 40b251a1df3fc350a080cf0c510fc48fb691ece20f5d9b8013d5b25cd9ef1f62
                                                            • Opcode Fuzzy Hash: 87f1fc4f14b7b672f31a012a42c7667304171c4bef2b4a6e03036138273d3faf
                                                            • Instruction Fuzzy Hash: F4B16B71800209EFCF18DFA4C881AAFBBB9FF86310F55455AE8116B212DB35DA51CBE1
                                                            Function 0048A490 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32(8047B0C5), ref: 0048A4E4
                                                            • FreeEnvironmentStringsW.KERNEL32(?), ref: 0048A685
                                                            • RtlInitUnicodeString.NTDLL(?), ref: 0048A6D9
                                                            • RtlInitUnicodeString.NTDLL(?,00000000), ref: 0048A6E4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentInitStringStringsUnicode$Free
                                                            • String ID: 0Q8w
                                                            • API String ID: 2488768755-1710177118
                                                            • Opcode ID: 087de5e6dd1055750bf7132ea8417913862878fff25edd8fa91e2b0393d86743
                                                            • Instruction ID: 1a99e4392def1b605416f46e3147960cb17592dd8275db88d5f878599104deaf
                                                            • Opcode Fuzzy Hash: 087de5e6dd1055750bf7132ea8417913862878fff25edd8fa91e2b0393d86743
                                                            • Instruction Fuzzy Hash: 6471AAB1C10219EBDB00DF98C884B9EFBF8FF18304F14461BE815A3250E7B8A995CB95
                                                            Function 009A6A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,009B1B77,000000FF,?,009A6B21,?,?,009A6BBD,00000000), ref: 009A6A95
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009A6AA7
                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,009B1B77,000000FF,?,009A6B21,?,?,009A6BBD,00000000), ref: 009A6AC9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                            • Instruction ID: c90c5b911599311d384dfbf4fb694a9f234e078919072ae645309173d3991b86
                                                            • Opcode Fuzzy Hash: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                            • Instruction Fuzzy Hash: B3018431958519EBCB119F80CD05FBEB7BCFB48B64F084625A811A2290DB749804CA84
                                                            Function 004A2923 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8047B0C5,00000001,?,00000000,004CEBA0,000000FF,?,004A28BD,?,?,004A2891,00000016), ref: 004A2958
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004A296A
                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,004CEBA0,000000FF,?,004A28BD,?,?,004A2891,00000016), ref: 004A298C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: bb5db20903b210e56e17606efd33f47167f5dac7559f5cad6f576f47fa7b3a02
                                                            • Instruction ID: 4a39d6f0df0723e62e133a2fe4a12dc63d6bfdc81165c834358a2709fa0273f6
                                                            • Opcode Fuzzy Hash: bb5db20903b210e56e17606efd33f47167f5dac7559f5cad6f576f47fa7b3a02
                                                            • Instruction Fuzzy Hash: DA01A271A10625AFCB118F54DC05FAFBBBCFB04B10F044627E812A2790DBB89900DA98
                                                            Function 004B82A1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,8047B0C5,?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3), ref: 004B82C9
                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004B82D5
                                                            • GetTempPathW.KERNEL32(?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3,?,00000105,?), ref: 004B82F5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AddressHandleModulePathProcTemp
                                                            • String ID: GetTempPath2W$kernel32.dll
                                                            • API String ID: 775647363-1846531799
                                                            • Opcode ID: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                                            • Instruction ID: 490c9918516094a75be01d3e1b1e27de5ce3fa518d230e70400d3a931493a6c9
                                                            • Opcode Fuzzy Hash: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                                            • Instruction Fuzzy Hash: C2F03A36A44654EFCB159F54EC05F9A7BA8FB09B60F008127EC16937A0DB79A800CB98
                                                            Function 009AD525 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __alloca_probe_16.LIBCMT ref: 009AD5AA
                                                            • __alloca_probe_16.LIBCMT ref: 009AD673
                                                            • __freea.LIBCMT ref: 009AD6DA
                                                              • Part of subcall function 009AB3B5: HeapAlloc.KERNEL32(00000000,?,00000000,?,009A3C34,?,?,009A2442,00001000,?,009A23AA), ref: 009AB3E7
                                                            • __freea.LIBCMT ref: 009AD6ED
                                                            • __freea.LIBCMT ref: 009AD6FA
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                            • String ID:
                                                            • API String ID: 1096550386-0
                                                            • Opcode ID: fb6ccc1f44cfa263671bc2f080c10c131e6f44dde1aa271b8fccc8823994c60b
                                                            • Instruction ID: 274e42a4a04f457c7af23c7a05c44a0231417b70685d8ef8d5a8b197426a4369
                                                            • Opcode Fuzzy Hash: fb6ccc1f44cfa263671bc2f080c10c131e6f44dde1aa271b8fccc8823994c60b
                                                            • Instruction Fuzzy Hash: 0951C372602246AFEF205F64CC81EBB37ADEF8A714B190529FD0AD6551EB75CC10C6E0
                                                            Function 0049AEB4 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __alloca_probe_16.LIBCMT ref: 0049AF39
