Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
drop1.exe

Overview

General Information

Sample name:drop1.exe
Analysis ID:1586872
MD5:60b0f0816c90a313de1549890708f848
SHA1:cb8c0007e9fd7460c6cc7bb66c9dafc02b10b869
SHA256:249658063881bcc13f2b21919906d68272dff1348251a2a1cb77abaf0eaf0c3d
Tags:exeuser-threatinte1
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • drop1.exe (PID: 4340 cmdline: "C:\Users\user\Desktop\drop1.exe" MD5: 60B0F0816C90A313DE1549890708F848)
    • conhost.exe (PID: 2896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • drop1.exe (PID: 5356 cmdline: "C:\Users\user\Desktop\drop1.exe" MD5: 60B0F0816C90A313DE1549890708F848)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "2", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
      • 0xff0dc:$str01: emoji
      • 0x1018d8:$str02: %d-%m-%Y, %H:%M:%S
      • 0x101940:$str03: [UTC
      • 0x10194c:$str04: user_name
      • 0x101970:$str05: computer_name
      • 0x101994:$str06: timezone
      • 0x1018c4:$str07: current_path()
      • 0xff0a8:$str08: [json.exception.
      • 0x11502e:$str09: GDI32.dll
      • 0x1152a0:$str10: GdipGetImageEncoders
      • 0x115318:$str10: GdipGetImageEncoders
      • 0x114948:$str11: GetGeoInfoA
      Process Memory Space: drop1.exe PID: 5356JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: drop1.exe PID: 5356JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.drop1.exe.107e220.1.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.drop1.exe.107e220.1.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
            • 0xfbcdc:$str01: emoji
            • 0xfe4d8:$str02: %d-%m-%Y, %H:%M:%S
            • 0xfe540:$str03: [UTC
            • 0xfe54c:$str04: user_name
            • 0xfe570:$str05: computer_name
            • 0xfe594:$str06: timezone
            • 0xfe4c4:$str07: current_path()
            • 0xfbca8:$str08: [json.exception.
            • 0x111c2e:$str09: GDI32.dll
            • 0x111ea0:$str10: GdipGetImageEncoders
            • 0x111f18:$str10: GdipGetImageEncoders
            • 0x111548:$str11: GetGeoInfoA
            0.2.drop1.exe.107e220.1.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              0.2.drop1.exe.107e220.1.raw.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
              • 0xfd6dc:$str01: emoji
              • 0xffed8:$str02: %d-%m-%Y, %H:%M:%S
              • 0xfff40:$str03: [UTC
              • 0xfff4c:$str04: user_name
              • 0xfff70:$str05: computer_name
              • 0xfff94:$str06: timezone
              • 0xffec4:$str07: current_path()
              • 0xfd6a8:$str08: [json.exception.
              • 0x11362e:$str09: GDI32.dll
              • 0x1138a0:$str10: GdipGetImageEncoders
              • 0x113918:$str10: GdipGetImageEncoders
              • 0x112f48:$str11: GetGeoInfoA
              2.2.drop1.exe.400000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
                Click to see the 3 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-09T17:49:04.962293+010020494411A Network Trojan was detected192.168.2.44973166.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-09T17:49:04.962293+010020508061A Network Trojan was detected192.168.2.44973166.63.187.17315666TCP
                2025-01-09T17:49:04.967644+010020508061A Network Trojan was detected192.168.2.44973166.63.187.17315666TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-09T17:49:04.962293+010020508071A Network Trojan was detected192.168.2.44973166.63.187.17315666TCP
                2025-01-09T17:49:04.967644+010020508071A Network Trojan was detected192.168.2.44973166.63.187.17315666TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 2.2.drop1.exe.400000.0.raw.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "66.63.187.173", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt; .doc; .xlsx", "build_name": "2", "links": "", "port": 15666}
                Multi AV Scanner detection for submitted file
                Source: drop1.exeReversingLabs: Detection: 86%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                Machine Learning detection for sample
                Source: drop1.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047A610 CryptUnprotectData,LocalFree,2_2_0047A610
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043D4A0 BCryptDestroyKey,2_2_0043D4A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047A950 CryptProtectData,LocalFree,2_2_0047A950
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047AAE0 BCryptDecrypt,BCryptDecrypt,2_2_0047AAE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00440B60 CryptUnprotectData,LocalFree,2_2_00440B60
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047AE10 BCryptCloseAlgorithmProvider,2_2_0047AE10
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047AE80 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,2_2_0047AE80
                Source: drop1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: drop1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009ABE9A FindFirstFileExW,0_2_009ABE9A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009ABF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_009ABF4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004402D0 FindFirstFileW,FindNextFileW,2_2_004402D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,2_2_004B84C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_004B8545
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B84E0 FindFirstFileExW,2_2_004B84E0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00487550 GetLogicalDriveStringsW,2_2_00487550
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49731 -> 66.63.187.173:15666
                Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49731 -> 66.63.187.173:15666
                Source: global trafficTCP traffic: 192.168.2.4:49731 -> 66.63.187.173:15666
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownDNS query: name: api.ipify.org
                Source: unknownDNS query: name: api.ipify.org
                Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49731 -> 66.63.187.173:15666
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.173
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00485350 recv,recv,recv,recv,recv,recv,closesocket,WSACleanup,2_2_00485350
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                Source: drop1.exe, 00000002.00000003.1892703610.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1892852444.00000000017BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.exif/1
                Source: drop1.exe, 00000002.00000003.1892703610.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1892852444.00000000017BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsofo/1.2/S
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/)
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/U
                Source: drop1.exe, 00000002.00000003.1701650624.00000000013D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: drop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: drop1.exe, 00000002.00000003.1701650624.00000000013D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: drop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004AEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683113723.0000000004AEC000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004AEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683113723.0000000004AEC000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004AEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683113723.0000000004AEC000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: drop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1701650624.00000000013D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: drop1.exe, 00000002.00000003.1697741837.00000000046B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.moz
                Source: drop1.exe, 00000002.00000003.1697512481.00000000045E0000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F1E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F26000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697350515.0000000004007000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004AFD000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004B05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                Source: drop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: drop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                Source: drop1.exe, 00000002.00000003.1683113723.0000000004B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: drop1.exe, 00000002.00000003.1682722943.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682939418.0000000004B30000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682811422.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683301990.0000000004B56000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: drop1.exe, 00000002.00000003.1683113723.0000000004B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: drop1.exe, 00000002.00000003.1682722943.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682939418.0000000004B30000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682811422.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683301990.0000000004B56000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: drop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: drop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1701650624.00000000013D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: drop1.exe, 00000002.00000003.1697512481.00000000045E0000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F1E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696599580.0000000004B98000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F26000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697350515.0000000004007000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004AFD000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004B05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: drop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: drop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: drop1.exe, 00000002.00000003.1697741837.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004B0D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: drop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: drop1.exe, 00000002.00000003.1697741837.00000000046B6000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004B0D000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49732 version: TLS 1.2
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00485F00 GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_00485F00

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.drop1.exe.107e220.1.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 0.2.drop1.exe.107e220.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 2.2.drop1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 2.2.drop1.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0048A0A0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,2_2_0048A0A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,2_2_0048A710
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A10000_2_009A1000
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A52350_2_009A5235
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009B15420_2_009B1542
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004422D02_2_004422D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043A2B02_2_0043A2B0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004464002_2_00446400
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004884002_2_00488400
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043E4F02_2_0043E4F0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004395D02_2_004395D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004877802_2_00487780
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004858402_2_00485840
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043C9702_2_0043C970
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004479C02_2_004479C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00459A062_2_00459A06
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0046EB702_2_0046EB70
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0046BCE02_2_0046BCE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00439D602_2_00439D60
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00470EF02_2_00470EF0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043BF702_2_0043BF70
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004620802_2_00462080
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004320A02_2_004320A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004A70A72_2_004A70A7
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0042D1502_2_0042D150
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004791302_2_00479130
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004741902_2_00474190
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004612502_2_00461250
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004082702_2_00408270
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B63802_2_004B6380
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004074702_2_00407470
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004624102_2_00462410
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0045C4C02_2_0045C4C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043D4A02_2_0043D4A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047E5802_2_0047E580
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0046B6202_2_0046B620
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004687502_2_00468750
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004197702_2_00419770
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0045C7002_2_0045C700
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004917CA2_2_004917CA
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0045D7A02_2_0045D7A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004627A02_2_004627A0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0049687E2_2_0049687E
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B68702_2_004B6870
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043A8002_2_0043A800
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004938002_2_00493800
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0049F8A22_2_0049F8A2
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004619402_2_00461940
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004459502_2_00445950
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004789902_2_00478990
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004ACA4B2_2_004ACA4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00406AE02_2_00406AE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B3AE02_2_004B3AE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00430AF02_2_00430AF0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0048AA802_2_0048AA80
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00414AA02_2_00414AA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0045EAA02_2_0045EAA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00476AB62_2_00476AB6
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00462B502_2_00462B50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00482C4B2_2_00482C4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004BCC402_2_004BCC40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B6C402_2_004B6C40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00461CC02_2_00461CC0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00478D402_2_00478D40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B6D302_2_004B6D30
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B1D302_2_004B1D30
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00440DE02_2_00440DE0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0043AE502_2_0043AE50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0042EEA02_2_0042EEA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00406F402_2_00406F40
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00444F502_2_00444F50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00443F002_2_00443F00
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00456F002_2_00456F00
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00412FA02_2_00412FA0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A10002_2_009A1000
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A52352_2_009A5235
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009B15422_2_009B1542
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 004AC500 appears 58 times
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 009A51F0 appears 64 times
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 004517F0 appears 53 times
                Source: C:\Users\user\Desktop\drop1.exeCode function: String function: 009A970F appears 36 times
                Source: drop1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: 0.2.drop1.exe.107e220.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 0.2.drop1.exe.107e220.1.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 2.2.drop1.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 2.2.drop1.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
                Source: drop1.exeStatic PE information: Section: .bss ZLIB complexity 1.0003138195647467
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/0@1/2
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0048CB50 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,2_2_0048CB50
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004473D0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,2_2_004473D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00477EE0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,2_2_00477EE0
                Source: C:\Users\user\Desktop\drop1.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69636FEA4217
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2896:120:WilError_03
                Source: drop1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: drop1.exe, 00000002.00000003.1683665006.00000000013C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: drop1.exeReversingLabs: Detection: 86%
                Source: C:\Users\user\Desktop\drop1.exeFile read: C:\Users\user\Desktop\drop1.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: drop1.exeStatic file information: File size 1293312 > 1048576
                Source: drop1.exeStatic PE information: Raw size of .bss is bigger than: 0x100000 < 0x120a00
                Source: drop1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: drop1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_00446400
                Source: drop1.exeStatic PE information: section name: .OO
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A46A3 push ecx; ret 0_2_009A46B6
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004ACE0C push ecx; ret 2_2_004ACE1F
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A46A3 push ecx; ret 2_2_009A46B6
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047E240 GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,ExitProcess,ReleaseMutex,CloseHandle,2_2_0047E240
                Source: C:\Users\user\Desktop\drop1.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-57172
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009ABE9A FindFirstFileExW,0_2_009ABE9A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009ABF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_009ABF4B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004402D0 FindFirstFileW,FindNextFileW,2_2_004402D0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B84C0 FindClose,FindFirstFileExW,GetLastError,2_2_004B84C0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B8545 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_004B8545
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004B84E0 FindFirstFileExW,2_2_004B84E0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00487550 GetLogicalDriveStringsW,2_2_00487550
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00498574 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,2_2_00498574
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\migration\wtr\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
                Source: drop1.exe, 00000002.00000003.1682172079.0000000001365000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682911061.0000000001366000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000002.1893429161.0000000001365000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: drop1.exe, 00000002.00000003.1682172079.0000000001365000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682911061.0000000001366000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000002.1893429161.0000000001365000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWUi7
                Source: C:\Users\user\Desktop\drop1.exeAPI call chain: ExitProcess graph end nodegraph_2-57192
                Source: C:\Users\user\Desktop\drop1.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0048A710 RtlAcquirePebLock,NtAllocateVirtualMemory,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,2_2_0048A710
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A78CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A78CC
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00498574 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C2_2_00498574
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00446400 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_00446400
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009BA1A9 mov edi, dword ptr fs:[00000030h]0_2_009BA1A9
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A1770 mov edi, dword ptr fs:[00000030h]0_2_009A1770
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A1770 mov edi, dword ptr fs:[00000030h]2_2_009A1770
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A9726 GetProcessHeap,0_2_009A9726
                Source: C:\Users\user\Desktop\drop1.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A78CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A78CC
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A501B SetUnhandledExceptionFilter,0_2_009A501B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A5027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009A5027
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A45B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009A45B7
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004AC6BF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004AC6BF
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004AC80A SetUnhandledExceptionFilter,2_2_004AC80A
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00497B2D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00497B2D
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004ABFD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_004ABFD4
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A501B SetUnhandledExceptionFilter,2_2_009A501B
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A5027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_009A5027
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A45B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_009A45B7
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_009A78CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_009A78CC

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009BA1A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_009BA1A9
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\drop1.exeMemory written: C:\Users\user\Desktop\drop1.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_0047D2F0 ShellExecuteW,OpenProcessToken,GetCurrentProcess,GetTokenInformation,std::ios_base::_Ios_base_dtor,2_2_0047D2F0
                Source: C:\Users\user\Desktop\drop1.exeProcess created: C:\Users\user\Desktop\drop1.exe "C:\Users\user\Desktop\drop1.exe"Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_00486C50 cpuid 2_2_00486C50
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_004A6109
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoEx,FormatMessageA,2_2_004B824D
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,2_2_004A620F
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_004A62E5
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,2_2_0049C70E
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,2_2_004A5C67
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,2_2_004A5C1A
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,2_2_004A5C1C
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,2_2_0049CCB0
                Source: C:\Users\user\Desktop\drop1.exeCode function: EnumSystemLocalesW,2_2_004A5D02
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_004A5D8D
                Source: C:\Users\user\Desktop\drop1.exeCode function: GetLocaleInfoW,2_2_004A5FE0
                Source: C:\Users\user\Desktop\drop1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeCode function: 0_2_009A48D3 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_009A48D3
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004863F0 GetUserNameW,2_2_004863F0
                Source: C:\Users\user\Desktop\drop1.exeCode function: 2_2_004A1074 GetTimeZoneInformation,2_2_004A1074

                Stealing of Sensitive Information

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 5356, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.drop1.exe.107e220.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.drop1.exe.107e220.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.drop1.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.drop1.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 5356, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: drop1.exe, 00000002.00000003.1890733096.0000000001380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\config
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\wallets
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ptrty.jaxx\IndexedDB\file__0.indexeddb.leveldb
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Source: drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\drop1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\drop1.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected CredGrabber
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 5356, type: MEMORYSTR
                Yara detected Meduza Stealer
                Source: Yara matchFile source: 0.2.drop1.exe.107e220.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.drop1.exe.107e220.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.drop1.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.drop1.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: drop1.exe PID: 5356, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		12
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                Account Discovery                		Remote Desktop Protocol2
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Access Token Manipulation                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		1
                Non-Standard Port                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook211
                Process Injection                		1
                Software Packing                		NTDS34
                System Information Discovery                		Distributed Component Object Model1
                Email Collection                		2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Query Registry                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Access Token Manipulation                		Cached Domain Credentials21
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                Process Injection                		DCSync2
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                System Owner/User Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                System Network Configuration Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                drop1.exe87%ReversingLabsWin32.Trojan.LummaStealer
                drop1.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://ns.exif/10%Avira URL Cloudsafe
                https://support.moz0%Avira URL Cloudsafe
                http://ns.microsofo/1.2/S0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                api.ipify.org
                		172.67.74.152
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabdrop1.exe, 00000002.00000003.1681737362.0000000004AEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683113723.0000000004AEC000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFdrop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=drop1.exe, 00000002.00000003.1681737362.0000000004AEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683113723.0000000004AEC000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgdrop1.exe, 00000002.00000003.1701650624.00000000013D4000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://www.google.com/images/branding/product/ico/googleg_lodp.icodrop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.drop1.exe, 00000002.00000003.1701650624.00000000013D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=drop1.exe, 00000002.00000003.1681737362.0000000004AEB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683113723.0000000004AEC000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://ns.microsofo/1.2/Sdrop1.exe, 00000002.00000003.1892703610.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1892852444.00000000017BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctadrop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016drop1.exe, 00000002.00000003.1683113723.0000000004B7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17drop1.exe, 00000002.00000003.1683113723.0000000004B7B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.ipify.org/)drop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.ecosia.org/newtab/drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brdrop1.exe, 00000002.00000003.1697350515.000000000400E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://ac.ecosia.org/autocomplete?q=drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://ns.exif/1drop1.exe, 00000002.00000003.1892703610.00000000017BB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1892852444.00000000017BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://api.ipify.orgdrop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://support.mozdrop1.exe, 00000002.00000003.1697741837.00000000046B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgdrop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYidrop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1701650624.00000000013D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installdrop1.exe, 00000002.00000003.1682722943.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682939418.0000000004B30000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682811422.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683301990.0000000004B56000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchdrop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.ipify.org/Udrop1.exe, 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://support.mozilla.orgdrop1.exe, 00000002.00000003.1697512481.00000000045E0000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F1E000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697196531.0000000003F26000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1697350515.0000000004007000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004AFD000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1696286055.0000000004B05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesdrop1.exe, 00000002.00000003.1682722943.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B06000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682939418.0000000004B30000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682811422.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1683301990.0000000004B56000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004AFB000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682460238.0000000004B17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=drop1.exe, 00000002.00000003.1681737362.0000000004B04000.00000004.00000020.00020000.00000000.sdmp, drop1.exe, 00000002.00000003.1682124101.000000000137B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94drop1.exe, 00000002.00000003.1701881030.000000000137F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      66.63.187.173
                                                                      		unknownUnited States
                                                                      		8100ASN-QUADRANET-GLOBALUStrue
                                                                      172.67.74.152
                                                                      		api.ipify.orgUnited States
                                                                      		13335CLOUDFLARENETUSfalse

                                                                      General Information

                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                      Analysis ID:1586872
                                                                      Start date and time:2025-01-09 17:48:07 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 4m 47s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:6
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:drop1.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@4/0@1/2
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 99%
                                                                      • Number of executed functions: 83
                                                                      • Number of non-executed functions: 127
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Stop behavior analysis, all processes terminated

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing network information.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • VT rate limit hit for: drop1.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      No simulations