                                                            • __alloca_probe_16.LIBCMT ref: 0049B002
                                                            • __freea.LIBCMT ref: 0049B069
                                                              • Part of subcall function 0049D15A: RtlAllocateHeap.NTDLL(00000000,00000001,0043FE44,?,004AD408,0043FE4A,0043FE44,?,?,?,00434C2F,0043FE48,0043FE48), ref: 0049D18C
                                                            • __freea.LIBCMT ref: 0049B07C
                                                            • __freea.LIBCMT ref: 0049B089
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1423051803-0
                                                            • Opcode ID: 1cf292f1027faf516ea3b58fb1ffeacfcc17b82ad5c767b33ec64858519d3555
                                                            • Instruction ID: c461f83b43c969d084823d86eb7d78e4c690f12dee5ba4d22df99f96e1ee22eb
                                                            • Opcode Fuzzy Hash: 1cf292f1027faf516ea3b58fb1ffeacfcc17b82ad5c767b33ec64858519d3555
                                                            • Instruction Fuzzy Hash: 4C510072600206AFEF209F65AD81EBB7EA9EF84314F15013EFC54D6241EB39DC5086E8
                                                            Function 009A1930 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CloseFileHandleSize
                                                            • String ID:
                                                            • API String ID: 3849164406-0
                                                            • Opcode ID: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                            • Instruction ID: 01dbf0d9918108c55e6b4145a7798ef981f9bb530ca0a367eb947cb308af8286
                                                            • Opcode Fuzzy Hash: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                            • Instruction Fuzzy Hash: F481F0B4D0A258DFCB00DFA8D584BAEBBF0BF4A314F104929E455A7381D7789948CF96
                                                            Function 009A46F6 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentThreadId.KERNEL32 ref: 009A470A
                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4729
                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4757
                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47B2
                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47C9
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                            • String ID:
                                                            • API String ID: 66001078-0
                                                            • Opcode ID: 53051a53eabd8cee83fbd22a4ece7b05ce4620da44ef1abb01ea11faf3ccf3a5
                                                            • Instruction ID: 3ca6a88fedcde88c12fcad319cb7f3d8516d2de825da09f77564b99f192a8789
                                                            • Opcode Fuzzy Hash: 53051a53eabd8cee83fbd22a4ece7b05ce4620da44ef1abb01ea11faf3ccf3a5
                                                            • Instruction Fuzzy Hash: 51414A30910686DFCB20DF69D984AAAB3F9FF87310B504A2AD45697A40D7B4F944CFD1
                                                            Function 004B9258 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __EH_prolog3.LIBCMT ref: 004B925F
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 004B926A
                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 004B92D8
                                                              • Part of subcall function 004B93BB: std::locale::_Locimp::_Locimp.LIBCPMT ref: 004B93D3
                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 004B9285
                                                            • _Yarn.LIBCPMT ref: 004B929B
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                            • String ID:
                                                            • API String ID: 1088826258-0
                                                            • Opcode ID: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                                            • Instruction ID: d57bef6452a6d9f87b7c1f6c81a415e25ff1084f0ba862d3ffc406506ccaed08
                                                            • Opcode Fuzzy Hash: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                                            • Instruction Fuzzy Hash: 2101BC75A002149BDB09EF21E881ABE3BA5BF95714B18400EE90157381CF78AE42DBE9
                                                            Function 009AD200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748), ref: 009AD20D
                                                            • GetLastError.KERNEL32(?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748,00000000,?,009A8E2C), ref: 009AD217
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 009AD23F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID: api-ms-
                                                            • API String ID: 3177248105-2084034818
                                                            • Opcode ID: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                            • Instruction ID: d79eb59beefabec8c9a5e5fc1b309fdebffbf904ceb2f1ce7c05f0f86d008f97
                                                            • Opcode Fuzzy Hash: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                            • Instruction Fuzzy Hash: 75E0D870298204B7DF112F50DC06FA93F6C9B85BA0F140020FD0DE44E1DB71E995D5C0
                                                            Function 004B0B2E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,004B0ADF,00000000,?,0051BBA8,?,?,?,004B0C82,00000004,InitializeCriticalSectionEx,004D70E4,004D70EC), ref: 004B0B3B
                                                            • GetLastError.KERNEL32(?,004B0ADF,00000000,?,0051BBA8,?,?,?,004B0C82,00000004,InitializeCriticalSectionEx,004D70E4,004D70EC,00000000,?,004B0A39), ref: 004B0B45
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 004B0B6D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID: api-ms-
                                                            • API String ID: 3177248105-2084034818
                                                            • Opcode ID: e73f2d59ed71ffe050e3980c02a90d09a2b8a6f7f1eeff266cde429a2dd4b4c8
                                                            • Instruction ID: d85af749d3a2776d246a861fdd0c76bc3b777c55ee5f54f02c25fa514b149693
                                                            • Opcode Fuzzy Hash: e73f2d59ed71ffe050e3980c02a90d09a2b8a6f7f1eeff266cde429a2dd4b4c8
                                                            • Instruction Fuzzy Hash: 25E04F30284305B7EF221BA1EC0AF5E3B55AB11B49F144032F90CA91E1EBA6A910859C
                                                            Function 0047F2C0 Relevance: 6.5, APIs: 4, Instructions: 457registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegOpenKeyExA.ADVAPI32(80000001,0051C570,00000000,00020019,00000000,?,?,?,8047B0C5,?,0051C2A0), ref: 0047F4D0
                                                            • RegQueryValueExA.ADVAPI32(00000000,0051C2A0,00000000,000F003F,?,00000400,?,?,?,8047B0C5,?,0051C2A0), ref: 0047F506
                                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,8047B0C5,?,0051C2A0), ref: 0047F5A4
                                                            • SysFreeString.OLEAUT32 ref: 0047FA14
                                                              • Part of subcall function 0047A610: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                                              • Part of subcall function 0047A610: LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                                              • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,8047B0C5,0051C570,0051C2A0), ref: 00487182
                                                              • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeOpenQueryValue$CloseCryptDataLocalStringUnprotect
                                                            • String ID:
                                                            • API String ID: 2380017125-0
                                                            • Opcode ID: a521d0abf644b9380dcd8d70f5715900671aedad0facd1908bb1e921974b8b3c
                                                            • Instruction ID: 56cbdaf4eb2024de0fd4bd59dbcd72090a4e5b75bdf23aa4f75e7a392944198d
                                                            • Opcode Fuzzy Hash: a521d0abf644b9380dcd8d70f5715900671aedad0facd1908bb1e921974b8b3c
                                                            • Instruction Fuzzy Hash: 24122BF0E002689BDB24DF24CC5479DB7B5AF44318F1086EAD64DA7282DB346E88CF59
                                                            Function 009ADCA8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 009ADD0B
                                                              • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 009ADF5D
                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009ADFA3
                                                            • GetLastError.KERNEL32 ref: 009AE046
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                            • String ID:
                                                            • API String ID: 2112829910-0
                                                            • Opcode ID: 73e470fc6ae406cb9819989194ef813d03dc4a33c27d07c03cdd2bae79a8cd94
                                                            • Instruction ID: ab360b0bec38862491303f8b94eb5905db546f83b05f4926d5eec648f4170ce5
                                                            • Opcode Fuzzy Hash: 73e470fc6ae406cb9819989194ef813d03dc4a33c27d07c03cdd2bae79a8cd94
                                                            • Instruction Fuzzy Hash: 20D1AF75D042589FCF14CFA8C9809EDBBB9FF4A314F28452AE416EB751D730A942CB90
                                                            Function 0049B476 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetConsoleOutputCP.KERNEL32(8047B0C5,00000000,00000000,00000000), ref: 0049B4D9
                                                              • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0049B72B
                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0049B771
                                                            • GetLastError.KERNEL32 ref: 0049B814
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                            • String ID:
                                                            • API String ID: 2112829910-0
                                                            • Opcode ID: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                                            • Instruction ID: 17746d06032e39ca1db24970b21defb679d9c3d722e4804f7fdb3bafa319cb4d
                                                            • Opcode Fuzzy Hash: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                                            • Instruction Fuzzy Hash: 15D17A75D002489FCF05CFE9E980AEDBBB5EF49314F18816AE425EB351D734A906CB94
                                                            Function 00478300 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00477B00: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8047B0C5,?,?), ref: 00477B54
                                                              • Part of subcall function 00477B00: Process32FirstW.KERNEL32(00000000,?), ref: 00477BB9
                                                              • Part of subcall function 00477B00: CloseHandle.KERNEL32(00000000), ref: 00477E84
                                                            • ImpersonateLoggedOnUser.ADVAPI32(00000000,8047B0C5,?,00000000), ref: 00478391
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CloseCreateFirstHandleImpersonateLoggedProcess32SnapshotToolhelp32User
                                                            • String ID:
                                                            • API String ID: 1507787261-0
                                                            • Opcode ID: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                                            • Instruction ID: e502c6a69380433c55fd31efa36561dbf437e01bd72b95285a5588c942f2c0dc
                                                            • Opcode Fuzzy Hash: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                                            • Instruction Fuzzy Hash: F5F17070C0428DDEEB15DBA4C8587DDBBB0AF15308F24819ED04977292DB785F88DBA6
                                                            Function 009A8500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: AdjustPointer