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      66.63.187.173drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                        drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                          file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            172.67.74.152jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/?format=text
                                                                            malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                                            • api.ipify.org/
                                                                            Simple1.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            Simple2.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                            • api.ipify.org/
                                                                            Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            api.ipify.orghttps://vq6btbhdpo.nutignaera.shop/?email=YWxlamFuZHJvLmdhcnJpZG9Ac2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                            • 104.26.12.205
                                                                            EZZGTmJj4O.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 104.26.13.205
                                                                            proforma invoice pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                            • 104.26.12.205
                                                                            mail (4).emlGet hashmaliciousUnknownBrowse
                                                                            • 172.67.74.152
                                                                            random.exeGet hashmaliciousCStealerBrowse
                                                                            • 104.26.12.205
                                                                            random.exeGet hashmaliciousCStealerBrowse
                                                                            • 172.67.74.152
                                                                            http://sammobile.digidip.net/visit?url=https://massageclinic.com.au/wadblacks2&currurl=https://www.sammobile.com/2018/06/06/june-2018-security-patch-information-published-by-samsung/Get hashmaliciousGabagoolBrowse
                                                                            • 104.26.13.205
                                                                            Ref#66001032.exeGet hashmaliciousAgentTeslaBrowse
                                                                            • 104.26.12.205
                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                            • 172.67.74.152
                                                                            https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                            • 172.67.74.152

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            ASN-QUADRANET-GLOBALUSfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XWorm, XmrigBrowse
                                                                            • 66.63.187.122
                                                                            drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            • 66.63.187.173
                                                                            drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            • 66.63.187.173
                                                                            file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                            • 66.63.187.173
                                                                            Fantazy.spc.elfGet hashmaliciousUnknownBrowse
                                                                            • 104.223.10.34
                                                                            1.elfGet hashmaliciousUnknownBrowse
                                                                            • 72.11.146.74
                                                                            Aqua.arm7.elfGet hashmaliciousMiraiBrowse
                                                                            • 193.111.248.108
                                                                            Aqua.mips.elfGet hashmaliciousUnknownBrowse
                                                                            • 193.111.248.108
                                                                            Aqua.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                            • 193.111.248.108
                                                                            CLOUDFLARENETUSFantazy.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                            • 1.3.115.13
                                                                            https://sora-ai-download.com/Get hashmaliciousUnknownBrowse
                                                                            • 104.22.20.144
                                                                            ReIayMSG__polarisrx.com_#7107380109.htmGet hashmaliciousHTMLPhisherBrowse
                                                                            • 104.18.11.207
                                                                            Appraisal-nation-Review_and_Signature_Request46074.pdfGet hashmaliciousUnknownBrowse
                                                                            • 104.26.5.30
                                                                            ReIayMSG__polarisrx.com_#6577807268.htmGet hashmaliciousHTMLPhisherBrowse
                                                                            • 104.17.25.14
                                                                            Appraisal-nation-Review_and_Signature_Request46074.pdfGet hashmaliciousUnknownBrowse
                                                                            • 104.17.25.14
                                                                            QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.32.1
                                                                            sora.arm7.elfGet hashmaliciousUnknownBrowse
                                                                            • 8.44.60.40
                                                                            QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.13.141
                                                                            https://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2Get hashmaliciousUnknownBrowse
                                                                            • 104.17.25.14

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            37f463bf4616ecd445d4a1937da06e19DyM4yXX.exeGet hashmaliciousVidarBrowse
                                                                            • 172.67.74.152
                                                                            http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                            • 172.67.74.152
                                                                            DHL_Awb_Shipping_Invoice_doc_010720257820020031808174CN1800301072025.bat.exeGet hashmaliciousRemcosBrowse
                                                                            • 172.67.74.152
                                                                            xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.74.152
                                                                            DLKs2Qeljg.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.74.152
                                                                            fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.74.152
                                                                            Ljrprfl3BH.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.74.152
                                                                            2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                                            • 172.67.74.152
                                                                            2362476847-83854387.07.exeGet hashmaliciousUnknownBrowse
                                                                            • 172.67.74.152
                                                                            2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                                                            • 172.67.74.152

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            No created / dropped files found

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                            Entropy (8bit):7.959249842887653
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:drop1.exe
                                                                            File size:1'293'312 bytes
                                                                            MD5:60b0f0816c90a313de1549890708f848
                                                                            SHA1:cb8c0007e9fd7460c6cc7bb66c9dafc02b10b869
                                                                            SHA256:249658063881bcc13f2b21919906d68272dff1348251a2a1cb77abaf0eaf0c3d
                                                                            SHA512:ef93de31ecfb6e779fe5013165c508b202a95067c88aa8dddbffaaf74996eb7ebfd455fc7de60a90930bde808704beb7472400356e44f9c4caa47863227d77ff
                                                                            SSDEEP:24576:Bdl/BxIgevnHodySw5KPwlXkV8sWGzv6VD0iNKlsTEc8qF71X:/l/85vnIdyd5QwlXkBmLNfky7F
                                                                            TLSH:F455235131C0C4B1CBA3583645B0BB56592DFD314FB0A9FF278D59A15E22AD08A3CAFB
                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...bI\g..........".................\L............@.......................................@.................................D~..(..

                                                                            File Icon

                                                                            Icon Hash:90cececece8e8eb0

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x404c5c
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows cui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x675C4962 [Fri Dec 13 14:49:06 2024 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:6
                                                                            OS Version Minor:0
                                                                            File Version Major:6
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:6
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:2716f32d1d63b3fc977d6064633b778d

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            call 00007F268CC7E5DAh
                                                                            jmp 00007F268CC7E1F9h
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push dword ptr [ebp+08h]
                                                                            call 00007F268CC7E38Fh
                                                                            neg eax
                                                                            pop ecx
                                                                            sbb eax, eax
                                                                            neg eax
                                                                            dec eax
                                                                            pop ebp
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            cmp dword ptr [0041B4F0h], FFFFFFFFh
                                                                            push dword ptr [ebp+08h]
                                                                            jne 00007F268CC7E389h
                                                                            call 00007F268CC809A1h
                                                                            jmp 00007F268CC7E38Dh
                                                                            push 0041B4F0h
                                                                            call 00007F268CC80924h
                                                                            pop ecx
                                                                            pop ecx
                                                                            xor ecx, ecx
                                                                            test eax, eax
                                                                            cmove ecx, dword ptr [ebp+08h]
                                                                            mov eax, ecx
                                                                            pop ebp
                                                                            ret
                                                                            push 00000008h
                                                                            push 00418D38h
                                                                            call 00007F268CC7E8C0h
                                                                            and dword ptr [ebp-04h], 00000000h
                                                                            mov eax, 00005A4Dh
                                                                            cmp word ptr [00400000h], ax
                                                                            jne 00007F268CC7E3DFh
                                                                            mov eax, dword ptr [0040003Ch]
                                                                            cmp dword ptr [eax+00400000h], 00004550h
                                                                            jne 00007F268CC7E3CEh
                                                                            mov ecx, 0000010Bh
                                                                            cmp word ptr [eax+00400018h], cx
                                                                            jne 00007F268CC7E3C0h
                                                                            mov eax, dword ptr [ebp+08h]
                                                                            mov ecx, 00400000h
                                                                            sub eax, ecx
                                                                            push eax
                                                                            push ecx
                                                                            call 00007F268CC7E502h
                                                                            pop ecx
                                                                            pop ecx
                                                                            test eax, eax
                                                                            je 00007F268CC7E3A9h
                                                                            cmp dword ptr [eax+24h], 00000000h
                                                                            jl 00007F268CC7E3A3h
                                                                            mov dword ptr [ebp-04h], FFFFFFFEh
                                                                            mov al, 01h
                                                                            jmp 00007F268CC7E3A1h
                                                                            mov eax, dword ptr [ebp-14h]
                                                                            mov eax, dword ptr [eax]
                                                                            xor ecx, ecx
                                                                            cmp dword ptr [eax], C0000005h
                                                                            sete cl
                                                                            mov eax, ecx
                                                                            ret
                                                                            mov esp, dword ptr [ebp-18h]

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x17e440x28.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d0000xe8.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e0000x12fc.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x128080xc0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x17fac0x140.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x10c150x10e0005d7420100633613bdbd5a889171c5f7False0.5704427083333333data6.50620173764596IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x120000x72940x74004965eb04eb8b1b66b8d84a097bc01bc3False0.3977976831896552data4.65662016842751IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x1a0000x1c100x12006a2a147d595c2e66ddd7fdd872225955False0.4281684027777778data4.604642940636322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .OO0x1c0000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x1d0000xe80x2000713d2c4e51a805f2ce8d9843bcbad43False0.306640625data2.337865625306241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0x1e0000x12fc0x1400c56221e7af6185e7585b1796050bcf12False0.778515625data6.424268394395036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                            .bss0x200000x120a000x120a007bebd6b0070e8bca1955d94098e27d8aFalse1.0003138195647467data7.999822682751923IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_MANIFEST0x1d0600x87XML 1.0 document, ASCII textEnglishUnited States0.8222222222222222