                                                            • String ID:
                                                            • API String ID: 1740715915-0
                                                            • Opcode ID: 0608e06d263ec731d7ffd192b23052bf33a42abc4f5907356db316f8c3da7dec
                                                            • Instruction ID: 64eb0d958b18bc1c6ef1e9a5ab8750c24b95537435cdfc67330fac35c1d6284f
                                                            • Opcode Fuzzy Hash: 0608e06d263ec731d7ffd192b23052bf33a42abc4f5907356db316f8c3da7dec
                                                            • Instruction Fuzzy Hash: AB51E272A05606AFEB298F54D941BBB77A8FF46310F15456DEC02972A1EB31EC50CBD0
                                                            Function 004AFBF5 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AdjustPointer
                                                            • String ID:
                                                            • API String ID: 1740715915-0
                                                            • Opcode ID: e71c71c21820e5819a4508bd04d803321a7ecaf8570da358721e6539f5a36dac
                                                            • Instruction ID: 33b3d652e50ecda4e79a0ecf225597f03c3ffd3297545ef1ce997a4b46d38663
                                                            • Opcode Fuzzy Hash: e71c71c21820e5819a4508bd04d803321a7ecaf8570da358721e6539f5a36dac
                                                            • Instruction Fuzzy Hash: AF51D0B150020A9FEB269FD1D881BAA77A4FF62718F10003EEC434B291D739E849C798
                                                            Function 004A077A Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                                            • Instruction ID: 6bad779769d7c9384c33fcc5b288381071ef860472916b423066c301ca7f7ee1
                                                            • Opcode Fuzzy Hash: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                                            • Instruction Fuzzy Hash: D141E675A00704AFDB24AF39CC41B6BBBA9EB99714F20452FF101DB781D77DA9418B88
                                                            Function 009ABD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,009AC0CE,?,?,?,00000000), ref: 009ABD8C
                                                            • __dosmaperr.LIBCMT ref: 009ABD93
                                                            • GetLastError.KERNEL32(00000000,009AC0CE,?,?,00000000,?,?,?,00000000,00000000,?,009AC0CE,?,?,?,00000000), ref: 009ABDCD
                                                            • __dosmaperr.LIBCMT ref: 009ABDD4
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                            • String ID:
                                                            • API String ID: 1913693674-0
                                                            • Opcode ID: 5fda42d8140670587ea3416d774c610875c0cdd6baed5a2579ed69048ad89bad
                                                            • Instruction ID: eccb56bab440cbaf77b51c30396320524af657333288217487c52a5cea59894d
                                                            • Opcode Fuzzy Hash: 5fda42d8140670587ea3416d774c610875c0cdd6baed5a2579ed69048ad89bad
                                                            • Instruction Fuzzy Hash: AF21A4B1600206BFDB20AF66C881E6BB7ADFF463687118919F81997192D734EC40DBD1
                                                            Function 004BA942 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                            • GetLastError.KERNEL32 ref: 004BA9A6
                                                            • __dosmaperr.LIBCMT ref: 004BA9AD
                                                            • GetLastError.KERNEL32(?,?,?,?), ref: 004BA9E7
                                                            • __dosmaperr.LIBCMT ref: 004BA9EE
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                            • String ID:
                                                            • API String ID: 1913693674-0
                                                            • Opcode ID: 51edd5c4e5c25a430a3840a704f497c195c233776ddb3170bc40658ab91a4e1f
                                                            • Instruction ID: cdbbd9429668cd5750c88df838a7d8834fbfbf28e86e5927cf8d45539b4e27df
                                                            • Opcode Fuzzy Hash: 51edd5c4e5c25a430a3840a704f497c195c233776ddb3170bc40658ab91a4e1f
                                                            • Instruction Fuzzy Hash: 7A21C871600605AF8F21AF66CC809ABBBADFF44368711492FF91597210D739EC60D7BA
                                                            Function 009AC2C4 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1b36e937bdd9776a463f892bead2d884e1ea2d5982c9dc011e0f8e74fc37fdd2
                                                            • Instruction ID: 05507d55ab378ad77012b7e0a0c70fbd9d7593f76e689c04475c192514aa4026
                                                            • Opcode Fuzzy Hash: 1b36e937bdd9776a463f892bead2d884e1ea2d5982c9dc011e0f8e74fc37fdd2
                                                            • Instruction Fuzzy Hash: 8C216DB1604205AFDF20AFB5C881A6B77ADAF463687108A15F929EB151DB35EC40CBE1
                                                            Function 004989A8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 29faf50d70bb4521c0c7912d0192e47e6614307814943c5259d0fead7ff358f5
                                                            • Instruction ID: 5e5224636d54f024fd63f309ffc809bb58d9736df3a284f1f4315f29edb86acb
                                                            • Opcode Fuzzy Hash: 29faf50d70bb4521c0c7912d0192e47e6614307814943c5259d0fead7ff358f5
                                                            • Instruction Fuzzy Hash: F321A171600205AFCF21EF6ADC4496B7FA9AF42368720453FF91597251EF38ED008799
                                                            Function 009AC99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32 ref: 009AC9A5
                                                              • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9DD
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9FD
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                            • String ID:
                                                            • API String ID: 158306478-0
                                                            • Opcode ID: 8098251112c1c5f0566b1b0367e24e7eebd626d49e3c06392a087f3dff8de54c
                                                            • Instruction ID: 349e1d20f2aeed0942e84ce737000675205ba597ec21927584cdadd0c8e2ab8b
                                                            • Opcode Fuzzy Hash: 8098251112c1c5f0566b1b0367e24e7eebd626d49e3c06392a087f3dff8de54c
                                                            • Instruction Fuzzy Hash: F31104F5915219BF6611A7B59C8DCBF695CDEDB3A43110124F401E9200EA28CD0291F1
                                                            Function 004AB379 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32 ref: 004AB381
                                                              • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3B9
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3D9
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                            • String ID:
                                                            • API String ID: 158306478-0
                                                            • Opcode ID: 69a85f7ed18cd74047bb984129651c996d53830a83c410699db2c70aab7f3113
                                                            • Instruction ID: 352b9fd8ff6adfd48aa864b65f723ba5a946c2f7c3dd1541d1c3166fed4ac287
                                                            • Opcode Fuzzy Hash: 69a85f7ed18cd74047bb984129651c996d53830a83c410699db2c70aab7f3113
                                                            • Instruction Fuzzy Hash: B21156B19015157E7A1167B65C8AD6F6A5CDE5A398B10403BF801D1203EB7D9D0245BA
                                                            Function 009A1E00 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E2D
                                                            • GetCurrentThreadId.KERNEL32 ref: 009A1E3B
                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E54
                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E93
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                            • String ID:
                                                            • API String ID: 2261580123-0
                                                            • Opcode ID: cc8fa3324f5e6e9cf97eafe75bd973bf7bfbd8721fdcb9206dbbfcb1e8563e0c
                                                            • Instruction ID: e28c2aeaaf5c3a040c85ecc6c965378effdf32fa309211f74cfd85a1637c5f8b
                                                            • Opcode Fuzzy Hash: cc8fa3324f5e6e9cf97eafe75bd973bf7bfbd8721fdcb9206dbbfcb1e8563e0c
                                                            • Instruction Fuzzy Hash: 3121E4B0E042098FCB04EFA8C5857AEBBF5EF89300F11845DE849AB351D7389A41CF91
                                                            Function 004B8430 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WideCharToMultiByte.KERNEL32(00000001,00000400,8047B0C5,00000000,00000000,00000000,00000000,00000000,00000001,?,?,0044E5F3,?,?,00000000,00000000), ref: 004B844D
                                                            • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,8047B0C5,00000001), ref: 004B8459
                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,8047B0C5,00000000,00000000,00000000,00000000,00000000,?,?,0044E5F3,?,?,00000000,00000000,00000000), ref: 004B847F
                                                            • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,8047B0C5,00000001), ref: 004B848B
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ByteCharErrorLastMultiWide
                                                            • String ID:
                                                            • API String ID: 203985260-0
                                                            • Opcode ID: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                                            • Instruction ID: 6b90caf3a67b14ffb57c64759c70b961d31bb881305e702148557666a2de5e43
                                                            • Opcode Fuzzy Hash: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                                            • Instruction Fuzzy Hash: FB01BF36601156BFCF224F95DC08E9F3F7AEBD9791F118029FA0556220DA31C922EBA5
                                                            Function 009AFD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000), ref: 009AFD17
                                                            • GetLastError.KERNEL32(?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?,?,009AD9E0,00000000), ref: 009AFD23
                                                              • Part of subcall function 009AFD74: CloseHandle.KERNEL32(FFFFFFFE,009AFD33,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?), ref: 009AFD84
                                                            • ___initconout.LIBCMT ref: 009AFD33
                                                              • Part of subcall function 009AFD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009AFCF1,009AF48E,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD68
                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD48
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                            • String ID:
                                                            • API String ID: 2744216297-0
                                                            • Opcode ID: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                            • Instruction ID: d5653beaa3dc4be1b3262693e083b589b4e8550667f4f386525d479a7ba7cda1
                                                            • Opcode Fuzzy Hash: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                            • Instruction Fuzzy Hash: C0F01C36414116BBCF232FD1DD08A8A3F6AFB493B1B004220FA0985570DB32C860EBD1
                                                            Function 004A95E5 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000), ref: 004A95FC
                                                            • GetLastError.KERNEL32(?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000,?,0049BE42,?), ref: 004A9608
                                                              • Part of subcall function 004A95CE: CloseHandle.KERNEL32(FFFFFFFE,004A9618,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000), ref: 004A95DE