                                                                            Imports

                                                                            DLLImport
                                                                            KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, CreateThread, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileType, GetLastError, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2025-01-09T17:49:04.962293+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.44973166.63.187.17315666TCP
                                                                            2025-01-09T17:49:04.962293+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973166.63.187.17315666TCP
                                                                            2025-01-09T17:49:04.962293+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973166.63.187.17315666TCP
                                                                            2025-01-09T17:49:04.967644+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973166.63.187.17315666TCP
                                                                            2025-01-09T17:49:04.967644+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973166.63.187.17315666TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jan 9, 2025 17:48:59.485619068 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:48:59.490554094 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:48:59.490632057 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:48:59.584553003 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:48:59.584640026 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:48:59.584887028 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:48:59.603393078 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:48:59.603415012 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.092696905 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.092776060 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.144259930 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.144279003 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.145215034 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.145272970 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.149105072 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.191337109 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.258047104 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.258111000 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.258120060 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.258162975 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.258189917 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:00.258240938 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.262697935 CET49732443192.168.2.4172.67.74.152
                                                                            Jan 9, 2025 17:49:00.262711048 CET44349732172.67.74.152192.168.2.4
                                                                            Jan 9, 2025 17:49:04.962292910 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.967567921 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.967582941 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.967616081 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.967629910 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.967642069 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.967643976 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.967654943 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.967660904 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.967696905 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.971806049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.971820116 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.971884012 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.972040892 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.972054958 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.972089052 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.972104073 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.974030972 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974044085 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974071980 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974080086 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.974086046 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974092007 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.974101067 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974111080 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.974116087 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974124908 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.974136114 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.974159956 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.974245071 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974260092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.974302053 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.976623058 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.976671934 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.976728916 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.976742983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.976782084 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.976802111 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.976953030 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.977003098 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.977251053 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.977309942 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.979293108 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.979340076 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.979351044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.979387045 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.979388952 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.979432106 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.979454994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.979490995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.979505062 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.979537964 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.981225967 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.981275082 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.981786966 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.981838942 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.981884003 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.981899023 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.981926918 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.981937885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.981939077 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.981988907 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982022047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982024908 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982038975 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982042074 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982072115 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982073069 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982080936 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982088089 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982105017 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982119083 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982120991 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982137918 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982156992 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982158899 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982172012 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.982196093 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.982215881 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983273983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983295918 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983323097 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983345985 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983352900 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983376026 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983392000 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983398914 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983417988 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983421087 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983439922 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983462095 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983463049 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983484030 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983484983 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983499050 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983510017 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.983525038 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.983549118 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984137058 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984196901 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984301090 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984323025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984342098 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984348059 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984358072 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984370947 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984394073 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984416962 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984491110 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984513044 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984536886 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984551907 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984561920 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984574080 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984596014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984612942 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984627008 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984635115 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984658003 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984682083 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984688997 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984708071 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984729052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984729052 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984752893 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984762907 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984770060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984791994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984812021 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984818935 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984831095 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984837055 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984854937 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984858990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984879971 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.984883070 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984899998 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.984921932 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.986119986 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.986144066 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.986166000 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.986166000 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.986192942 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.986205101 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.986264944 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.986310959 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.986650944 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.986697912 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.986830950 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.986852884 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.986881971 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.986896992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987061024 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987082958 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987104893 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987128973 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987133980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987150908 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987174034 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987178087 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987185001 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987221003 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987236977 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987279892 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987344980 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987366915 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987389088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987390995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987413883 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987418890 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987431049 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987454891 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987457037 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987478018 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987498045 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987502098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987525940 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987543106 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987543106 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987565994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987586021 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987586975 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987610102 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987622023 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987629890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987652063 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987673044 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987673998 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987696886 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987709045 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987715960 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987737894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987759113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987765074 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987776041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987780094 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987801075 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987804890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.987823009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.987848043 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988287926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988341093 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988384008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988425016 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988432884 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988471985 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988501072 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988528013 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988548994 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988569975 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988596916 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988619089 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988641024 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988661051 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988665104 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988682985 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988706112 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988708019 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988734007 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988749981 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988749981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988773108 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988795042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988799095 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988818884 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988841057 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988842010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988864899 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988886118 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988889933 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988902092 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988907099 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988908052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988926888 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988933086 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.988951921 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988964081 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.988995075 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989039898 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989092112 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989140034 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989161015 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989186049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989207983 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989228010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989231110 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989249945 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989272118 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989274025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989295959 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989310980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989646912 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989686966 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989697933 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989708900 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989729881 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989754915 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989847898 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989870071 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989893913 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989909887 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.989916086 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.989953995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990269899 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990293026 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990318060 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990339994 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990372896 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990395069 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990417957 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990446091 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990453005 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990474939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990495920 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990514994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990520000 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990536928 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990559101 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990576029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990581036 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990597010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990619898 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990638018 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990643024 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990660906 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990684032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990701914 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990710974 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990725040 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990744114 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990752935 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990766048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990787983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990809917 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990825891 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990835905 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990849018 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990869999 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990871906 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990890026 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990891933 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990900040 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990910053 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990932941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.990938902 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990962029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990983009 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.990987062 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991003990 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991004944 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991027117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991039038 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991045952 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991066933 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991087914 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991089106 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991110086 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991111040 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991120100 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991147995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991149902 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991173029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991193056 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991198063 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991209984 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991235971 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991395950 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991417885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991440058 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991458893 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991461992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991481066 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991513014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991522074 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991784096 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991806030 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991827011 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991846085 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991851091 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991868019 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991892099 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991914034 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.991930962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991952896 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.991976976 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992033958 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992042065 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992085934 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992153883 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992181063 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992203951 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992208004 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992228031 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992242098 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992723942 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992750883 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992801905 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992876053 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992891073 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992907047 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.992916107 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992927074 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.992953062 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993000984 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993045092 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993068933 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993096113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993113995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993136883 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993218899 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993232965 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993257046 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993271112 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993288040 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993302107 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993324995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993335009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993339062 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993364096 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993372917 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993375063 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993386984 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993411064 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993422031 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993457079 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993469954 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993489981 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993503094 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993514061 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993527889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993537903 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993551970 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993554115 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993582964 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993585110 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993601084 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993633986 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993647099 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993654013 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993670940 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993671894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993685007 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993689060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993711948 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993720055 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993725061 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993747950 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993767977 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993788958 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993834972 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993866920 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993880987 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993906021 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993913889 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993927956 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993951082 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993957043 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993963957 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.993968964 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.993993044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994000912 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994057894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994071960 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994106054 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994108915 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994122982 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994148970 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994173050 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994179964 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994203091 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994225025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994231939 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994236946 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994294882 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994309902 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994333982 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994340897 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994348049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994362116 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994371891 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994379997 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994466066 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994481087 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994505882 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994509935 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994519949 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994520903 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994540930 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994561911 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994597912 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994611979 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994637012 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994637966 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994652987 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994654894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994673967 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994699001 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994704962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994719028 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994746923 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994757891 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994820118 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994832993 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994852066 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994859934 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994867086 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.994869947 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994883060 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.994904041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995012999 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995026112 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995038986 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995052099 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995064974 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995064974 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995075941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995079041 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995085955 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995102882 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995105982 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995117903 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995120049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995137930 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995146036 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995158911 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995174885 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995174885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995213985 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995215893 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995227098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995248079 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995251894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995258093 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995270014 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995290041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995296955 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995301962 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995347977 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995373964 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995393038 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995415926 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995498896 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995512962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995526075 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995538950 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995542049 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995559931 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995565891 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995568037 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995579958 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995594978 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995605946 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995608091 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995615005 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995631933 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995640993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995682001 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995697021 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995721102 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995721102 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995738029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995743036 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995762110 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995775938 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995862961 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995877028 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995902061 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995902061 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995915890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995923042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995938063 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995963097 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.995965004 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.995982885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996004105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996012926 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996093988 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996108055 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996134043 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996143103 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996146917 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996161938 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996185064 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996186018 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996201038 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996205091 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996217012 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996238947 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996294975 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996309042 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996337891 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996352911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996401072 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996407986 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996453047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996495962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996510029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996526003 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996536970 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996548891 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996561050 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996571064 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996613026 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996614933 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996645927 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996665955 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996673107 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996686935 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996694088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996706009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996712923 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996726990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996727943 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996752024 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996766090 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996778965 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996794939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996810913 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996826887 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996829987 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996838093 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996845961 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996870041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996870041 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996884108 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996918917 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996927023 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996932030 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996953964 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.996957064 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996980906 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.996992111 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997001886 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997030020 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997037888 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997045040 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997073889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997081995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997205019 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997219086 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997241974 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997248888 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997281075 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997298956 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997324944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997333050 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997405052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997417927 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997435093 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997443914 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997448921 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997457981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997464895 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997488022 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997509003 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997523069 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997551918 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997561932 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997581959 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997596025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997622967 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997636080 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997646093 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997661114 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997684956 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997726917 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997745037 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997760057 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997767925 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997775078 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997777939 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997791052 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997812033 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997863054 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997878075 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997894049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997901917 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997920990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.997931004 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.997962952 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998008966 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998022079 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998045921 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998056889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998059034 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998081923 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998081923 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998105049 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998114109 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998162031 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998193979 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998208046 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998209953 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998238087 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998308897 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998322010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998347044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998359919 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998368025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998374939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998394966 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998399973 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998405933 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998430014 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998442888 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998480082 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998487949 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998509884 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998532057 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998553991 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998580933 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998598099 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998619080 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998630047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998660088 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998675108 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998699903 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998708963 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998718977 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998733997 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998759031 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998766899 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998823881 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998837948 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998862982 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998872995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998876095 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998898983 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998913050 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.998948097 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.998991013 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999031067 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999046087 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999058962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999077082 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999087095 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999109030 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999129057 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999142885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999167919 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999186993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999222994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999248981 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999263048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999268055 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999279022 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999303102 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999309063 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999352932 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999385118 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999398947 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999423981 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999423981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999439955 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999463081 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999511003 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999526024 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999541044 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999562025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999572039 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999631882 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999675989 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999686956 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999732018 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999732971 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999757051 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999778032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999799967 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999823093 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999836922 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999866009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999877930 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999897957 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999912024 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999944925 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999946117 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999959946 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:04.999984980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:04.999998093 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000046015 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000060081 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000082970 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000087023 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000102997 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000107050 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000133991 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000183105 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000197887 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000236988 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000308990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000323057 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000356913 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000356913 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000385046 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000402927 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000428915 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000500917 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000514984 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000543118 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000554085 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000571966 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000586033 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000611067 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000626087 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000657082 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000680923 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000701904 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000720024 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.000777006 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.000822067 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.043747902 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.045182943 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045285940 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045356989 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045427084 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045492887 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045556068 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045608997 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045670033 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045732975 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045799017 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045852900 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045918941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.045955896 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.058667898 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.058875084 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.058933020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.058986902 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.059047937 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.059077024 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.063755989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.063951015 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.064021111 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.064060926 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.111686945 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.111902952 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.159343004 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.160113096 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160222054 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160279989 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160343885 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160417080 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160475016 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160532951 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160593987 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160656929 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160715103 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.160753012 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.165334940 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.165545940 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.165621042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.165658951 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.207648039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.207837105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.225313902 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.225358009 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.225621939 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.225708961 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.225780010 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.225837946 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.225852013 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.230628014 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.230895042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.230967045 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.231009960 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.271761894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.271964073 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.492647886 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.492671013 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.492688894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.492901087 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493127108 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493202925 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493282080 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493364096 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493422985 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493474960 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493519068 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493572950 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493618965 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493659019 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493710041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493760109 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493801117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.493819952 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.497971058 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498027086 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498120070 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498167992 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498178959 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498192072 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498218060 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498285055 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498316050 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498366117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498368025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498404980 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498460054 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498461962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498492956 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498541117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498575926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498610020 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498656034 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498781919 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498842001 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498869896 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498894930 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498903036 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.498908997 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.498956919 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499027014 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499058008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499104977 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499125004 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499159098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499207020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499274969 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499304056 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499355078 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499413013 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499444008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499495029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499496937 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499522924 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499572039 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499592066 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499627113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499675989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499680042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499707937 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499757051 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499783039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499833107 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499883890 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.499905109 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499933004 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.499984980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500000954 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500035048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500085115 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500142097 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500173092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500197887 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500214100 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500230074 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500257969 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500277042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500308990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500339031 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500363111 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500380993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500395060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500422955 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500457048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500471115 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500511885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500546932 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500565052 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500590086 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500596046 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500716925 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500745058 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500766039 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500799894 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500799894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500829935 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500861883 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500880003 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500906944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.500912905 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500963926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.500992060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501013041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501041889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501050949 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501080990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501136065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501195908 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501224041 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501271009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501339912 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501368046 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501415014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501437902 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501467943 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501513958 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501559973 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501589060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501640081 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501713991 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501800060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501852036 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501856089 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501880884 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501928091 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.501931906 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501960993 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.501988888 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502010107 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502027035 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502041101 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502074003 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502089977 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502101898 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502136946 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502156973 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502196074 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502243996 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502295971 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502325058 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502357960 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502372980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502402067 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502429962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502480984 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502527952 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502547979 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502599955 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502629995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502654076 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502664089 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502722979 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502737999 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502813101 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.502819061 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502834082 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.502882004 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503042936 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503056049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503068924 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503082037 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503103018 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503109932 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503119946 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503127098 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503137112 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503150940 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503150940 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503158092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503173113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503190041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503211975 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503215075 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503256083 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503261089 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503282070 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503326893 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503331900 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503346920 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503374100 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503386974 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503391981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503405094 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503427029 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503474951 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503488064 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503524065 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503531933 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503539085 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503562927 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503576040 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503588915 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503602028 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503616095 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503617048 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503631115 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503654003 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503675938 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503695965 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503710985 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503732920 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503737926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503741980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503751993 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503778934 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503792048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503798962 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503818989 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503832102 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503844976 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503859043 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503889084 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503902912 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503916979 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.503940105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503952980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.503993988 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504009008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504041910 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504051924 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504069090 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504100084 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504112959 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504113913 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504137993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504151106 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504188061 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504203081 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504224062 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504226923 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504241943 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504265070 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504291058 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504300117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504353046 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504367113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504398108 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504399061 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504411936 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504412889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504429102 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504437923 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504451990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504452944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504467964 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504481077 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504498005 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504518032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504533052 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504553080 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504565954 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504594088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504602909 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504672050 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504687071 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504698992 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504712105 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504714966 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504725933 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504729033 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504735947 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504744053 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504746914 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504762888 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504782915 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504859924 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504873991 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504887104 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504892111 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504899025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504904032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504913092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504936934 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504940987 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504956007 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.504956961 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504971981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.504997015 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505029917 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505045891 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505067110 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505079985 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505079985 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505095005 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505117893 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505120039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505127907 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505134106 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505151987 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505155087 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505167961 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505168915 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505187035 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505208015 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505254984 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505269051 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505292892 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505302906 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505305052 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505317926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505347967 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505357981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505445957 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505460024 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505472898 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505486012 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505492926 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505502939 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505511999 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505522966 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505526066 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505539894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505548954 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505556107 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505562067 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505573988 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505583048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505597115 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505599022 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505609989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505625010 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505650043 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505660057 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505673885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505686998 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505697012 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505707026 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505719900 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505733967 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505738020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505748987 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505778074 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505778074 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505793095 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505805969 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505815983 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505820990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505829096 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505840063 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505861044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505875111 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505888939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505918980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505923033 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505934954 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505943060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505966902 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.505970955 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505985022 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.505986929 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506000042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506053925 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506076097 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506091118 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506103039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506114006 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506117105 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506125927 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506141901 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506144047 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506151915 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506160021 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506176949 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506194115 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506198883 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506212950 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506253004 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506270885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506284952 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506306887 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506330013 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506361961 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506376982 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506391048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506407022 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506417036 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506422043 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506458044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506484985 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506499052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506524086 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506536961 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506541014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506552935 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506560087 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506582975 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506598949 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506637096 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506650925 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506664991 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506701946 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506717920 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506731033 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506755114 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506767988 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506781101 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506794930 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506802082 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506803989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506836891 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506844997 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506875992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506953001 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506967068 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.506987095 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.506995916 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507002115 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507019997 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507039070 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507061005 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507076025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507090092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507112980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507122040 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507158995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507174015 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507194996 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507201910 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507208109 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507217884 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507236958 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507251024 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507287979 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507302046 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507348061 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507349968 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507363081 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507380962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507395983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507397890 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507427931 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507468939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507514954 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507531881 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507571936 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507574081 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507590055 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507611036 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507627964 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507669926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507735014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507754087 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507791042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507792950 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507828951 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507838011 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507865906 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507921934 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507936954 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507951975 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507965088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.507977009 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.507992029 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508016109 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508032084 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508069992 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508070946 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508105993 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508120060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508121014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508140087 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508157015 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508167028 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508217096 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508217096 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508255959 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508261919 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508276939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508296967 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508307934 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508378029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508392096 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508408070 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508430004 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508431911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508441925 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508475065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508487940 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508502960 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508527994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508531094 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508569002 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508593082 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508618116 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508631945 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508634090 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508660078 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508707047 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508750916 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508757114 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508794069 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508846045 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508860111 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508872032 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508883953 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508893013 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508909941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508912086 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508927107 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508930922 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508945942 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508960009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.508976936 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.508991003 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509016037 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509026051 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509052992 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509088993 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509090900 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509130955 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509187937 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509203911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509223938 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509238958 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509263992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509267092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509274960 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509304047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509347916 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509366989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509387016 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509408951 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509418964 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509433031 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509457111 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509469032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509470940 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509485960 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509506941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509521008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509524107 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509553909 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509557962 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509591103 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509649038 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509663105 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509694099 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509793997 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509808064 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509826899 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509840965 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509846926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509861946 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509879112 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509893894 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.509975910 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.509990931 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510010004 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510030031 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510067940 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510082006 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510103941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510113001 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510143995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510159969 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510185957 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510196924 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510212898 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510226011 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510247946 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510248899 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510260105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510265112 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510287046 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510298014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510307074 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510324001 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510344028 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510353088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510392904 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510406017 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510432959 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510442972 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510448933 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510463953 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510482073 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510499001 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510502100 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510515928 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510538101 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510552883 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510612965 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510627031 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510646105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510660887 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510768890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510802984 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510806084 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510847092 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510875940 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510890007 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.510912895 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.510921955 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511003971 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511018038 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511030912 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511038065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511044025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511049032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511066914 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511080980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511163950 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511178970 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511193037 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511202097 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511207104 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511214972 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511224985 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511234045 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511246920 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511255980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511267900 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511284113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511287928 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511297941 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511322975 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511332035 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511393070 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511408091 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511429071 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511440039 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511554956 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511579037 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511599064 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511612892 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511651039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511677980 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511688948 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511728048 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511811972 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511826038 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511871099 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.511898041 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511910915 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.511940956 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512001038 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512020111 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512042046 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512051105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512092113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512115002 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512132883 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512155056 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512216091 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512233019 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512249947 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512274027 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512325048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512363911 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512378931 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512414932 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512448072 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512473106 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512487888 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512515068 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512592077 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512604952 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512629032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512636900 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512685061 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512697935 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512717009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512732983 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512737989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512753010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512773037 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512784958 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512876034 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512890100 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512909889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512928009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512960911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512974977 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.512994051 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.512996912 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513011932 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513010025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513037920 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513061047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513096094 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513122082 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513138056 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513158083 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513223886 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513237953 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513253927 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513259888 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513283968 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513320923 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513334990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513350010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513374090 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513381958 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513386011 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513420105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513461113 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513474941 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513494968 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513509035 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513581038 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513618946 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513660908 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513674974 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513696909 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513715029 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513721943 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513761044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513773918 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513812065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513839006 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513854027 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513876915 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513879061 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513887882 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513916016 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.513942957 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.513979912 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514012098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514028072 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514048100 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514056921 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514218092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514231920 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514245033 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514250040 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514261961 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514272928 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514282942 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514286995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514302015 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514322996 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514336109 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514375925 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514390945 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514410973 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514415979 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514431000 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514432907 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514451981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514458895 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514554024 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514569044 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514585018 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514591932 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514600039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514602900 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514614105 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514633894 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514647007 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514679909 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514719009 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514736891 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514775038 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514853001 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514880896 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.514890909 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514921904 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.514998913 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515039921 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515045881 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515083075 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515151024 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515187025 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515188932 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515223980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515242100 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515256882 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515278101 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515285969 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515327930 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515352011 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515369892 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515388966 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515403032 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515417099 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515440941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515450001 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515506983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515523911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515543938 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515563011 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515599966 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515631914 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515639067 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515671015 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515691996 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515729904 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515733004 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515772104 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515785933 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515799999 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515826941 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515892029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515906096 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.515929937 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.515938997 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516108036 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516124010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516149044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516149998 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516159058 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516165018 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516189098 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516196966 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516263008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516278028 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516309023 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516401052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516415119 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516437054 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516455889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516484022 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516498089 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516516924 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516527891 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516572952 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516587973 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516609907 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516622066 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516696930 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516710997 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516727924 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516736031 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516742945 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516751051 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516762972 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516779900 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516833067 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516872883 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.516901016 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.516941071 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517045021 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517060041 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517083883 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517098904 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517116070 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517152071 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517153025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517193079 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517203093 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517240047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517378092 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517416000 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517474890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517497063 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517515898 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517534971 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517630100 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517642975 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517659903 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517678022 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517688990 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517704010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517724037 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517734051 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517770052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517784119 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517802000 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517812014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517822027 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517829895 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517844915 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517868042 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517893076 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517940044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.517950058 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.517987967 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518029928 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518043995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518068075 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518078089 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518213987 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518229008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518255949 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518271923 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518311024 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518325090 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518347025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518357038 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518366098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518381119 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518403053 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518412113 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518472910 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518486977 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518512964 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518528938 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518584967 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518599033 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518620014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518636942 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518752098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518765926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518789053 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518802881 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.518887043 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518902063 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.518934965 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519018888 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519032955 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519057035 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519069910 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519078970 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519114971 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519120932 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519161940 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519201994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519216061 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519233942 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519242048 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519251108 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519269943 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519270897 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519308090 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519361019 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519373894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519404888 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519501925 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519515991 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519532919 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519537926 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519547939 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519561052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519576073 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519601107 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519644022 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519658089 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519681931 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519694090 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519740105 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519778967 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519804001 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519840956 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519889116 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519903898 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.519918919 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.519933939 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520020008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520056963 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520059109 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520096064 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520230055 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520275116 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520297050 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520337105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520374060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520411015 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520459890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520495892 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520571947 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520586014 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520602942 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520617008 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520637989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520652056 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520674944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520683050 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520728111 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520745039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520764112 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520771980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520845890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520860910 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520885944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520885944 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520885944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520900011 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520916939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520920038 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520931959 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520956039 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520956039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520972013 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.520992041 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.520998001 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521013975 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521050930 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521079063 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521091938 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521115065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521126986 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521229982 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521244049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521256924 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521269083 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521270037 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521281004 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521286964 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521300077 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521300077 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521301031 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521327972 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521348000 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521356106 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521370888 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521390915 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521418095 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521420956 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521435976 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521457911 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521461010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521466970 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521476030 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521497011 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521505117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521615028 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521629095 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521651030 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521655083 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521658897 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521668911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521702051 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521707058 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521707058 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521716118 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521756887 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521773100 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521787882 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521810055 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521815062 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521819115 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521830082 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521847010 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521869898 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521877050 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521891117 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521910906 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521924973 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521939993 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521954060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.521975994 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.521984100 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522037983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522052050 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522077084 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522078037 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522078037 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522090912 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522106886 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522113085 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522121906 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522123098 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522145987 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522156000 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522223949 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522238016 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522253036 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522268057 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522272110 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522300005 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522315025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522402048 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522416115 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522428989 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522442102 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522442102 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522455931 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522469044 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522475958 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522475958 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522485971 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522507906 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522526026 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522568941 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522583008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522595882 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522608995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522608995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522620916 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522630930 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522635937 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522649050 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522654057 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522661924 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522667885 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522676945 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522694111 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522706032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522715092 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522753954 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522768021 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522799969 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522849083 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522862911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522886992 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522886992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522897005 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522902012 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522922039 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522938013 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.522955894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522969007 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.522993088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523009062 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523015976 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523035049 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523053885 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523075104 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523189068 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523202896 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523235083 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523252010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523264885 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523292065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523300886 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523348093 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523361921 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523386955 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523391008 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523400068 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523422956 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523443937 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523493052 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523507118 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523520947 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523535013 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523539066 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523540974 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523560047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523581028 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523591995 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523605108 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523624897 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523638010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523638964 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523663998 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523668051 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523675919 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523710966 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523724079 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523756027 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523767948 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523775101 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523794889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523819923 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523845911 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523859978 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523885012 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523886919 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523894072 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523900986 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523930073 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523936033 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.523938894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523952961 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.523976088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524013996 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524046898 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524060011 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524079084 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524085045 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524099112 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524099112 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524120092 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524133921 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524163008 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524171114 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524205923 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524324894 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524339914 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524353027 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524363995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524365902 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524390936 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524410963 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524415970 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524425030 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524446011 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524454117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524502039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524517059 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524530888 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524535894 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524544001 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524549961 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524569988 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524569988 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524674892 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524689913 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524703026 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524707079 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524717093 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524724960 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524734020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524744034 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524754047 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524756908 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524775028 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524794102 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524795055 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524807930 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524825096 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524842978 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524843931 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524857998 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524878979 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524882078 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524888992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524897099 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524914980 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524934053 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.524952888 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.524992943 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.525007010 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.525019884 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.525033951 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.525038004 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.525053978 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.525059938 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.525074959 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.525080919 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.525093079 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.525118113 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532160997 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532185078 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532200098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532213926 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532227039 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532237053 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532243967 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532259941 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532285929 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532298088 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532298088 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532314062 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532340050 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532347918 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532385111 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532390118 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532397985 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532411098 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532434940 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532448053 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532473087 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532476902 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532485008 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532512903 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532525063 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532526970 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532556057 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532568932 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532577038 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532583952 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532608986 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532624006 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532628059 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532640934 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532679081 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532696962 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532711983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532732010 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532737970 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532751083 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532780886 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532784939 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532809019 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532835007 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532855034 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532879114 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532891035 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532922029 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532944918 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.532944918 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532969952 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532993078 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.532999992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533035040 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533045053 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533060074 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533083916 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533092976 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533107042 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533128977 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533139944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533152103 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533164024 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533174992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533174992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533174992 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533193111 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533194065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533194065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533194065 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533200026 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533210993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533210993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533210993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533210993 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533225060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533231020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533231020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533231020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533231020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533243895 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533243895 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533246994 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533257008 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533271074 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533288002 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533294916 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533312082 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533318043 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533334970 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533354044 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533363104 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533385992 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533404112 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533411026 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533428907 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533435106 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533444881 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533461094 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533479929 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533483982 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533500910 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533508062 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533525944 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533531904 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533549070 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533555984 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533576012 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533577919 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533591032 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533617020 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533622980 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533647060 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533658981 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533669949 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533687115 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533693075 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533711910 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533718109 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533731937 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533741951 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533759117 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533770084 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533776999 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533792973 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533812046 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533818007 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533833027 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533840895 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533859015 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533879995 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533885002 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533907890 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533925056 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533931971 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533947945 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533955097 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533972025 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.533977985 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.533996105 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534001112 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534013987 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534024000 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534034014 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534048080 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534065962 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534070969 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534087896 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534094095 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534113884 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534116983 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534127951 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534141064 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534157991 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534168959 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534182072 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534199953 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.534934044 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.534957886 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.535007954 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.535031080 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.535053015 CET156664973166.63.187.173192.168.2.4
                                                                            Jan 9, 2025 17:49:05.535065889 CET4973115666192.168.2.466.63.187.173
                                                                            Jan 9, 2025 17:49:05.535096884 CET156664973166.63.187.173192.168.2.4

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jan 9, 2025 17:48:59.571378946 CET192.168.2.41.1.1.10xde79Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jan 9, 2025 17:48:59.578412056 CET1.1.1.1192.168.2.40xde79No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                            Jan 9, 2025 17:48:59.578412056 CET1.1.1.1192.168.2.40xde79No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                            Jan 9, 2025 17:48:59.578412056 CET1.1.1.1192.168.2.40xde79No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.449732172.67.74.1524435356C:\Users\user\Desktop\drop1.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-01-09 16:49:00 UTC100OUTGET / HTTP/1.1
                                                                            Accept: text/html; text/plain; */*
                                                                            Host: api.ipify.org
                                                                            Cache-Control: no-cache
                                                                            2025-01-09 16:49:00 UTC424INHTTP/1.1 200 OK
                                                                            Date: Thu, 09 Jan 2025 16:49:00 GMT
                                                                            Content-Type: text/plain
                                                                            Content-Length: 12
                                                                            Connection: close
                                                                            Vary: Origin
                                                                            CF-Cache-Status: DYNAMIC
                                                                            Server: cloudflare
                                                                            CF-RAY: 8ff5eb0839af7cf6-EWR
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2045&min_rtt=2000&rtt_var=782&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=738&delivery_rate=1460000&cwnd=193&unsent_bytes=0&cid=d7e100f336ee6936&ts=201&x=0"
                                                                            2025-01-09 16:49:00 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                            Data Ascii: 8.46.123.189