                                                            • ___initconout.LIBCMT ref: 004A9618
                                                              • Part of subcall function 004A9590: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004A95BF,004A6707,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A95A3
                                                            • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A962D
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                            • String ID:
                                                            • API String ID: 2744216297-0
                                                            • Opcode ID: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                                            • Instruction ID: 8abc0c58445a332f8c6052495b9482a66327941653e6e46fd38a52645a0d97bb
                                                            • Opcode Fuzzy Hash: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                                            • Instruction Fuzzy Hash: DCF01237441215BBCF521F91DC09ACE3F66EF19364F024426FA2C86120C6368D60DB94
                                                            Function 009A4F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 009A4F13
                                                            • GetCurrentThreadId.KERNEL32 ref: 009A4F22
                                                            • GetCurrentProcessId.KERNEL32 ref: 009A4F2B
                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 009A4F38
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                            • String ID:
                                                            • API String ID: 2933794660-0
                                                            • Opcode ID: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                            • Instruction ID: 249e697ac7c80175cdc73755d8fdc4735cdd91e78fe27fa41fa217d7d6f19e67
                                                            • Opcode Fuzzy Hash: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                            • Instruction Fuzzy Hash: 9CF06774D1420DEBCB00EBB4DA49ADFB7F8FF1D254B514A95A412E7110EB30A748EB51
                                                            Function 009A8BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,009A8AFE,?,?,00000000,00000000,00000000,?), ref: 009A8C22
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID: MOC$RCC
                                                            • API String ID: 2118026453-2084237596
                                                            • Opcode ID: 80a7fc5bd5597a9261ff03ebcc6357136f0c861b9187391962db0f0d0d0e8e72
                                                            • Instruction ID: 390a7c09216b659692ea9dda0a0bb16a51e3ea6b253e92099ff5ed3820b8f932
                                                            • Opcode Fuzzy Hash: 80a7fc5bd5597a9261ff03ebcc6357136f0c861b9187391962db0f0d0d0e8e72
                                                            • Instruction Fuzzy Hash: 8A41AB71900209AFCF15CF94CD81AEEBBBAFF49310F144168F90467291D7359A50CFA0
                                                            Function 00453E10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00453EF4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID: `aC$p]C
                                                            • API String ID: 118556049-1363152631
                                                            • Opcode ID: 15b0531adf7878dcd052dc043384283fbe7e7e749bd6b518c848f3481f58b70e
                                                            • Instruction ID: 7ffd0bf130dfa3baccabcf7c02000b8885a72f27ff8372dee48aba471c76e642
                                                            • Opcode Fuzzy Hash: 15b0531adf7878dcd052dc043384283fbe7e7e749bd6b518c848f3481f58b70e
                                                            • Instruction Fuzzy Hash: 2B4114B1D002089BCB24DF58C841BAFBBF4EF45354F10426FEC2597382E7799A148B95
                                                            Function 004B01F1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • EncodePointer.KERNEL32(00000000,?), ref: 004B0216
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: EncodePointer
                                                            • String ID: MOC$RCC
                                                            • API String ID: 2118026453-2084237596
                                                            • Opcode ID: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                                            • Instruction ID: 70788f387beb527cb8114cdc5e5f216b8ccff70d73c61da87df7ae4bd57bd2ae
                                                            • Opcode Fuzzy Hash: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                                            • Instruction Fuzzy Hash: EE415871900209AFCF16CF98CD85AEEBBB5FF48305F18809AFA0567211D3399950DB68
                                                            Function 009A8469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 009A86E0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3391106846.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                            • Associated: 00000003.00000002.3391088551.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391127341.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391148327.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391165972.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000003.00000002.3391183935.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_9a0000_file.jbxd
                                                            Similarity
                                                            • API ID: ___except_validate_context_record
                                                            • String ID: csm$csm
                                                            • API String ID: 3493665558-3733052814
                                                            • Opcode ID: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                            • Instruction ID: e5eb7fef57c388b1591a1162c3e1c9b1a461c8bec64cc51ab6a3ef1869e36f37