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:11:48:57
                                                                            Start date:09/01/2025
                                                                            Path:C:\Users\user\Desktop\drop1.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\drop1.exe"
                                                                            Imagebase:0x9a0000
                                                                            File size:1'293'312 bytes
                                                                            MD5 hash:60B0F0816C90A313DE1549890708F848
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:11:48:57
                                                                            Start date:09/01/2025
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:11:48:58
                                                                            Start date:09/01/2025
                                                                            Path:C:\Users\user\Desktop\drop1.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\drop1.exe"
                                                                            Imagebase:0x9a0000
                                                                            File size:1'293'312 bytes
                                                                            MD5 hash:60B0F0816C90A313DE1549890708F848
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000002.00000002.1893429161.0000000001308000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: infostealer_win_meduzastealer, Description: Finds MeduzaStealer samples based on specific strings, Source: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Sekoia.io
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:7.9%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:1.9%
                                                                              Total number of Nodes:1336
                                                                              Total number of Limit Nodes:11
                                                                              execution_graph 10016 9ba1a9 10020 9ba1df 10016->10020 10017 9ba32c GetPEB 10018 9ba33e CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 10017->10018 10019 9ba3e5 WriteProcessMemory 10018->10019 10018->10020 10021 9ba42a 10019->10021 10020->10017 10020->10018 10022 9ba42f WriteProcessMemory 10021->10022 10023 9ba46c WriteProcessMemory Wow64SetThreadContext ResumeThread 10021->10023 10022->10021 8337 9a4ada 8338 9a4ae6 ___scrt_is_nonwritable_in_current_image 8337->8338 8363 9a4d8c 8338->8363 8340 9a4aed 8341 9a4c46 8340->8341 8351 9a4b17 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 8340->8351 8399 9a5027 IsProcessorFeaturePresent 8341->8399 8343 9a4c4d 8403 9a69e1 8343->8403 8348 9a4b36 8349 9a4bb7 8374 9a7558 8349->8374 8351->8348 8351->8349 8381 9a6a2b 8351->8381 8353 9a4bbd 8378 9a1f00 8353->8378 8358 9a4be2 8359 9a4beb 8358->8359 8390 9a6a0d 8358->8390 8393 9a4dc5 8359->8393 8364 9a4d95 8363->8364 8409 9a5235 IsProcessorFeaturePresent 8364->8409 8368 9a4da6 8373 9a4daa 8368->8373 8419 9a6587 8368->8419 8371 9a4dc1 8371->8340 8373->8340 8375 9a7566 8374->8375 8376 9a7561 8374->8376 8375->8353 8491 9a7681 8376->8491 9409 9a1c60 8378->9409 8380 9a1f16 8388 9a4fd4 GetModuleHandleW 8380->8388 8382 9a7eab ___scrt_is_nonwritable_in_current_image 8381->8382 8383 9a6a41 _unexpected 8381->8383 8384 9a9787 _unexpected 39 API calls 8382->8384 8383->8349 8387 9a7ebc 8384->8387 8385 9a7da6 CallUnexpected 39 API calls 8386 9a7ee6 8385->8386 8387->8385 8389 9a4bde 8388->8389 8389->8343 8389->8358 9800 9a6b2c 8390->9800 8394 9a4dd1 8393->8394 8395 9a4bf4 8394->8395 9871 9a6599 8394->9871 8395->8348 8397 9a4ddf 8398 9a5c28 ___scrt_uninitialize_crt 7 API calls 8397->8398 8398->8395 8400 9a503d CallUnexpected std::bad_exception::bad_exception 8399->8400 8401 9a50e8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8400->8401 8402 9a512c CallUnexpected 8401->8402 8402->8343 8404 9a6b2c CallUnexpected 21 API calls 8403->8404 8405 9a4c53 8404->8405 8406 9a69f7 8405->8406 8407 9a6b2c CallUnexpected 21 API calls 8406->8407 8408 9a4c5b 8407->8408 8410 9a4da1 8409->8410 8411 9a5c09 8410->8411 8428 9a8e16 8411->8428 8414 9a5c12 8414->8368 8416 9a5c1a 8417 9a5c25 8416->8417 8442 9a8e52 8416->8442 8417->8368 8482 9aa875 8419->8482 8422 9a5c28 8423 9a5c3b 8422->8423 8424 9a5c31 8422->8424 8423->8373 8425 9a7f20 ___vcrt_uninitialize_ptd 6 API calls 8424->8425 8426 9a5c36 8425->8426 8427 9a8e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8426->8427 8427->8423 8429 9a8e1f 8428->8429 8431 9a8e48 8429->8431 8432 9a5c0e 8429->8432 8446 9ad1b9 8429->8446 8433 9a8e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8431->8433 8432->8414 8434 9a7eed 8432->8434 8433->8432 8463 9ad0ca 8434->8463 8437 9a7f02 8437->8416 8440 9a7f1d 8440->8416 8443 9a8e7c 8442->8443 8444 9a8e5d 8442->8444 8443->8414 8445 9a8e67 DeleteCriticalSection 8444->8445 8445->8443 8445->8445 8451 9ad24b 8446->8451 8449 9ad1f1 InitializeCriticalSectionAndSpinCount 8450 9ad1dc 8449->8450 8450->8429 8452 9ad1d3 8451->8452 8453 9ad26c 8451->8453 8452->8449 8452->8450 8453->8452 8454 9ad2d4 GetProcAddress 8453->8454 8456 9ad2c5 8453->8456 8458 9ad200 LoadLibraryExW 8453->8458 8454->8452 8456->8454 8457 9ad2cd FreeLibrary 8456->8457 8457->8454 8459 9ad247 8458->8459 8460 9ad217 GetLastError 8458->8460 8459->8453 8460->8459 8461 9ad222 ___vcrt_InitializeCriticalSectionEx 8460->8461 8461->8459 8462 9ad238 LoadLibraryExW 8461->8462 8462->8453 8464 9ad24b ___vcrt_InitializeCriticalSectionEx 5 API calls 8463->8464 8465 9ad0e4 8464->8465 8466 9ad0fd TlsAlloc 8465->8466 8467 9a7ef7 8465->8467 8467->8437 8468 9ad17b 8467->8468 8469 9ad24b ___vcrt_InitializeCriticalSectionEx 5 API calls 8468->8469 8470 9ad195 8469->8470 8471 9ad1b0 TlsSetValue 8470->8471 8472 9a7f10 8470->8472 8471->8472 8472->8440 8473 9a7f20 8472->8473 8474 9a7f2a 8473->8474 8475 9a7f30 8473->8475 8477 9ad105 8474->8477 8475->8437 8478 9ad24b ___vcrt_InitializeCriticalSectionEx 5 API calls 8477->8478 8479 9ad11f 8478->8479 8480 9ad12b 8479->8480 8481 9ad137 TlsFree 8479->8481 8480->8475 8481->8480 8483 9aa885 8482->8483 8484 9a4db3 8482->8484 8483->8484 8486 9a9eac 8483->8486 8484->8371 8484->8422 8490 9a9eb3 8486->8490 8487 9a9ef6 GetStdHandle 8487->8490 8488 9a9f58 8488->8483 8489 9a9f09 GetFileType 8489->8490 8490->8487 8490->8488 8490->8489 8492 9a768a 8491->8492 8495 9a76a0 8491->8495 8492->8495 8497 9a75c2 8492->8497 8494 9a7697 8494->8495 8514 9a778f 8494->8514 8495->8375 8498 9a75cb 8497->8498 8499 9a75ce 8497->8499 8498->8494 8523 9a9ff0 8499->8523 8504 9a75eb 8556 9a76ad 8504->8556 8505 9a75df 8550 9aa83b 8505->8550 8510 9aa83b __freea 14 API calls 8511 9a760f 8510->8511 8512 9aa83b __freea 14 API calls 8511->8512 8513 9a7615 8512->8513 8513->8494 8515 9a7800 8514->8515 8516 9a779e 8514->8516 8515->8495 8516->8515 8517 9aaf77 _unexpected 14 API calls 8516->8517 8518 9a7804 8516->8518 8520 9ac8a1 WideCharToMultiByte ___scrt_uninitialize_crt 8516->8520 8522 9aa83b __freea 14 API calls 8516->8522 9128 9aca74 8516->9128 8517->8516 8519 9aa83b __freea 14 API calls 8518->8519 8519->8515 8520->8516 8522->8516 8524 9a9ff9 8523->8524 8525 9a75d4 8523->8525 8578 9a9842 8524->8578 8529 9ac99d GetEnvironmentStringsW 8525->8529 8530 9a75d9 8529->8530 8531 9ac9b5 8529->8531 8530->8504 8530->8505 8532 9ac8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8531->8532 8533 9ac9d2 8532->8533 8534 9ac9dc FreeEnvironmentStringsW 8533->8534 8535 9ac9e7 8533->8535 8534->8530 8536 9ab3b5 __strnicoll 15 API calls 8535->8536 8537 9ac9ee 8536->8537 8538 9ac9f6 8537->8538 8539 9aca07 8537->8539 8540 9aa83b __freea 14 API calls 8538->8540 8541 9ac8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8539->8541 8542 9ac9fb FreeEnvironmentStringsW 8540->8542 8543 9aca17 8541->8543 8542->8530 8544 9aca1e 8543->8544 8545 9aca26 8543->8545 8546 9aa83b __freea 14 API calls 8544->8546 8547 9aa83b __freea 14 API calls 8545->8547 8548 9aca24 FreeEnvironmentStringsW 8546->8548 8547->8548 8548->8530 8551 9a75e5 8550->8551 8552 9aa846 RtlFreeHeap 8550->8552 8551->8494 8552->8551 8553 9aa85b GetLastError 8552->8553 8554 9aa868 __dosmaperr 8553->8554 8555 9aaec7 __dosmaperr 12 API calls 8554->8555 8555->8551 8557 9a76c2 8556->8557 8558 9aaf77 _unexpected 14 API calls 8557->8558 8559 9a76e9 8558->8559 8560 9a76f1 8559->8560 8568 9a76fb 8559->8568 8561 9aa83b __freea 14 API calls 8560->8561 8577 9a75f2 8561->8577 8562 9a7758 8563 9aa83b __freea 14 API calls 8562->8563 8563->8577 8564 9aaf77 _unexpected 14 API calls 8564->8568 8565 9a7767 9118 9a7652 8565->9118 8568->8562 8568->8564 8568->8565 8570 9a7782 8568->8570 8572 9aa83b __freea 14 API calls 8568->8572 9109 9a8dbc 8568->9109 9124 9a7898 IsProcessorFeaturePresent 8570->9124 8571 9aa83b __freea 14 API calls 8574 9a7774 8571->8574 8572->8568 8575 9aa83b __freea 14 API calls 8574->8575 8575->8577 8576 9a778e 8577->8510 8579 9a984d 8578->8579 8580 9a9853 8578->8580 8625 9a928b 8579->8625 8600 9a9859 8580->8600 8630 9a92ca 8580->8630 8588 9a989a 8591 9a92ca _unexpected 6 API calls 8588->8591 8589 9a9885 8590 9a92ca _unexpected 6 API calls 8589->8590 8598 9a9891 8590->8598 8592 9a98a6 8591->8592 8593 9a98aa 8592->8593 8594 9a98b9 8592->8594 8595 9a92ca _unexpected 6 API calls 8593->8595 8644 9a9a98 8594->8644 8595->8598 8597 9aa83b __freea 14 API calls 8597->8600 8598->8597 8602 9a985e 8600->8602 8649 9a7da6 8600->8649 8601 9aa83b __freea 14 API calls 8601->8602 8603 9aa433 8602->8603 8604 9aa45d 8603->8604 8930 9aa2bf 8604->8930 8609 9aa48f 8611 9aa83b __freea 14 API calls 8609->8611 8610 9aa49d 8944 9aa0ba 8610->8944 8613 9aa476 8611->8613 8613->8525 8615 9aa4d5 8616 9aaec7 __dosmaperr 14 API calls 8615->8616 8618 9aa4da 8616->8618 8617 9aa51c 8620 9aa565 8617->8620 8955 9aa7ee 8617->8955 8621 9aa83b __freea 14 API calls 8618->8621 8619 9aa4f0 8619->8617 8622 9aa83b __freea 14 API calls 8619->8622 8624 9aa83b __freea 14 API calls 8620->8624 8621->8613 8622->8617 8624->8613 8660 9a9599 8625->8660 8628 9a92c2 TlsGetValue 8629 9a92b0 8629->8580 8631 9a9599 _unexpected 5 API calls 8630->8631 8632 9a92e6 8631->8632 8633 9a92ef 8632->8633 8634 9a9304 TlsSetValue 8632->8634 8633->8600 8635 9aaf77 8633->8635 8636 9aaf84 8635->8636 8637 9aafc4 8636->8637 8638 9aafaf HeapAlloc 8636->8638 8641 9aaf98 _unexpected 8636->8641 8678 9aaec7 8637->8678 8639 9aafc2 8638->8639 8638->8641 8642 9a987d 8639->8642 8641->8637 8641->8638 8675 9a6d13 8641->8675 8642->8588 8642->8589 8715 9a9bfe 8644->8715 8817 9aa92c 8649->8817 8652 9a7db6 8654 9a7dc0 IsProcessorFeaturePresent 8652->8654 8659 9a7ddf 8652->8659 8655 9a7dcc 8654->8655 8847 9a78cc 8655->8847 8656 9a69f7 CallUnexpected 21 API calls 8658 9a7de9 8656->8658 8659->8656 8661 9a95c9 8660->8661 8665 9a92a7 8660->8665 8661->8665 8667 9a94ce 8661->8667 8664 9a95e3 GetProcAddress 8664->8665 8666 9a95f3 _unexpected 8664->8666 8665->8628 8665->8629 8666->8665 8673 9a94df ___vcrt_InitializeCriticalSectionEx 8667->8673 8668 9a9575 8668->8664 8668->8665 8669 9a94fd LoadLibraryExW 8670 9a9518 GetLastError 8669->8670 8671 9a957c 8669->8671 8670->8673 8671->8668 8672 9a958e FreeLibrary 8671->8672 8672->8668 8673->8668 8673->8669 8674 9a954b LoadLibraryExW 8673->8674 8674->8671 8674->8673 8681 9a6d4e 8675->8681 8692 9a98d8 GetLastError 8678->8692 8680 9aaecc 8680->8642 8682 9a6d5a ___scrt_is_nonwritable_in_current_image 8681->8682 8687 9a96f8 EnterCriticalSection 8682->8687 8684 9a6d65 CallUnexpected 8688 9a6d9c 8684->8688 8687->8684 8691 9a970f LeaveCriticalSection 8688->8691 8690 9a6d1e 8690->8641 8691->8690 8693 9a98f4 8692->8693 8694 9a98ee 8692->8694 8696 9a92ca _unexpected 6 API calls 8693->8696 8698 9a98f8 SetLastError 8693->8698 8695 9a928b _unexpected 6 API calls 8694->8695 8695->8693 8697 9a9910 8696->8697 8697->8698 8700 9aaf77 _unexpected 12 API calls 8697->8700 8698->8680 8701 9a9925 8700->8701 8702 9a993e 8701->8702 8703 9a992d 8701->8703 8705 9a92ca _unexpected 6 API calls 8702->8705 8704 9a92ca _unexpected 6 API calls 8703->8704 8707 9a993b 8704->8707 8706 9a994a 8705->8706 8708 9a994e 8706->8708 8709 9a9965 8706->8709 8712 9aa83b __freea 12 API calls 8707->8712 8711 9a92ca _unexpected 6 API calls 8708->8711 8710 9a9a98 _unexpected 12 API calls 8709->8710 8713 9a9970 8710->8713 8711->8707 8712->8698 8714 9aa83b __freea 12 API calls 8713->8714 8714->8698 8716 9a9c0a ___scrt_is_nonwritable_in_current_image 8715->8716 