                                                            • Opcode Fuzzy Hash: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                            • Instruction Fuzzy Hash: 7831C436400219DFCF268F50CC449ABBBAAFF4A365B38455AF85449221DB36CCA1DFD1
                                                            Function 00435DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00435DCB
                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00435E2E
                                                              • Part of subcall function 004B9356: _Yarn.LIBCPMT ref: 004B9375
                                                              • Part of subcall function 004B9356: _Yarn.LIBCPMT ref: 004B9399
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                            • String ID: bad locale name
                                                            • API String ID: 1908188788-1405518554
                                                            • Opcode ID: 4f591d35f3d0401d16c29d601d846a696ee7aa1707a5175f538b14ce155db12b
                                                            • Instruction ID: 3ec4c6a4a97d0462a05707b65000259191fcf5f6abdba4908dc577763c239046
                                                            • Opcode Fuzzy Hash: 4f591d35f3d0401d16c29d601d846a696ee7aa1707a5175f538b14ce155db12b
                                                            • Instruction Fuzzy Hash: 3B210570805784DFD320CF69C90478BBFF4AF15714F14868ED48597781D3B9AA04CBA5
                                                            Function 0047DD40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047DDD1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                            • String ID: .G$0hC
                                                            • API String ID: 323602529-633007509
                                                            • Opcode ID: fa7f0577eed2ee249957cc315ff075d2cc7a9cf360a169e300ae923cf5853acc
                                                            • Instruction ID: def2e33cd38b5e824c816681f9ae39c6530dfa40910c99229239c839cc9e5e1b
                                                            • Opcode Fuzzy Hash: fa7f0577eed2ee249957cc315ff075d2cc7a9cf360a169e300ae923cf5853acc
                                                            • Instruction Fuzzy Hash: 9B21AE74940245DFD720CF1AC844B99FBF8FF05324F148A6EE85597391D775A904CB84
                                                            Function 0044BEB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 0044BEF3
                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 0044BF26
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_copy
                                                            • String ID: MC
                                                            • API String ID: 2659868963-1829682832
                                                            • Opcode ID: ab36d56284830d128f6cf4340ca16e134d89125db0bb4639ace7817866229729
                                                            • Instruction ID: 159077f32092c3bc03b4ae882dbf743a881f4ebbd8d79b989d6de070d85d5faa
                                                            • Opcode Fuzzy Hash: ab36d56284830d128f6cf4340ca16e134d89125db0bb4639ace7817866229729
                                                            • Instruction Fuzzy Hash: 4E112EB5900649EFCB11CF59C980B86FBE8FF19320F10C66BE815A7640E7B4A944CBA4
                                                            Function 004827A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0048285D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                            • String ID: 0$0hC
                                                            • API String ID: 323602529-784950247
                                                            • Opcode ID: 622b40fb6d894d5aa1115991de8c2c5b589d84d9705eb3b065fc2cec7fc6fad0
                                                            • Instruction ID: dd26a1c23eadb7639fef0861fdc2b6c05f84c76fd28c7669f454e47aafc92c53
                                                            • Opcode Fuzzy Hash: 622b40fb6d894d5aa1115991de8c2c5b589d84d9705eb3b065fc2cec7fc6fad0
                                                            • Instruction Fuzzy Hash: FC21F074905298CFCB10CF98C6887DCBBF0AB09308F2480EAD949A7381D775AE58CF55
                                                            Function 0047D9C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047DA4F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                            • String ID: .G$0hC
                                                            • API String ID: 323602529-633007509
                                                            • Opcode ID: d1051db2cb1cfc94d531bfa9645f70c65f72b0c573f779327227424f90c0fd69
                                                            • Instruction ID: 8e7f9f1aa37db0bf33048e17fc0a06a73726813013154025c8e8923a4ade326e
                                                            • Opcode Fuzzy Hash: d1051db2cb1cfc94d531bfa9645f70c65f72b0c573f779327227424f90c0fd69
                                                            • Instruction Fuzzy Hash: 121149B4940744CFDB21CF49C984A99BBF8FB09324F108A5EE89697391D775AA44CF80
                                                            Function 00438A00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438A46
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438A5C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_destroy
                                                            • String ID: MC
                                                            • API String ID: 4194217158-1829682832
                                                            • Opcode ID: 36b679e11db0edd653e0a2647b8e85e069932705a2a35767823b219f623ddd02
                                                            • Instruction ID: 2156576f1eef92af9ffbb3102a1cf8c86cd110feba5e05fe60ab6789c6c907d6
                                                            • Opcode Fuzzy Hash: 36b679e11db0edd653e0a2647b8e85e069932705a2a35767823b219f623ddd02
                                                            • Instruction Fuzzy Hash: 5A01B5B1C44318EBC710DF58DD01B8ABBE8EB1A714F10466FE811E3780E779A60487A5
                                                            Function 00438CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D06
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D1C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_destroy