8729 9a96f8 EnterCriticalSection 8716->8729 8718 9a9c14 8730 9a9c44 8718->8730 8721 9a9c50 8722 9a9c5c ___scrt_is_nonwritable_in_current_image 8721->8722 8734 9a96f8 EnterCriticalSection 8722->8734 8724 9a9c66 8735 9a9a4d 8724->8735 8726 9a9c7e 8739 9a9c9e 8726->8739 8729->8718 8733 9a970f LeaveCriticalSection 8730->8733 8732 9a9b06 8732->8721 8733->8732 8734->8724 8736 9a9a83 __strnicoll 8735->8736 8737 9a9a5c __strnicoll 8735->8737 8736->8726 8737->8736 8742 9ab71e 8737->8742 8816 9a970f LeaveCriticalSection 8739->8816 8741 9a98c4 8741->8601 8744 9ab79e 8742->8744 8745 9ab734 8742->8745 8746 9aa83b __freea 14 API calls 8744->8746 8769 9ab7ec 8744->8769 8745->8744 8749 9ab767 8745->8749 8752 9aa83b __freea 14 API calls 8745->8752 8747 9ab7c0 8746->8747 8748 9aa83b __freea 14 API calls 8747->8748 8750 9ab7d3 8748->8750 8753 9aa83b __freea 14 API calls 8749->8753 8768 9ab789 8749->8768 8754 9aa83b __freea 14 API calls 8750->8754 8751 9aa83b __freea 14 API calls 8755 9ab793 8751->8755 8757 9ab75c 8752->8757 8758 9ab77e 8753->8758 8759 9ab7e1 8754->8759 8760 9aa83b __freea 14 API calls 8755->8760 8756 9ab85a 8761 9aa83b __freea 14 API calls 8756->8761 8770 9ab145 8757->8770 8798 9ab243 8758->8798 8765 9aa83b __freea 14 API calls 8759->8765 8760->8744 8766 9ab860 8761->8766 8763 9aa83b 14 API calls __freea 8767 9ab7fa 8763->8767 8765->8769 8766->8736 8767->8756 8767->8763 8768->8751 8810 9ab8b8 8769->8810 8771 9ab156 8770->8771 8797 9ab23f 8770->8797 8772 9ab167 8771->8772 8773 9aa83b __freea 14 API calls 8771->8773 8774 9ab179 8772->8774 8775 9aa83b __freea 14 API calls 8772->8775 8773->8772 8776 9ab18b 8774->8776 8777 9aa83b __freea 14 API calls 8774->8777 8775->8774 8778 9aa83b __freea 14 API calls 8776->8778 8782 9ab19d 8776->8782 8777->8776 8778->8782 8779 9aa83b __freea 14 API calls 8780 9ab1af 8779->8780 8781 9ab1c1 8780->8781 8783 9aa83b __freea 14 API calls 8780->8783 8784 9ab1d3 8781->8784 8785 9aa83b __freea 14 API calls 8781->8785 8782->8779 8782->8780 8783->8781 8786 9ab1e5 8784->8786 8788 9aa83b __freea 14 API calls 8784->8788 8785->8784 8787 9ab1f7 8786->8787 8789 9aa83b __freea 14 API calls 8786->8789 8790 9ab209 8787->8790 8791 9aa83b __freea 14 API calls 8787->8791 8788->8786 8789->8787 8792 9ab21b 8790->8792 8793 9aa83b __freea 14 API calls 8790->8793 8791->8790 8794 9ab22d 8792->8794 8795 9aa83b __freea 14 API calls 8792->8795 8793->8792 8796 9aa83b __freea 14 API calls 8794->8796 8794->8797 8795->8794 8796->8797 8797->8749 8799 9ab250 8798->8799 8809 9ab2a8 8798->8809 8800 9ab260 8799->8800 8801 9aa83b __freea 14 API calls 8799->8801 8802 9ab272 8800->8802 8803 9aa83b __freea 14 API calls 8800->8803 8801->8800 8804 9ab284 8802->8804 8805 9aa83b __freea 14 API calls 8802->8805 8803->8802 8806 9ab296 8804->8806 8807 9aa83b __freea 14 API calls 8804->8807 8805->8804 8808 9aa83b __freea 14 API calls 8806->8808 8806->8809 8807->8806 8808->8809 8809->8768 8811 9ab8c5 8810->8811 8815 9ab8e4 8810->8815 8812 9ab2ac __strnicoll 14 API calls 8811->8812 8811->8815 8813 9ab8de 8812->8813 8814 9aa83b __freea 14 API calls 8813->8814 8814->8815 8815->8767 8816->8741 8853 9aabaf 8817->8853 8820 9aa953 8821 9aa95f ___scrt_is_nonwritable_in_current_image 8820->8821 8822 9a98d8 __dosmaperr 14 API calls 8821->8822 8823 9aa9af 8821->8823 8825 9aa9c1 CallUnexpected 8821->8825 8830 9aa990 CallUnexpected 8821->8830 8822->8830 8824 9aaec7 __dosmaperr 14 API calls 8823->8824 8826 9aa9b4 8824->8826 8827 9aa9f7 CallUnexpected 8825->8827 8867 9a96f8 EnterCriticalSection 8825->8867 8864 9a786b 8826->8864 8832 9aab31 8827->8832 8833 9aaa34 8827->8833 8843 9aaa62 8827->8843 8830->8823 8830->8825 8846 9aa999 8830->8846 8835 9aab3c 8832->8835 8899 9a970f LeaveCriticalSection 8832->8899 8833->8843 8868 9a9787 GetLastError 8833->8868 8836 9a69f7 CallUnexpected 21 API calls 8835->8836 8838 9aab44 8836->8838 8840 9a9787 _unexpected 39 API calls 8844 9aaab7 8840->8844 8842 9a9787 _unexpected 39 API calls 8842->8843 8895 9aaadd 8843->8895 8845 9a9787 _unexpected 39 API calls 8844->8845 8844->8846 8845->8846 8846->8652 8848 9a78e8 CallUnexpected std::bad_exception::bad_exception 8847->8848 8849 9a7914 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8848->8849 8850 9a79e5 CallUnexpected 8849->8850 8922 9a3c8e 8850->8922 8852 9a7a03 8852->8659 8854 9aabbb ___scrt_is_nonwritable_in_current_image 8853->8854 8859 9a96f8 EnterCriticalSection 8854->8859 8856 9aabc9 8860 9aac0b 8856->8860 8859->8856 8863 9a970f LeaveCriticalSection 8860->8863 8862 9a7dab 8862->8652 8862->8820 8863->8862 8900 9a7ba1 8864->8900 8867->8827 8869 9a979d 8868->8869 8870 9a97a3 8868->8870 8871 9a928b _unexpected 6 API calls 8869->8871 8872 9a92ca _unexpected 6 API calls 8870->8872 8874 9a97a7 SetLastError 8870->8874 8871->8870 8873 9a97bf 8872->8873 8873->8874 8876 9aaf77 _unexpected 14 API calls 8873->8876 8878 9a983c 8874->8878 8879 9a9837 8874->8879 8877 9a97d4 8876->8877 8881 9a97dc 8877->8881 8882 9a97ed 8877->8882 8880 9a7da6 CallUnexpected 37 API calls 8878->8880 8879->8842 8883 9a9841 8880->8883 8884 9a92ca _unexpected 6 API calls 8881->8884 8885 9a92ca _unexpected 6 API calls 8882->8885 8889 9a97ea 8884->8889 8886 9a97f9 8885->8886 8887 9a97fd 8886->8887 8888 9a9814 8886->8888 8890 9a92ca _unexpected 6 API calls 8887->8890 8892 9a9a98 _unexpected 14 API calls 8888->8892 8891 9aa83b __freea 14 API calls 8889->8891 8890->8889 8891->8874 8893 9a981f 8892->8893 8894 9aa83b __freea 14 API calls 8893->8894 8894->8874 8896 9aaae1 8895->8896 8898 9aaaa9 8895->8898 8921 9a970f LeaveCriticalSection 8896->8921 8898->8840 8898->8844 8898->8846 8899->8835 8901 9a7bb3 __strnicoll 8900->8901 8906 9a7a14 8901->8906 8907 9a7a2b 8906->8907 8908 9a7a24 8906->8908 8910 9a7b78 __strnicoll GetLastError SetLastError 8907->8910 8914 9a7a39 8907->8914 8909 9a7b32 __strnicoll 16 API calls 8908->8909 8909->8907 8911 9a7a60 8910->8911 8912 9a7898 __strnicoll 11 API calls 8911->8912 8911->8914 8913 9a7a90 8912->8913 8915 9a7ad9 8914->8915 8916 9a7ae5 8915->8916 8917 9a7afc 8916->8917 8918 9a7b15 __strnicoll 39 API calls 8916->8918 8919 9a7877 8917->8919 8920 9a7b15 __strnicoll 39 API calls 8917->8920 8918->8917 8919->8846 8920->8919 8921->8898 8923 9a3c96 8922->8923 8924 9a3c97 IsProcessorFeaturePresent 8922->8924 8923->8852 8926 9a44d1 8924->8926 8929 9a45b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8926->8929 8928 9a45b4 8928->8852 8929->8928 8963 9aa038 8930->8963 8933 9aa2f2 8935 9aa2f7 GetACP 8933->8935 8936 9aa309 8933->8936 8934 9aa2e0 GetOEMCP 8934->8936 8935->8936 8936->8613 8937 9ab3b5 8936->8937 8938 9ab3f3 8937->8938 8942 9ab3c3 _unexpected 8937->8942 8939 9aaec7 __dosmaperr 14 API calls 8938->8939 8941 9aa487 8939->8941 8940 9ab3de RtlAllocateHeap 8940->8941 8940->8942 8941->8609 8941->8610 8942->8938 8942->8940 8943 9a6d13 _unexpected 2 API calls 8942->8943 8943->8942 8945 9aa2bf 41 API calls 8944->8945 8947 9aa0da 8945->8947 8946 9aa1df 8948 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8946->8948 8947->8946 8949 9aa117 IsValidCodePage 8947->8949 8953 9aa132 std::bad_exception::bad_exception 8947->8953 8950 9aa2bd 8948->8950 8949->8946 8951 9aa129 8949->8951 8950->8615 8950->8619 8952 9aa152 GetCPInfo 8951->8952 8951->8953 8952->8946 8952->8953 9003 9aa649 8953->9003 8956 9aa7fa ___scrt_is_nonwritable_in_current_image 8955->8956 9083 9a96f8 EnterCriticalSection 8956->9083 8958 9aa804 9084 9aa588 8958->9084 8964 9aa056 8963->8964 8970 9aa04f 8963->8970 8965 9a9787 _unexpected 39 API calls 8964->8965 8964->8970 8966 9aa077 8965->8966 8971 9ad714 8966->8971 8970->8933 8970->8934 8972 9aa08d 8971->8972 8973 9ad727 8971->8973 8975 9ad741 8972->8975 8973->8972 8979 9ab8e9 8973->8979 8976 9ad769 8975->8976 8977 9ad754 8975->8977 8976->8970 8977->8976 9000 9a9fdd 8977->9000 8980 9ab8f5 ___scrt_is_nonwritable_in_current_image 8979->8980 8981 9a9787 _unexpected 39 API calls 8980->8981 8982 9ab8fe 8981->8982 8989 9ab944 8982->8989 8992 9a96f8 EnterCriticalSection 8982->8992 8984 9ab91c 8993 9ab96a 8984->8993 8989->8972 8990 9a7da6 CallUnexpected 39 API calls 8991 9ab969 8990->8991 8992->8984 8994 9ab978 __strnicoll 8993->8994 8996 9ab92d 8993->8996 8995 9ab71e __strnicoll 14 API calls 8994->8995 8994->8996 8995->8996 8997 9ab949 8996->8997 8998 9a970f CallUnexpected LeaveCriticalSection 8997->8998 8999 9ab940 8998->8999 8999->8989 8999->8990 9001 9a9787 _unexpected 39 API calls 9000->9001 9002 9a9fe2 9001->9002 9002->8976 9004 9aa671 GetCPInfo 9003->9004 9013 9aa73a 9003->9013 9009 9aa689 9004->9009 9004->9013 9006 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9008 9aa7ec 9006->9008 9008->8946 9014 9ab45d 9009->9014 9012 9ad4dc 44 API calls 9012->9013 9013->9006 9015 9aa038 __strnicoll 39 API calls 9014->9015 9016 9ab47d 9015->9016 9034 9ab55e 9016->9034 9018 9ab539 9020 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9018->9020 9019 9ab531 9037 9ab43d 9019->9037 9022 9aa6f1 9020->9022 9021 9ab4aa 9021->9018 9021->9019 9024 9ab3b5 __strnicoll 15 API calls 9021->9024 9025 9ab4cf __alloca_probe_16 std::bad_exception::bad_exception 9021->9025 9029 9ad4dc 9022->9029 9024->9025 9025->9019 9026 9ab55e __strnicoll MultiByteToWideChar 9025->9026 9027 9ab518 9026->9027 9027->9019 9028 9ab51f GetStringTypeW 9027->9028 9028->9019 9030 9aa038 __strnicoll 39 API calls 9029->9030 9031 9ad4ef 9030->9031 9043 9ad525 9031->9043 9041 9ab588 9034->9041 9038 9ab45a 9037->9038 9039 9ab449 9037->9039 9038->9018 9039->9038 9040 9aa83b __freea 14 API calls 9039->9040 9040->9038 9042 9ab57a MultiByteToWideChar 9041->9042 9042->9021 9044 9ad540 __strnicoll 9043->9044 9045 9ab55e __strnicoll MultiByteToWideChar 9044->9045 9046 9ad584 9045->9046 9049 9ab3b5 __strnicoll 15 API calls 9046->9049 9051 9ad5aa __alloca_probe_16 9046->9051 9052 9ad6ff 9046->9052 9063 9ad652 9046->9063 9047 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9048 9aa712 9047->9048 9048->9012 9049->9051 9050 9ab43d __freea 14 API calls 9050->9052 9053 9ab55e __strnicoll MultiByteToWideChar 9051->9053 9051->9063 9052->9047 9054 9ad5f3 9053->9054 9054->9063 9071 9a9357 9054->9071 9057 9ad629 9062 9a9357 7 API calls 9057->9062 9057->9063 9058 9ad661 9059 9ad6ea 9058->9059 9060 9ab3b5 __strnicoll 15 API calls 9058->9060 9064 9ad673 __alloca_probe_16 9058->9064 9061 9ab43d __freea 14 API calls 9059->9061 9060->9064 9061->9063 9062->9063 9063->9050 9064->9059 9065 9a9357 7 API calls 9064->9065 9066 9ad6b6 9065->9066 9066->9059 9080 9ac8a1 9066->9080 9068 9ad6d0 9068->9059 9069 9ad6d9 9068->9069 9070 9ab43d __freea 14 API calls 9069->9070 9070->9063 9072 9a9652 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 9071->9072 9073 9a9362 9072->9073 9074 9a9368 LCMapStringEx 9073->9074 9075 9a938f 9073->9075 9079 9a93af 9074->9079 9076 9a93b4 __strnicoll 5 API calls 9075->9076 9078 9a93a8 LCMapStringW 9076->9078 9078->9079 9079->9057 9079->9058 9079->9063 9082 9ac8b4 ___scrt_uninitialize_crt 9080->9082 9081 9ac8f2 WideCharToMultiByte 9081->9068 9082->9081 9083->8958 9094 9a9f5c 9084->9094 9086 9aa5aa 9087 9a9f5c 39 API calls 9086->9087 9088 9aa5c9 9087->9088 9089 9aa5f0 9088->9089 9090 9aa83b __freea 14 API calls 9088->9090 9091 9aa82f 9089->9091 9090->9089 9108 9a970f LeaveCriticalSection 9091->9108 9093 9aa81d 9093->8620 9095 9a9f6d 9094->9095 9098 9a9f69 std::_Throw_Cpp_error 9094->9098 9096 9a9f74 9095->9096 9100 9a9f87 std::bad_exception::bad_exception 9095->9100 9097 9aaec7 __dosmaperr 14 API calls 9096->9097 9099 9a9f79 9097->9099 9098->9086 9101 9a786b __strnicoll 39 API calls 9099->9101 9100->9098 9102 9a9fbe 9100->9102 9103 9a9fb5 9100->9103 9101->9098 9102->9098 9105 9aaec7 __dosmaperr 14 API calls 9102->9105 9104 9aaec7 __dosmaperr 14 API calls 9103->9104 9106 9a9fba 9104->9106 9105->9106 9107 9a786b __strnicoll 39 API calls 9106->9107 9107->9098 9108->9093 9110 9a8dca 9109->9110 9111 9a8dd8 9109->9111 9110->9111 9116 9a8df0 9110->9116 9112 9aaec7 __dosmaperr 14 API calls 9111->9112 9113 9a8de0 9112->9113 9114 9a786b __strnicoll 39 API calls 9113->9114 9115 9a8dea 9114->9115 9115->8568 9116->9115 9117 9aaec7 __dosmaperr 14 API calls 9116->9117 9117->9113 9122 9a765f 9118->9122 9123 9a767c 9118->9123 9119 9a7676 9121 9aa83b __freea 14 API calls 9119->9121 9120 9aa83b __freea 14 API calls 9120->9122 9121->9123 9122->9119 9122->9120 9123->8571 9125 9a78a4 9124->9125 9126 9a78cc CallUnexpected 8 API calls 9125->9126 9127 9a78b9 GetCurrentProcess TerminateProcess 9126->9127 9127->8576 9129 9aca7f 9128->9129 9130 9aca90 9129->9130 9133 9acaa3 ___from_strstr_to_strchr 9129->9133 9131 9aaec7 __dosmaperr 14 API calls 9130->9131 9140 9aca95 9131->9140 9132 9accba 9135 9aaec7 __dosmaperr 14 API calls 9132->9135 9133->9132 9134 9acac3 9133->9134 9191 9accdf 9134->9191 9137 9accbf 9135->9137 9138 9aa83b __freea 14 API calls 9137->9138 9138->9140 9140->8516 9141 9acb07 9142 9acaf3 9141->9142 9195 9accf9 9141->9195 9148 9aa83b __freea 14 API calls 9142->9148 9143 9acb09 9143->9142 9147 9aaf77 _unexpected 14 API calls 9143->9147 9145 9acae5 9152 9acaee 9145->9152 9153 9acb02 9145->9153 9149 9acb17 9147->9149 9148->9140 9151 9aa83b __freea 14 API calls 9149->9151 9150 9acb7c 9156 9aa83b __freea 14 API calls 9150->9156 9157 9acb22 9151->9157 9154 9aaec7 __dosmaperr 14 API calls 9152->9154 9155 9accdf 39 API calls 9153->9155 9154->9142 9155->9141 9164 9acb84 9156->9164 9157->9141 9157->9142 9161 9aaf77 _unexpected 14 API calls 9157->9161 9158 9acbc7 9158->9142 9159 9ac834 42 API calls 9158->9159 9160 9acbf5 9159->9160 9163 9aa83b __freea 14 API calls 9160->9163 9162 9acb3e 9161->9162 9166 9aa83b __freea 14 API calls 9162->9166 9165 9acbb1 9163->9165 9164->9165 9199 9ac834 9164->9199 9165->9142 9165->9165 9171 9aaf77 _unexpected 14 API calls 9165->9171 9189 9accaf 9165->9189 9166->9141 9167 9aa83b __freea 14 API calls 9167->9140 9169 9acba8 9170 9aa83b __freea 14 API calls 9169->9170 9170->9165 9172 9acc40 9171->9172 9173 9acc48 9172->9173 9174 9acc50 9172->9174 9175 9aa83b __freea 14 API calls 9173->9175 9176 9a8dbc ___std_exception_copy 39 API calls 9174->9176 9175->9142 9177 9acc5c 9176->9177 9178 9acc63 9177->9178 9179 9accd4 9177->9179 9208 9af07c 9178->9208 9180 9a7898 __strnicoll 11 API calls 9179->9180 9182 9accde 9180->9182 9184 9acc8a 9187 9aaec7 __dosmaperr 14 API calls 9184->9187 9185 9acca9 9186 9aa83b __freea 14 API calls 9185->9186 9186->9189 9188 9acc8f 9187->9188 9190 9aa83b __freea 14 API calls 9188->9190 9189->9167 9190->9142 9192 9acace 9191->9192 9193 9accec 9191->9193 9192->9141 9192->9143 9192->9145 9223 9acd4e 9193->9223 9196 9acb6c 9195->9196 9198 9acd0f 9195->9198 9196->9150 9196->9158 9198->9196 9238 9aef8b 9198->9238 9200 9ac85c 9199->9200 9201 9ac841 9199->9201 9203 9ac86b 9200->9203 9338 9aedb8 9200->9338 9201->9200 9202 9ac84d 9201->9202 9204 9aaec7 __dosmaperr 14 API calls 9202->9204 9345 9aedeb 9203->9345 9207 9ac852 std::bad_exception::bad_exception 9204->9207 9207->9169 9357 9ab9e4 9208->9357 9212 9af0ef 9215 9af0fb 9212->9215 9218 9aa83b __freea 14 API calls 9212->9218 9214 9ab9e4 39 API calls 9217 9af0cc 9214->9217 9216 9acc84 9215->9216 9219 9aa83b __freea 14 API calls 9215->9219 9216->9184 9216->9185 9220 9aba7c 17 API calls 9217->9220 9218->9215 9219->9216 9221 9af0d9 9220->9221 9221->9212 9222 9af0e3 SetEnvironmentVariableW 9221->9222 9222->9212 9224 9acd5c 9223->9224 9225 9acd61 9223->9225 9224->9192 9226 9aaf77 _unexpected 14 API calls 9225->9226 9234 9acd7e 9226->9234 9227 9acdec 9228 9a7da6 CallUnexpected 39 API calls 9227->9228 9230 9acdf1 9228->9230 9229 9aa83b __freea 14 API calls 9229->9224 9231 9a7898 __strnicoll 11 API calls 9230->9231 9232 9acdfd 9231->9232 9233 9aaf77 _unexpected 14 API calls 9233->9234 9234->9227 9234->9230 9234->9233 9235 9aa83b __freea 14 API calls 9234->9235 9236 9a8dbc ___std_exception_copy 39 API calls 9234->9236 9237 9acddb 9234->9237 9235->9234 9236->9234 9237->9229 9239 9aef99 9238->9239 9240 9aef9f 9238->9240 9243 9af709 9239->9243 9244 9af751 9239->9244 9256 9aefb4 9240->9256 9246 9af70f 9243->9246 9248 9af72c 9243->9248 9276 9af767 9244->9276 9247 9aaec7 __dosmaperr 14 API calls 9246->9247 9249 9af714 9247->9249 9250 9aaec7 __dosmaperr 14 API calls 9248->9250 9255 9af74a 9248->9255 9251 9a786b __strnicoll 39 API calls 9249->9251 9252 9af73b 9250->9252 9253 9af71f 9251->9253 9254 9a786b __strnicoll 39 API calls 9252->9254 9253->9198 9254->9253 9255->9198 9257 9aa038 __strnicoll 39 API calls 9256->9257 9258 9aefca 9257->9258 9259 9aefe6 9258->9259 9260 9aeffd 9258->9260 9271 9aefaf 9258->9271 9261 9aaec7 __dosmaperr 14 API calls 9259->9261 9263 9af018 9260->9263 9264 9af006 9260->9264 9262 9aefeb 9261->9262 9267 9a786b __strnicoll 39 API calls 9262->9267 9265 9af038 9263->9265 9266 9af025 9263->9266 9268 9aaec7 __dosmaperr 14 API calls 9264->9268 9294 9af832 9265->9294 9269 9af767 __strnicoll 39 API calls 9266->9269 9267->9271 9272 9af00b 9268->9272 9269->9271 9271->9198 9274 9a786b __strnicoll 39 API calls 9272->9274 9274->9271 9275 9aaec7 __dosmaperr 14 API calls 9275->9271 9277 9af791 9276->9277 9278 9af777 9276->9278 9279 9af799 9277->9279 9280 9af7b0 9277->9280 9281 9aaec7 __dosmaperr 14 API calls 9278->9281 9282 9aaec7 __dosmaperr 14 API calls 9279->9282 9283 9af7bc 9280->9283 9284 9af7d3 9280->9284 9285 9af77c 9281->9285 9287 9af79e 9282->9287 9288 9aaec7 __dosmaperr 14 API calls 9283->9288 9289 9aa038 __strnicoll 39 API calls 9284->9289 9293 9af787 9284->9293 9286 9a786b __strnicoll 39 API calls 9285->9286 9286->9293 9290 9a786b __strnicoll 39 API calls 9287->9290 9291 9af7c1 9288->9291 9289->9293 9290->9293 9292 9a786b __strnicoll 39 API calls 9291->9292 9292->9293 9293->9253 9295 9aa038 __strnicoll 39 API calls 9294->9295 9296 9af845 9295->9296 9299 9af878 9296->9299 9300 9af8ac __strnicoll 9299->9300 9303 9af92c 9300->9303 9304 9afb10 9300->9304 9306 9af919 GetCPInfo 9300->9306 9311 9af930 9300->9311 9301 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9302 9af04e 9301->9302 9302->9271 9302->9275 9305 9ab55e __strnicoll MultiByteToWideChar 9303->9305 9303->9311 9308 9af9b2 9305->9308 9306->9303 9306->9311 9307 9afb04 9309 9ab43d __freea 14 API calls 9307->9309 9308->9307 9310 9ab3b5 __strnicoll 15 API calls 9308->9310 9308->9311 9312 9af9d9 __alloca_probe_16 9308->9312 9309->9311 9310->9312 9311->9301 9311->9304 9312->9307 9313 9ab55e __strnicoll MultiByteToWideChar 9312->9313 9314 9afa25 9313->9314 9314->9307 9315 9ab55e __strnicoll MultiByteToWideChar 9314->9315 9316 9afa41 9315->9316 9316->9307 9317 9afa4f 9316->9317 9318 9afab2 9317->9318 9320 9ab3b5 __strnicoll 15 API calls 9317->9320 9323 9afa68 __alloca_probe_16 9317->9323 9319 9ab43d __freea 14 API calls 9318->9319 9321 9afab8 9319->9321 9320->9323 9322 9ab43d __freea 14 API calls 9321->9322 9322->9311 9323->9318 9324 9ab55e __strnicoll MultiByteToWideChar 9323->9324 9325 9afaab 9324->9325 9325->9318 9326 9afad4 9325->9326 9332 9a91b0 9326->9332 9329 9ab43d __freea 14 API calls 9330 9afaf4 9329->9330 9331 9ab43d __freea 14 API calls 9330->9331 9331->9311 9333 9a9638 __strnicoll 5 API calls 9332->9333 9334 9a91bb 9333->9334 9335 9a93b4 __strnicoll 5 API calls 9334->9335 9337 9a91c1 9334->9337 9336 9a9201 CompareStringW 9335->9336 9336->9337 9337->9329 9339 9aedd8 HeapSize 9338->9339 9340 9aedc3 9338->9340 9339->9203 9341 9aaec7 __dosmaperr 14 API calls 9340->9341 9342 9aedc8 9341->9342 9343 9a786b __strnicoll 39 API calls 9342->9343 9344 9aedd3 9343->9344 9344->9203 9346 9aedf8 9345->9346 9347 9aee03 9345->9347 9348 9ab3b5 __strnicoll 15 API calls 9346->9348 9349 9aee0b 9347->9349 9355 9aee14 _unexpected 9347->9355 9354 9aee00 9348->9354 9352 9aa83b __freea 14 API calls 9349->9352 9350 9aee19 9353 9aaec7 __dosmaperr 14 API calls 9350->9353 9351 9aee3e HeapReAlloc 9351->9354 9351->9355 9352->9354 9353->9354 9354->9207 9355->9350 9355->9351 9356 9a6d13 _unexpected 2 API calls 9355->9356 9356->9355 9358 9aa038 __strnicoll 39 API calls 9357->9358 9359 9ab9f6 9358->9359 9360 9aba08 9359->9360 9365 9a9191 9359->9365 9362 9aba7c 9360->9362 9371 9abc52 9362->9371 9368 9a961e 9365->9368 9369 9a9599 _unexpected 5 API calls 9368->9369 9370 9a9199 9369->9370 9370->9360 9372 9abc7a 9371->9372 9373 9abc60 9371->9373 9375 9abca0 9372->9375 9376 9abc81 9372->9376 9389 9aba62 9373->9389 9378 9ab55e __strnicoll MultiByteToWideChar 9375->9378 9377 9aba94 9376->9377 9393 9aba23 9376->9393 9377->9212 9377->9214 9380 9abcaf 9378->9380 9381 9abcb6 GetLastError 9380->9381 9384 9aba23 15 API calls 9380->9384 9387 9abcdc 9380->9387 9398 9aaeed 9381->9398 9384->9387 9385 9ab55e __strnicoll MultiByteToWideChar 9388 9abcf3 9385->9388 9386 9aaec7 __dosmaperr 14 API calls 9386->9377 9387->9377 9387->9385 9388->9377 9388->9381 9390 9aba75 9389->9390 9391 9aba6d 9389->9391 9390->9377 9392 9aa83b __freea 14 API calls 9391->9392 9392->9390 9394 9aba62 14 API calls 9393->9394 9395 9aba31 9394->9395 9403 9ab9c5 9395->9403 9406 9aaeda 9398->9406 9400 9aaef8 __dosmaperr 9401 9aaec7 __dosmaperr 14 API calls 9400->9401 9402 9aaf0b 9401->9402 9402->9386 9404 9ab3b5 __strnicoll 15 API calls 9403->9404 9405 9ab9d2 9404->9405 9405->9377 9407 9a98d8 __dosmaperr 14 API calls 9406->9407 9408 9aaedf 9407->9408 9408->9400 9410 9a1ca1 9409->9410 9419 9a3c1a 9410->9419 9412 9a1cd1 9433 9a1dc0 9412->9433 9418 9a1d52 9418->8380 9423 9a3c1f 9419->9423 9421 9a3c39 9421->9412 9422 9a6d13 _unexpected 2 API calls 9422->9423 9423->9421 9423->9422 9425 9a3c3b std::_Throw_Cpp_error 9423->9425 9453 9a7e10 9423->9453 9424 9a449e std::_Throw_Cpp_error 9426 9a556e std::_Xinvalid_argument RaiseException 9424->9426 9425->9424 9460 9a556e 9425->9460 9428 9a44bb IsProcessorFeaturePresent 9426->9428 9430 9a44d1 9428->9430 9463 9a45b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9430->9463 9432 9a45b4 9432->9412 9464 9a32d0 9433->9464 9435 9a1d00 9436 9a1e00 9435->9436 9438 9a1e1e 9436->9438 9437 9a1e32 GetCurrentThreadId 9440 9a1e59 9437->9440 9441 9a1e4d 9437->9441 9438->9437 9439 9a3e7f std::_Throw_Cpp_error 42 API calls 9438->9439 9439->9437 9788 9a442d WaitForSingleObjectEx 9440->9788 9442 9a3e7f std::_Throw_Cpp_error 42 API calls 9441->9442 9442->9440 9445 9a1e98 9447 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9445->9447 9446 9a3e7f std::_Throw_Cpp_error 42 API calls 9446->9445 9448 9a1d2c 9447->9448 9448->9418 9449 9a1ed0 9448->9449 9450 9a1edf 9449->9450 9451 9a1ee7 9450->9451 9794 9a7eab 9450->9794 9451->9418 9458 9ab3b5 _unexpected 9453->9458 9454 9ab3f3 9455 9aaec7 __dosmaperr 14 API calls 9454->9455 9457 9ab3f1 9455->9457 9456 9ab3de RtlAllocateHeap 9456->9457 9456->9458 9457->9423 9458->9454 9458->9456 9459 9a6d13 _unexpected 2 API calls 9458->9459 9459->9458 9461 9a5588 9460->9461 9462 9a55b6 RaiseException 9460->9462 9461->9462 9462->9424 9463->9432 9474 9a3400 9464->9474 9466 9a3327 9481 9a67f4 9466->9481 9468 9a3379 9469 9a3393 9468->9469 9470 9a33a0 9468->9470 9496 9a35c0 9469->9496 9500 9a3e7f 9470->9500 9473 9a339b 9473->9435 9475 9a3c1a std::_Throw_Cpp_error 21 API calls 9474->9475 9476 9a3449 9475->9476 9506 9a3650 9476->9506 9482 9a6801 9481->9482 9483 9a6815 9481->9483 9485 9aaec7 __dosmaperr 14 API calls 9482->9485 9524 9a6885 9483->9524 9486 9a6806 9485->9486 9488 9a786b __strnicoll 39 API calls 9486->9488 9490 9a6811 9488->9490 9489 9a682a CreateThread 9491 9a6849 GetLastError 9489->9491 9494 9a6855 9489->9494 9541 9a690c 9489->9541 9490->9468 9492 9aaeed __dosmaperr 14 API calls 9491->9492 9492->9494 9533 9a68d5 9494->9533 9497 9a35ec 9496->9497 9498 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9497->9498 9499 9a35f9 9498->9499 9499->9473 9501 9a3e95 std::_Throw_Cpp_error 9500->9501 9667 9a40a7 9501->9667 9515 9a3700 9506->9515 9509 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9510 9a3473 9509->9510 9511 9a36b0 9510->9511 9512 9a36e0 9511->9512 9513 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9512->9513 9514 9a348b 9513->9514 9514->9466 9520 9a3760 9515->9520 9517 9a3733 9518 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9517->9518 9519 9a368c 9518->9519 9519->9509 9521 9a3789 9520->9521 9522 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9521->9522 9523 9a37a7 9522->9523 9523->9517 9525 9aaf77 _unexpected 14 API calls 9524->9525 9526 9a6896 9525->9526 9527 9aa83b __freea 14 API calls 9526->9527 9528 9a68a3 9527->9528 9529 9a68aa GetModuleHandleExW 9528->9529 9530 9a68c7 9528->9530 9529->9530 9531 9a68d5 16 API calls 9530->9531 9532 9a6821 9531->9532 9532->9489 9532->9494 9534 9a68e1 9533->9534 9535 9a6860 9533->9535 9536 9a68f0 9534->9536 9537 9a68e7 CloseHandle 9534->9537 9535->9468 9538 9a68ff 9536->9538 9539 9a68f6 FreeLibrary 9536->9539 9537->9536 9540 9aa83b __freea 14 API calls 9538->9540 9539->9538 9540->9535 9542 9a6918 ___scrt_is_nonwritable_in_current_image 9541->9542 9543 9a691f GetLastError ExitThread 9542->9543 9544 9a692c 9542->9544 9545 9a9787 _unexpected 39 API calls 9544->9545 9546 9a6931 9545->9546 9557 9ab0e6 9546->9557 9548 9a6948 9561 9a34c0 9548->9561 9551 9a6964 9571 9a6877 9551->9571 9558 9a693c 9557->9558 9559 9ab0f6 CallUnexpected 9557->9559 9558->9548 9568 9a93e5 9558->9568 9559->9558 9574 9a948e 9559->9574 9562 9a36b0 5 API calls 9561->9562 9563 9a3502 