                                                            • String ID: MC
                                                            • API String ID: 4194217158-1829682832
                                                            • Opcode ID: d7eaf932c4118910232a5250f95a2e385d092f5df7cd9ec96b40b31c7f1f2a93
                                                            • Instruction ID: 34d925613d03c46ca24c24dcd021453886a1a957fa2bd66f6c30760aa6902abf
                                                            • Opcode Fuzzy Hash: d7eaf932c4118910232a5250f95a2e385d092f5df7cd9ec96b40b31c7f1f2a93
                                                            • Instruction Fuzzy Hash: 050192B1C443189BC711DF58DD05B89BBE8EB1A714F14466FE811A3780E7B9A60487A5
                                                            Function 00438DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438E16
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438E2C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_destroy
                                                            • String ID: MC
                                                            • API String ID: 4194217158-1829682832
                                                            • Opcode ID: dd0c4f4c0c82000e457c7f44c182c4aade15206cd65931e5a6e762cfa9f818e5
                                                            • Instruction ID: 81858840e3503bfd15470ad0d796ddf3043ff6da9bec83e018f38d9446b02dde
                                                            • Opcode Fuzzy Hash: dd0c4f4c0c82000e457c7f44c182c4aade15206cd65931e5a6e762cfa9f818e5
                                                            • Instruction Fuzzy Hash: 4A01D2B1C442089FC710DF58DD01B8ABBE8EB1A714F10426FE811E3780E7B9A60487A5
                                                            Function 00438A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438AD6
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438AEC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_destroy
                                                            • String ID: MC
                                                            • API String ID: 4194217158-1829682832
                                                            • Opcode ID: 54ef2c628f25b7a2a23f3ae652ac74171c9fd81bd4396ab0a0f6fcd8ada00686
                                                            • Instruction ID: 14708e90e5e2dd6187806a9d8007313cf644032e1f72ff90a2cf062a52645627
                                                            • Opcode Fuzzy Hash: 54ef2c628f25b7a2a23f3ae652ac74171c9fd81bd4396ab0a0f6fcd8ada00686
                                                            • Instruction Fuzzy Hash: AD0131B1C54658DFC710DF98D901B8ABBF8EB09724F10466BE815E3780E779A6048BA5
                                                            Function 00438D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D96
                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00438DAC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ___std_exception_destroy
                                                            • String ID: MC
                                                            • API String ID: 4194217158-1829682832
                                                            • Opcode ID: 2a7c72095c6804fc0da1c178a4919001dd8fbeb9815b62e3a8e22e5ece97145b
                                                            • Instruction ID: 57808b7f7ef1f41f2f9046275374ae6f4c4975ec05ee0e2f2319a2ec8c3047b8
                                                            • Opcode Fuzzy Hash: 2a7c72095c6804fc0da1c178a4919001dd8fbeb9815b62e3a8e22e5ece97145b
                                                            • Instruction Fuzzy Hash: BB0136B1C44658DFC710DF98D901B89BBF8EB09714F10466FE815E3780E77566048B65
                                                            Function 0048A6B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlInitUnicodeString.NTDLL(?), ref: 0048A6D9
                                                            • RtlInitUnicodeString.NTDLL(?,00000000), ref: 0048A6E4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InitStringUnicode
                                                            • String ID: 0Q8w
                                                            • API String ID: 4228678080-1710177118
                                                            • Opcode ID: 7daf87f8c1ea5e59ace241312ec7f61dd946e809b9173c130261c4fe55fa0827
                                                            • Instruction ID: 9965e4e76de23dc0ee0a0bab637c9cbc157b952fc1d2a329a02330ce3ace71f2
                                                            • Opcode Fuzzy Hash: 7daf87f8c1ea5e59ace241312ec7f61dd946e809b9173c130261c4fe55fa0827
                                                            • Instruction Fuzzy Hash: 7CF03036140649DFC701CF99E888D96B7ECBB6C3107548453E945C7620C232F8A9CB61
                                                            Function 004BA04D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 004805F0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,8047B0C5,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480617
                                                              • Part of subcall function 004805F0: GetLastError.KERNEL32(?,00000000,00000000,8047B0C5,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480621
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00434B5D), ref: 004BA080
                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00434B5D), ref: 004BA08F
                                                            Strings
                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004BA08A
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.3390983142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_file.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                            • API String ID: 3511171328-631824599
                                                            • Opcode ID: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                                            • Instruction ID: d36ccacf6001ae6edc25a42526d65594664b7a1234a3e60676ee06f56b9b42c5
                                                            • Opcode Fuzzy Hash: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                                            • Instruction Fuzzy Hash: 64E065701007018FD330AF3AD40C3467BE0AB14304F00882FD945C7750E7B9D4088B66