std::_Throw_Cpp_error 9562->9563 9577 9a3820 9563->9577 9567 9a3552 9567->9551 9569 9a9599 _unexpected 5 API calls 9568->9569 9570 9a9401 9569->9570 9570->9548 9655 9a698a 9571->9655 9575 9a9599 _unexpected 5 API calls 9574->9575 9576 9a94aa 9575->9576 9576->9558 9588 9a1930 9577->9588 9580 9a432f GetCurrentThreadId 9642 9a43f0 9580->9642 9582 9a43d0 9583 9a46d7 ReleaseSRWLockExclusive 9582->9583 9584 9a43da 9583->9584 9584->9567 9585 9a436c 9585->9582 9648 9a46d7 9585->9648 9651 9a4822 WakeAllConditionVariable 9585->9651 9608 9a1770 GetPEB 9588->9608 9590 9a1971 9609 9a11d0 9590->9609 9593 9a19f0 GetFileSize 9594 9a1a17 CloseHandle 9593->9594 9597 9a1a30 9593->9597 9607 9a19e6 9594->9607 9595 9a1aec 9595->9580 9596 9a1bc8 9615 9a17e0 9596->9615 9599 9a1a4a ReadFile 9597->9599 9601 9a1a8c 9599->9601 9602 9a1acd CloseHandle 9599->9602 9603 9a1ab4 CloseHandle 9601->9603 9605 9a1a9e 9601->9605 9602->9607 9603->9607 9605->9603 9607->9595 9607->9596 9630 9a1360 9607->9630 9634 9a1000 9607->9634 9638 9a1430 9607->9638 9608->9590 9613 9a1251 9609->9613 9610 9a1360 std::_Throw_Cpp_error 42 API calls 9610->9613 9611 9a1000 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9611->9613 9612 9a1430 39 API calls 9612->9613 9613->9610 9613->9611 9613->9612 9614 9a1303 CreateFileA 9613->9614 9614->9593 9614->9607 9616 9a11d0 42 API calls 9615->9616 9617 9a1843 FreeConsole 9616->9617 9618 9a14a0 20 API calls 9617->9618 9619 9a1870 9618->9619 9620 9a14a0 20 API calls 9619->9620 9621 9a18aa 9620->9621 9622 9a11d0 42 API calls 9621->9622 9623 9a18bf VirtualProtect 9622->9623 9625 9a1911 9623->9625 9626 9a1906 9623->9626 9628 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9625->9628 9627 9a17a0 ExitProcess 9626->9627 9627->9625 9629 9a1920 9628->9629 9629->9595 9631 9a13a8 std::_Throw_Cpp_error 9630->9631 9632 9a3120 std::_Throw_Cpp_error 42 API calls 9631->9632 9633 9a13e3 9632->9633 9633->9607 9635 9a1032 9634->9635 9636 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9635->9636 9637 9a117a 9636->9637 9637->9607 9639 9a146a 9638->9639 9640 9a2f00 std::_Throw_Cpp_error 39 API calls 9639->9640 9641 9a1473 9640->9641 9641->9607 9652 9a46c6 9642->9652 9644 9a43f9 9645 9a3e7f std::_Throw_Cpp_error 42 API calls 9644->9645 9646 9a440d 9644->9646 9647 9a4416 9645->9647 9646->9585 9649 9a46f2 9648->9649 9650 9a46e4 ReleaseSRWLockExclusive 9648->9650 9649->9585 9650->9649 9651->9585 9653 9a46f6 12 API calls 9652->9653 9654 9a46d3 9653->9654 9654->9644 9656 9a98d8 __dosmaperr 14 API calls 9655->9656 9658 9a6995 9656->9658 9657 9a69d7 ExitThread 9658->9657 9659 9a69ae 9658->9659 9664 9a9420 9658->9664 9661 9a69c1 9659->9661 9662 9a69ba CloseHandle 9659->9662 9661->9657 9663 9a69cd FreeLibraryAndExitThread 9661->9663 9662->9661 9663->9657 9665 9a9599 _unexpected 5 API calls 9664->9665 9666 9a9439 9665->9666 9666->9659 9668 9a40b3 __EH_prolog3_GS 9667->9668 9669 9a1360 std::_Throw_Cpp_error 42 API calls 9668->9669 9670 9a40c7 9669->9670 9677 9a3fe4 9670->9677 9697 9a3d75 9677->9697 9684 9a2f00 std::_Throw_Cpp_error 39 API calls 9685 9a402d 9684->9685 9686 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9685->9686 9687 9a404c 9686->9687 9688 9a2f00 9687->9688 9689 9a2f24 std::_Throw_Cpp_error 9688->9689 9691 9a2f34 std::_Throw_Cpp_error 9689->9691 9776 9a2fd0 9689->9776 9692 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9691->9692 9693 9a2f9e 9692->9693 9694 9a46b7 9693->9694 9695 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9694->9695 9696 9a46c1 9695->9696 9696->9696 9698 9a3d98 9697->9698 9719 9a4160 9698->9719 9700 9a3da3 9701 9a3f71 9700->9701 9702 9a3f7d __EH_prolog3_GS 9701->9702 9704 9a3f9c std::_Throw_Cpp_error 9702->9704 9742 9a3dab 9702->9742 9705 9a3dab std::_Throw_Cpp_error 42 API calls 9704->9705 9706 9a3fc1 9705->9706 9707 9a2f00 std::_Throw_Cpp_error 39 API calls 9706->9707 9708 9a3fc9 9707->9708 9746 9a1f40 9708->9746 9711 9a2f00 std::_Throw_Cpp_error 39 API calls 9712 9a3fdc 9711->9712 9713 9a46b7 std::_Throw_Cpp_error 5 API calls 9712->9713 9714 9a3fe3 9713->9714 9715 9a3e0f 9714->9715 9716 9a3e22 9715->9716 9765 9a3c9c 9716->9765 9720 9a41cc 9719->9720 9721 9a4173 9719->9721 9739 9a2c90 9720->9739 9726 9a417d std::_Throw_Cpp_error 9721->9726 9728 9a2d10 9721->9728 9726->9700 9730 9a2d3e std::_Throw_Cpp_error 9728->9730 9729 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9731 9a2d9d 9729->9731 9730->9729 9732 9a2360 9731->9732 9733 9a237f 9732->9733 9734 9a2373 9732->9734 9735 9a239f 9733->9735 9736 9a238c 9733->9736 9734->9726 9738 9a2430 std::_Throw_Cpp_error 21 API calls 9735->9738 9737 9a23c0 std::_Throw_Cpp_error 42 API calls 9736->9737 9737->9734 9738->9734 9740 9a42ba std::_Xinvalid_argument 41 API calls 9739->9740 9741 9a2ca2 9740->9741 9743 9a3dfa 9742->9743 9745 9a3dc5 std::_Throw_Cpp_error 9742->9745 9750 9a41d2 9743->9750 9745->9704 9747 9a1f82 std::_Throw_Cpp_error 9746->9747 9761 9a2090 9747->9761 9751 9a429c 9750->9751 9752 9a41f6 9750->9752 9754 9a2c90 std::_Throw_Cpp_error 41 API calls 9751->9754 9753 9a2d10 std::_Throw_Cpp_error 5 API calls 9752->9753 9755 9a4208 9753->9755 9756 9a42a1 9754->9756 9757 9a2360 std::_Throw_Cpp_error 42 API calls 9755->9757 9758 9a4213 std::_Throw_Cpp_error 9757->9758 9759 9a2b30 std::_Throw_Cpp_error 39 API calls 9758->9759 9760 9a4267 std::_Throw_Cpp_error 9758->9760 9759->9760 9760->9745 9762 9a20d5 std::_Throw_Cpp_error 9761->9762 9763 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9762->9763 9764 9a1fc1 9763->9764 9764->9711 9768 9a5b4b 9765->9768 9769 9a5b58 9768->9769 9775 9a3cc8 9768->9775 9770 9a7e10 ___std_exception_copy 15 API calls 9769->9770 9769->9775 9771 9a5b75 9770->9771 9772 9a5b85 9771->9772 9773 9a8dbc ___std_exception_copy 39 API calls 9771->9773 9774 9a7df5 ___std_exception_copy 14 API calls 9772->9774 9773->9772 9774->9775 9775->9684 9779 9a3020 9776->9779 9782 9a2b30 9779->9782 9783 9a2b53 9782->9783 9784 9a2b65 std::_Throw_Cpp_error 9782->9784 9785 9a2b90 std::_Throw_Cpp_error 39 API calls 9783->9785 9786 9a3c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9784->9786 9785->9784 9787 9a2b81 9786->9787 9787->9691 9789 9a1e83 9788->9789 9790 9a4444 9788->9790 9789->9445 9789->9446 9791 9a444b GetExitCodeThread 9790->9791 9792 9a4461 CloseHandle 9790->9792 9791->9789 9793 9a445c 9791->9793 9792->9789 9793->9792 9795 9a7eb7 ___scrt_is_nonwritable_in_current_image 9794->9795 9796 9a9787 _unexpected 39 API calls 9795->9796 9799 9a7ebc 9796->9799 9797 9a7da6 CallUnexpected 39 API calls 9798 9a7ee6 9797->9798 9799->9797 9801 9a6b59 9800->9801 9809 9a6b6a 9800->9809 9803 9a4fd4 CallUnexpected GetModuleHandleW 9801->9803 9806 9a6b5e 9803->9806 9804 9a6a18 9804->8359 9806->9809 9811 9a6a60 GetModuleHandleExW 9806->9811 9816 9a6cc6 9809->9816 9812 9a6a9f GetProcAddress 9811->9812 9813 9a6ab3 9811->9813 9812->9813 9814 9a6acf 9813->9814 9815 9a6ac6 FreeLibrary 9813->9815 9814->9809 9815->9814 9817 9a6cd2 ___scrt_is_nonwritable_in_current_image 9816->9817 9831 9a96f8 EnterCriticalSection 9817->9831 9819 9a6cdc 9832 9a6bc3 9819->9832 9821 9a6ce9 9836 9a6d07 9821->9836 9824 9a6afb 9861 9a6ae2 9824->9861 9826 9a6b05 9827 9a6b19 9826->9827 9828 9a6b09 GetCurrentProcess TerminateProcess 9826->9828 9829 9a6a60 CallUnexpected 3 API calls 9827->9829 9828->9827 9830 9a6b21 ExitProcess 9829->9830 9831->9819 9834 9a6bcf ___scrt_is_nonwritable_in_current_image CallUnexpected 9832->9834 9835 9a6c33 CallUnexpected 9834->9835 9839 9a726d 9834->9839 9835->9821 9860 9a970f LeaveCriticalSection 9836->9860 9838 9a6ba2 9838->9804 9838->9824 9840 9a7279 __EH_prolog3 9839->9840 9843 9a74f8 9840->9843 9842 9a72a0 CallUnexpected 9842->9835 9844 9a7504 ___scrt_is_nonwritable_in_current_image 9843->9844 9851 9a96f8 EnterCriticalSection 9844->9851 9846 9a7512 9852 9a73c3 9846->9852 9851->9846 9853 9a73da 9852->9853 9854 9a73e2 9852->9854 9856 9a7547 9853->9856 9854->9853 9855 9aa83b __freea 14 API calls 9854->9855 9855->9853 9859 9a970f LeaveCriticalSection 9856->9859 9858 9a7530 9858->9842 9859->9858 9860->9838 9864 9ab0bf 9861->9864 9863 9a6ae7 CallUnexpected 9863->9826 9865 9ab0ce CallUnexpected 9864->9865 9866 9ab0db 9865->9866 9868 9a944e 9865->9868 9866->9863 9869 9a9599 _unexpected 5 API calls 9868->9869 9870 9a946a 9869->9870 9870->9866 9872 9a65b6 ___scrt_uninitialize_crt 9871->9872 9873 9a65a4 9871->9873 9872->8397 9874 9a65b2 9873->9874 9876 9aac17 9873->9876 9874->8397 9879 9aad42 9876->9879 9882 9aae1b 9879->9882 9883 9aae27 ___scrt_is_nonwritable_in_current_image 9882->9883 9890 9a96f8 EnterCriticalSection 9883->9890 9885 9aae31 ___scrt_uninitialize_crt 9886 9aae9d 9885->9886 9891 9aad8f 9885->9891 9899 9aaebb 9886->9899 9890->9885 9892 9aad9b ___scrt_is_nonwritable_in_current_image 9891->9892 9902 9a6616 EnterCriticalSection 9892->9902 9894 9aada5 ___scrt_uninitialize_crt 9895 9aadde 9894->9895 9903 9aac20 9894->9903 9916 9aae0f 9895->9916 10015 9a970f LeaveCriticalSection 9899->10015 9901 9aac1e 9901->9874 9902->9894 9904 9aac35 __strnicoll 9903->9904 9905 9aac3c 9904->9905 9906 9aac47 9904->9906 9907 9aad42 ___scrt_uninitialize_crt 68 API calls 9905->9907 9919 9aac85 9906->9919 9915 9aac42 9907->9915 9910 9a7ad9 __strnicoll 39 API calls 9912 9aac7f 9910->9912 9912->9895 9913 9aac68 9932 9ad7df 9913->9932 9915->9910 10014 9a662a LeaveCriticalSection 9916->10014 9918 9aadfd 9918->9885 9920 9aac9e 9919->9920 9921 9aac51 9919->9921 9920->9921 9922 9ad0a3 ___scrt_uninitialize_crt 39 API calls 9920->9922 9921->9915 9925 9ad0a3 9921->9925 9923 9aacba 9922->9923 9943 9adb1a 9923->9943 9926 9ad0af 9925->9926 9927 9ad0c4 9925->9927 9928 9aaec7 __dosmaperr 14 API calls 9926->9928 9927->9913 9929 9ad0b4 9928->9929 9930 9a786b __strnicoll 39 API calls 9929->9930 9931 9ad0bf 9930->9931 9931->9913 9933 9ad7f0 9932->9933 9937 9ad7fd 9932->9937 9934 9aaec7 __dosmaperr 14 API calls 9933->9934 9942 9ad7f5 9934->9942 9935 9ad846 9936 9aaec7 __dosmaperr 14 API calls 9935->9936 9938 9ad84b 9936->9938 9937->9935 9939 9ad824 9937->9939 9941 9a786b __strnicoll 39 API calls 9938->9941 9984 9ad85c 9939->9984 9941->9942 9942->9915 9944 9adb26 ___scrt_is_nonwritable_in_current_image 9943->9944 9945 9adb67 9944->9945 9947 9adbad 9944->9947 9953 9adb2e 9944->9953 9946 9a7a14 __strnicoll 29 API calls 9945->9946 9946->9953 9954 9ad047 EnterCriticalSection 9947->9954 9949 9adbb3 9950 9adbd1 9949->9950 9955 9ad8fe 9949->9955 9981 9adc23 9950->9981 9953->9921 9954->9949 9956 9ad926 9955->9956 9979 9ad949 ___scrt_uninitialize_crt 9955->9979 9957 9ad92a 9956->9957 9959 9ad985 9956->9959 9958 9a7a14 __strnicoll 29 API calls 9957->9958 9958->9979 9960 9ad9a3 9959->9960 9962 9af111 ___scrt_uninitialize_crt 41 API calls 9959->9962 9961 9adc2b ___scrt_uninitialize_crt 40 API calls 9960->9961 9963 9ad9b5 9961->9963 9962->9960 9964 9ad9bb 9963->9964 9965 9ada02 9963->9965 9966 9ad9ea 9964->9966 9967 9ad9c3 9964->9967 9968 9ada6b WriteFile 9965->9968 9969 9ada16 9965->9969 9972 9adca8 ___scrt_uninitialize_crt 45 API calls 9966->9972 9976 9ae06f ___scrt_uninitialize_crt 6 API calls 9967->9976 9967->9979 9973 9ada8d GetLastError 9968->9973 9968->9979 9970 9ada1e 9969->9970 9971 9ada57 9969->9971 9974 9ada43 9970->9974 9975 9ada23 9970->9975 9977 9ae0d7 ___scrt_uninitialize_crt 7 API calls 9971->9977 9972->9979 9973->9979 9978 9ae29b ___scrt_uninitialize_crt 8 API calls 9974->9978 9975->9979 9980 9ae1b2 ___scrt_uninitialize_crt 7 API calls 9975->9980 9976->9979 9977->9979 9978->9979 9979->9950 9980->9979 9982 9ad06a ___scrt_uninitialize_crt LeaveCriticalSection 9981->9982 9983 9adc29 9982->9983 9983->9953 9985 9ad868 ___scrt_is_nonwritable_in_current_image 9984->9985 9997 9ad047 EnterCriticalSection 9985->9997 9987 9ad877 9995 9ad8bc 9987->9995 9998 9acdfe 9987->9998 9988 9aaec7 __dosmaperr 14 API calls 9991 9ad8c3 9988->9991 9990 9ad8a3 FlushFileBuffers 9990->9991 9992 9ad8af GetLastError 9990->9992 10011 9ad8f2 9991->10011 9993 9aaeda __dosmaperr 14 API calls 9992->9993 9993->9995 9995->9988 9997->9987 9999 9ace0b 9998->9999 10000 9ace20 9998->10000 10001 9aaeda __dosmaperr 14 API calls 9999->10001 10003 9aaeda __dosmaperr 14 API calls 10000->10003 10005 9ace45 10000->10005 10002 9ace10 10001->10002 10004 9aaec7 __dosmaperr 14 API calls 10002->10004 10006 9ace50 10003->10006 10007 9ace18 10004->10007 10005->9990 10008 9aaec7 __dosmaperr 14 API calls 10006->10008 10007->9990 10009 9ace58 10008->10009 10010 9a786b __strnicoll 39 API calls 10009->10010 10010->10007 10012 9ad06a ___scrt_uninitialize_crt LeaveCriticalSection 10011->10012 10013 9ad8db 10012->10013 10013->9942 10014->9918 10015->9901

                                                                              Executed Functions

                                                                              Function 009BA1A9 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,009BA11B,009BA10B), ref: 009BA33F
                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 009BA352
                                                                              • Wow64GetThreadContext.KERNEL32(000000A0,00000000), ref: 009BA370
                                                                              • ReadProcessMemory.KERNELBASE(0000009C,?,009BA15F,00000004,00000000), ref: 009BA394
                                                                              • VirtualAllocEx.KERNELBASE(0000009C,?,?,00003000,00000040), ref: 009BA3BF
                                                                              • WriteProcessMemory.KERNELBASE(0000009C,00000000,?,?,00000000,?), ref: 009BA417
                                                                              • WriteProcessMemory.KERNELBASE(0000009C,00400000,?,?,00000000,?,00000028), ref: 009BA462
                                                                              • WriteProcessMemory.KERNELBASE(0000009C,?,?,00000004,00000000), ref: 009BA4A0
                                                                              • Wow64SetThreadContext.KERNEL32(000000A0,005D0000), ref: 009BA4DC
                                                                              • ResumeThread.KERNELBASE(000000A0), ref: 009BA4EB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                              • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                              • API String ID: 2687962208-3857624555
                                                                              • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                              • Instruction ID: aba553202450b39f9cdcbf24903983d6fe70be683a71636a562ca45e9e6ba17e
                                                                              • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                              • Instruction Fuzzy Hash: F2B1087260024AAFDB60CF68CD80BDA73A5FF88724F158524EA0CAB341D774FA51CB94
                                                                              Function 009A94CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 26 9a94ce-9a94da 27 9a956c-9a956f 26->27 28 9a94df-9a94f0 27->28 29 9a9575 27->29 31 9a94fd-9a9516 LoadLibraryExW 28->31 32 9a94f2-9a94f5 28->32 30 9a9577-9a957b 29->30 35 9a9518-9a9521 GetLastError 31->35 36 9a957c-9a958c 31->36 33 9a94fb 32->33 34 9a9595-9a9597 32->34 38 9a9569 33->38 34->30 39 9a955a-9a9567 35->39 40 9a9523-9a9535 call 9ab403 35->40 36->34 37 9a958e-9a958f FreeLibrary 36->37 37->34 38->27 39->38 40->39 43 9a9537-9a9549 call 9ab403 40->43 43->39 46 9a954b-9a9558 LoadLibraryExW 43->46 46->36 46->39
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,EFF5169C,?,009A95DD,?,?,00000000), ref: 009A958F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID: api-ms-$ext-ms-
                                                                              • API String ID: 3664257935-537541572
                                                                              • Opcode ID: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                                              • Instruction ID: a85474ac283111abf3178413e80806fcab9311c6e02d78736d2aacf71f32731b
                                                                              • Opcode Fuzzy Hash: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                                              • Instruction Fuzzy Hash: 1A215035E05211A7C7229B64DC41A6E77ACFB8B7B1F140610FD06A72D1DB70EE01D6D0
                                                                              Function 009A1930 Relevance: 9.2, APIs: 6, Instructions: 196fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: File$CloseCreateHandleSize
                                                                              • String ID:
                                                                              • API String ID: 1378416451-0
                                                                              • Opcode ID: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                                              • Instruction ID: 01dbf0d9918108c55e6b4145a7798ef981f9bb530ca0a367eb947cb308af8286
                                                                              • Opcode Fuzzy Hash: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                                              • Instruction Fuzzy Hash: F481F0B4D0A258DFCB00DFA8D584BAEBBF0BF4A314F104929E455A7381D7789948CF96
                                                                              Function 009AD525 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 86 9ad525-9ad53e 87 9ad540-9ad550 call 9af2f0 86->87 88 9ad554-9ad559 86->88 87->88 95 9ad552 87->95 90 9ad55b-9ad563 88->90 91 9ad566-9ad58c call 9ab55e 88->91 90->91 96 9ad702-9ad713 call 9a3c8e 91->96 97 9ad592-9ad59d 91->97 95->88 98 9ad5a3-9ad5a8 97->98 99 9ad6f5 97->99 101 9ad5aa-9ad5b3 call 9ae580 98->101 102 9ad5c1-9ad5cc call 9ab3b5 98->102 103 9ad6f7 99->103 101->103 111 9ad5b9-9ad5bf 101->111 102->103 113 9ad5d2 102->113 106 9ad6f9-9ad700 call 9ab43d 103->106 106->96 114 9ad5d8-9ad5dd 111->114 113->114 114->103 115 9ad5e3-9ad5f8 call 9ab55e 114->115 115->103 118 9ad5fe-9ad610 call 9a9357 115->118 120 9ad615-9ad619 118->120 120->103 121 9ad61f-9ad627 120->121 122 9ad629-9ad62e 121->122 123 9ad661-9ad66d 121->123 122->106 124 9ad634-9ad636 122->124 125 9ad6ea 123->125 126 9ad66f-9ad671 123->126 124->103 128 9ad63c-9ad656 call 9a9357 124->128 127 9ad6ec-9ad6f3 call 9ab43d 125->127 129 9ad673-9ad67c call 9ae580 126->129 130 9ad686-9ad691 call 9ab3b5 126->130 127->103 128->106 140 9ad65c 128->140 129->127 141 9ad67e-9ad684 129->141 130->127 139 9ad693 130->139 142 9ad699-9ad69e 139->142 140->103 141->142 142->127 143 9ad6a0-9ad6b8 call 9a9357 142->143 143->127 146 9ad6ba-9ad6c1 143->146 147 9ad6e2-9ad6e8 146->147 148 9ad6c3-9ad6c4 146->148 149 9ad6c5-9ad6d7 call 9ac8a1 147->149 148->149 149->127 152 9ad6d9-9ad6e0 call 9ab43d 149->152 152->106
                                                                              APIs
                                                                              • __alloca_probe_16.LIBCMT ref: 009AD5AA
                                                                              • __alloca_probe_16.LIBCMT ref: 009AD673
                                                                              • __freea.LIBCMT ref: 009AD6DA
                                                                                • Part of subcall function 009AB3B5: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,009A3C34,?,?,009A2442,00001000,?,009A23AA), ref: 009AB3E7
                                                                              • __freea.LIBCMT ref: 009AD6ED
                                                                              • __freea.LIBCMT ref: 009AD6FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1423051803-0
                                                                              • Opcode ID: be25caeff3c76fd51f2c8156eeb3c609f1068380a2843cfded3a49d8a625dc4b
                                                                              • Instruction ID: 274e42a4a04f457c7af23c7a05c44a0231417b70685d8ef8d5a8b197426a4369
                                                                              • Opcode Fuzzy Hash: be25caeff3c76fd51f2c8156eeb3c609f1068380a2843cfded3a49d8a625dc4b
                                                                              • Instruction Fuzzy Hash: 0951C372602246AFEF205F64CC81EBB37ADEF8A714B190529FD0AD6551EB75CC10C6E0
                                                                              Function 009A17E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleFreeProtectVirtual
                                                                              • String ID: @
                                                                              • API String ID: 621788221-2766056989
                                                                              • Opcode ID: 3366da4662ad41591c863ead7e174367602c92419c7a2b47eb059d441977b7ea
                                                                              • Instruction ID: 201863e6c95d973326811e8a48b58f6d2c527140b21287903a36903d71b8e2f5
                                                                              • Opcode Fuzzy Hash: 3366da4662ad41591c863ead7e174367602c92419c7a2b47eb059d441977b7ea
                                                                              • Instruction Fuzzy Hash: AF31B1B0904308DFDB04EFA9D59969EBBF0FF49318F118529E448AB350D7749944CF95
                                                                              Function 009A67F4 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 171 9a67f4-9a67ff 172 9a6801-9a6814 call 9aaec7 call 9a786b 171->172 173 9a6815-9a6828 call 9a6885 171->173 179 9a682a-9a6847 CreateThread 173->179 180 9a6856 173->180 182 9a6849-9a6855 GetLastError call 9aaeed 179->182 183 9a6865-9a686a 179->183 184 9a6858-9a6864 call 9a68d5 180->184 182->180 187 9a686c-9a686f 183->187 188 9a6871-9a6875 183->188 187->188 188->184
                                                                              APIs
                                                                              • CreateThread.KERNELBASE(009A34C0,?,Function_0000690C,00000000,?,009A34C0), ref: 009A683D
                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,009A3379), ref: 009A6849
                                                                              • __dosmaperr.LIBCMT ref: 009A6850
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CreateErrorLastThread__dosmaperr
                                                                              • String ID:
                                                                              • API String ID: 2744730728-0
                                                                              • Opcode ID: 2d876ae943e00324297c0163106d2222dca7846d94199fd4963fd919224f0f30
                                                                              • Instruction ID: 1e3001c5fff246c77931e4d7c7ffb2b6172fd9569bcf3ff62370483b29dcf73c
                                                                              • Opcode Fuzzy Hash: 2d876ae943e00324297c0163106d2222dca7846d94199fd4963fd919224f0f30
                                                                              • Instruction Fuzzy Hash: F2019E72904219EBDF15AFA4CC06AAF7B7DEF82364F144118F90192150DB78C950DBD1
                                                                              Function 009AA0BA Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 191 9aa0ba-9aa0e2 call 9aa2bf 194 9aa0e8-9aa0ee 191->194 195 9aa2a7-9aa2a8 call 9aa330 191->195 197 9aa0f1-9aa0f7 194->197 198 9aa2ad-9aa2af 195->198 199 9aa0fd-9aa109 197->199 200 9aa1f3-9aa212 call 9a6360 197->200 201 9aa2b0-9aa2be call 9a3c8e 198->201 199->197 202 9aa10b-9aa111 199->202 208 9aa215-9aa21a 200->208 205 9aa1eb-9aa1ee 202->205 206 9aa117-9aa123 IsValidCodePage 202->206 205->201 206->205 210 9aa129-9aa130 206->210 211 9aa21c-9aa221 208->211 212 9aa257-9aa261 208->212 213 9aa152-9aa15f GetCPInfo 210->213 214 9aa132-9aa13e 210->214 215 9aa223-9aa22b 211->215 216 9aa254 211->216 212->208 217 9aa263-9aa28d call 9aa60b 212->217 219 9aa1df-9aa1e5 213->219 220 9aa161-9aa180 call 9a6360 213->220 218 9aa142-9aa14d 214->218 221 9aa24c-9aa252 215->221 222 9aa22d-9aa230 215->222 216->212 232 9aa28e-9aa29d 217->232 224 9aa29f-9aa2a0 call 9aa649 218->224 219->195 219->205 220->218 230 9aa182-9aa189 220->230 221->211 221->216 226 9aa232-9aa238 222->226 233 9aa2a5 224->233 226->221 231 9aa23a-9aa24a 226->231 234 9aa18b-9aa190 230->234 235 9aa1b5-9aa1b8 230->235 231->221 231->226 232->224 232->232 233->198 234->235 236 9aa192-9aa19a 234->236 237 9aa1bd-9aa1c4 235->237 238 9aa19c-9aa1a3 236->238 239 9aa1ad-9aa1b3 236->239 237->237 240 9aa1c6-9aa1da call 9aa60b 237->240 241 9aa1a4-9aa1ab 238->241 239->234 239->235 240->218 241->239 241->241
                                                                              APIs
                                                                                • Part of subcall function 009AA2BF: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 009AA2EA
                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,009AA4CA,?,00000000,?,00000000,?), ref: 009AA11B
                                                                              • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,009AA4CA,?,00000000,?,00000000,?), ref: 009AA157
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CodeInfoPageValid
                                                                              • String ID:
                                                                              • API String ID: 546120528-0
                                                                              • Opcode ID: 136ce0e1a261d644a6376a654c352102283f896b05ddf7125bcf35f93af321ec
                                                                              • Instruction ID: e279b2d9e7e2d517ff6281f25a33d57180a20641fb3fa57d01f0db75f31883f1
                                                                              • Opcode Fuzzy Hash: 136ce0e1a261d644a6376a654c352102283f896b05ddf7125bcf35f93af321ec
                                                                              • Instruction Fuzzy Hash: 93515570A043459FDB21CF75C8857BABBF9EF82310F18846ED4A68B251E7759942CBC2
                                                                              Function 009A3C1A Relevance: 3.1, APIs: 2, Instructions: 94COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 244 9a3c1a-9a3c1d 245 9a3c2c-9a3c2f call 9a7e10 244->245 247 9a3c34-9a3c37 245->247 248 9a3c39-9a3c3a 247->248 249 9a3c1f-9a3c2a call 9a6d13 247->249 249->245 252 9a3c3b-9a3c3f 249->252 253 9a449f-9a44cf call 9a2480 call 9a556e IsProcessorFeaturePresent 252->253 254 9a3c45-9a449e call 9a42a2 call 9a556e 252->254 265 9a44d1-9a44d4 253->265 266 9a44d6-9a45b6 call 9a45b7 253->266 254->253 265->266
                                                                              APIs
                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 009A44C7
                                                                              • ___raise_securityfailure.LIBCMT ref: 009A45AF
                                                                                • Part of subcall function 009A556E: RaiseException.KERNEL32(E06D7363,00000001,00000003,009A44BB,?,?,?,?,009A44BB,00001000,009B875C,00001000), ref: 009A55CF
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
                                                                              • String ID:
                                                                              • API String ID: 3749517692-0
                                                                              • Opcode ID: 18dfcbda479b07ca0accd96e8fdcd8443fb145868dbfc8ba1f6d90bc24b8a3ea
                                                                              • Instruction ID: 029790744d08ded9a50211cebb7e375cbbf1f2c34e3e724f6ae11b0c04f385b2
                                                                              • Opcode Fuzzy Hash: 18dfcbda479b07ca0accd96e8fdcd8443fb145868dbfc8ba1f6d90bc24b8a3ea
                                                                              • Instruction Fuzzy Hash: 68315D74528208AFD704DF59FE567497BA8FB59320F108629F9249A2F1EBF09940EB84
                                                                              Function 009A9EAC Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 269 9a9eac-9a9eb1 270 9a9eb3-9a9ecb 269->270 271 9a9ed9-9a9ee2 270->271 272 9a9ecd-9a9ed1 270->272 274 9a9ef4 271->274 275 9a9ee4-9a9ee7 271->275 272->271 273 9a9ed3-9a9ed7 272->273 276 9a9f4e-9a9f52 273->276 279 9a9ef6-9a9f03 GetStdHandle 274->279 277 9a9ee9-9a9eee 275->277 278 9a9ef0-9a9ef2 275->278 276->270 282 9a9f58-9a9f5b 276->282 277->279 278->279 280 9a9f30-9a9f42 279->280 281 9a9f05-9a9f07 279->281 280->276 284 9a9f44-9a9f47 280->284 281->280 283 9a9f09-9a9f12 GetFileType 281->283 283->280 285 9a9f14-9a9f1d 283->285 284->276 286 9a9f1f-9a9f23 285->286 287 9a9f25-9a9f28 285->287 286->276 287->276 288 9a9f2a-9a9f2e 287->288 288->276
                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,009A9D9B,009B90B8,0000000C), ref: 009A9EF8
                                                                              • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,009A9D9B,009B90B8,0000000C), ref: 009A9F0A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleType
                                                                              • String ID:
                                                                              • API String ID: 3000768030-0
                                                                              • Opcode ID: 130e339aa17b110fcbfaa4fb18dc644e1ce68b13666d047f75db63b5c36ec788
                                                                              • Instruction ID: 514ecc4adb0175f6cf523d1595d3aaaf817d7344959aecffa6ea40a9ea983d29
                                                                              • Opcode Fuzzy Hash: 130e339aa17b110fcbfaa4fb18dc644e1ce68b13666d047f75db63b5c36ec788
                                                                              • Instruction Fuzzy Hash: D311B1315187414AC7308E3E8C88623BA98BB97370B380B5EE1B6C65F6C734DD86D6C4
                                                                              Function 009A690C Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetLastError.KERNEL32(009B8D78,0000000C), ref: 009A691F
                                                                              • ExitThread.KERNEL32 ref: 009A6926
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorExitLastThread
                                                                              • String ID:
                                                                              • API String ID: 1611280651-0
                                                                              • Opcode ID: 6aa2b3cdd0a07e620e0a662088f0a209ae3cb9f5773785d50f4f19aa7038996b
                                                                              • Instruction ID: 35c90710430566f93836189e11a4738c5a6978eefeb8fb0906e57fd9fec00b01
                                                                              • Opcode Fuzzy Hash: 6aa2b3cdd0a07e620e0a662088f0a209ae3cb9f5773785d50f4f19aa7038996b
                                                                              • Instruction Fuzzy Hash: 98F0AF74A582049FDB01AFB0C94AB6E7B78FFC6320F104649F40297292CB349900DBE0
                                                                              Function 009A9357 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 309 9a9357-9a9366 call 9a9652 312 9a9368-9a938d LCMapStringEx 309->312 313 9a938f-9a93a9 call 9a93b4 LCMapStringW 309->313 317 9a93af-9a93b1 312->317 313->317
                                                                              APIs
                                                                              • LCMapStringEx.KERNELBASE(?,009AD615,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 009A938B
                                                                              • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,009AD615,?,?,-00000008,?,00000000), ref: 009A93A9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: String
                                                                              • String ID:
                                                                              • API String ID: 2568140703-0
                                                                              • Opcode ID: e602d6bc9e3aa85e01c3edd9eff7d13649df84d75396ef68a098878b742d2206
                                                                              • Instruction ID: 4cad842d209cc93480a0fbf28ad87a823eb3fd9d37596372d2fb433db5198c4a
                                                                              • Opcode Fuzzy Hash: e602d6bc9e3aa85e01c3edd9eff7d13649df84d75396ef68a098878b742d2206
                                                                              • Instruction Fuzzy Hash: 9AF0283240511ABBCF126F90DD09ADE7E66BF897A0B058510FA1965160CA36C971AB90
                                                                              Function 009AA83B Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 318 9aa83b-9aa844 319 9aa873-9aa874 318->319 320 9aa846-9aa859 RtlFreeHeap 318->320 320->319 321 9aa85b-9aa872 GetLastError call 9aaf10 call 9aaec7 320->321 321->319
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,009AB3A9,?,00000000,?,?,009AB2C5,?,00000007,?,?,009AB8DE,?,?), ref: 009AA851
                                                                              • GetLastError.KERNEL32(?,?,009AB3A9,?,00000000,?,?,009AB2C5,?,00000007,?,?,009AB8DE,?,?), ref: 009AA85C
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 485612231-0
                                                                              • Opcode ID: 8eb9401049f7ab4e3c22a75b1d2a003b71f2246fe8d72125b3e412f7e09e552b
                                                                              • Instruction ID: 73eb7f728ab23abde04a720a7dbf142874140e3fecec19758da5b6b5d04242bc
                                                                              • Opcode Fuzzy Hash: 8eb9401049f7ab4e3c22a75b1d2a003b71f2246fe8d72125b3e412f7e09e552b
                                                                              • Instruction Fuzzy Hash: 05E08C32108204ABCB112FE4ED09B9A3A6CEB853A5F100021F608A6060CB78C950D7CA
                                                                              Function 009AA649 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 326 9aa649-9aa66b 327 9aa77d-9aa7a3 326->327 328 9aa671-9aa683 GetCPInfo 326->328 329 9aa7a8-9aa7ad 327->329 328->327 330 9aa689-9aa690 328->330 331 9aa7af-9aa7b5 329->331 332 9aa7b7-9aa7bd 329->332 333 9aa692-9aa69c 330->333 335 9aa7c5-9aa7c7 331->335 336 9aa7c9 332->336 337 9aa7bf-9aa7c2 332->337 333->333 334 9aa69e-9aa6b1 333->334 338 9aa6d2-9aa6d4 334->338 339 9aa7cb-9aa7dd 335->339 336->339 337->335 340 9aa6b3-9aa6ba 338->340 341 9aa6d6-9aa70d call 9ab45d call 9ad4dc 338->341 339->329 342 9aa7df-9aa7ed call 9a3c8e 339->342 343 9aa6c9-9aa6cb 340->343 352 9aa712-9aa740 call 9ad4dc 341->352 346 9aa6bc-9aa6be 343->346 347 9aa6cd-9aa6d0 343->347 346->347 350 9aa6c0-9aa6c8 346->350 347->338 350->343 355 9aa742-9aa74d 352->355 356 9aa75b-9aa75e 355->356 357 9aa74f-9aa759 355->357 359 9aa76c 356->359 360 9aa760-9aa76a 356->360 358 9aa76e-9aa779 357->358 358->355 361 9aa77b 358->361 359->358 360->358 361->342
                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(00000083,?,00000005,009AA4CA,?), ref: 009AA67B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: Info
                                                                              • String ID:
                                                                              • API String ID: 1807457897-0
                                                                              • Opcode ID: 93f617ad8351819b41dd0c329ba238b0563d6bd2c794dbeb3ddd1f897e008b0e
                                                                              • Instruction ID: 7fa1ce8094873295afdbbbd327a72ef4cf61cf3914719680bd6d5486ca0f5f1f
                                                                              • Opcode Fuzzy Hash: 93f617ad8351819b41dd0c329ba238b0563d6bd2c794dbeb3ddd1f897e008b0e
                                                                              • Instruction Fuzzy Hash: 565139B1908158AFDB118F28CD84BEABBBCEB57300F1405E9E499C7182D3359E45DFA1
                                                                              Function 009A32D0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 362 9a32d0-9a3374 call 9a3400 call 9a35a0 call 9a67f4 369 9a3379-9a338d 362->369 371 9a3393-9a339b call 9a35c0 369->371 372 9a33a0-9a33b8 call 9a3e7f 369->372 377 9a33bd-9a33d5 call 9a3610 371->377 372->377
                                                                              APIs
                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 009A33B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: Cpp_errorThrow_std::_
                                                                              • String ID:
                                                                              • API String ID: 2134207285-0
                                                                              • Opcode ID: 842316b09da73e2cb9295805de4fc644ef262b1b8d3d846644279b23c2e55411
                                                                              • Instruction ID: c1424dccda464e555cc5cdc51eea3138218b7d8e5e8d092bae5e2555550030ed
                                                                              • Opcode Fuzzy Hash: 842316b09da73e2cb9295805de4fc644ef262b1b8d3d846644279b23c2e55411
                                                                              • Instruction Fuzzy Hash: B731B2B59112089FCB04DFA8C545B9EFBF0FB4A314F10C56AE819AB351D7759A04CFA1
                                                                              Function 009A9599 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 380 9a9599-9a95c3 381 9a95c9-9a95cb 380->381 382 9a95c5-9a95c7 380->382 384 9a95cd-9a95cf 381->384 385 9a95d1-9a95d8 call 9a94ce 381->385 383 9a961a-9a961d 382->383 384->383 387 9a95dd-9a95e1 385->387 388 9a95e3-9a95f1 GetProcAddress 387->388 389 9a9600-9a9617 387->389 388->389 390 9a95f3-9a95fe call 9a65f7 388->390 391 9a9619 389->391 390->391 391->383
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ba143aa04d08f6e868f59c081e54b62f987e86bce2c2834706461eecc24d0ab
                                                                              • Instruction ID: 426d6600f848bf76fa7e9d075905370aaf824e59c381b8834be471e2396473c4
                                                                              • Opcode Fuzzy Hash: 0ba143aa04d08f6e868f59c081e54b62f987e86bce2c2834706461eecc24d0ab
                                                                              • Instruction Fuzzy Hash: E1012833A28214AF8B128F68ED91A1A33A9FBC67303394224F901C7098DF30D800D7C5
                                                                              Function 009AB3B5 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,009A3C34,?,?,009A2442,00001000,?,009A23AA), ref: 009AB3E7
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 8a8e7ff4748bbb642bd1f9c3b7f57c4f071f98e388cfc032c974a3f9bb7f07c0
                                                                              • Instruction ID: b5f5f83da4b7381b7ba5a5dee8f068ff108fe3a4f37b81e7517247fa00add110
                                                                              • Opcode Fuzzy Hash: 8a8e7ff4748bbb642bd1f9c3b7f57c4f071f98e388cfc032c974a3f9bb7f07c0
                                                                              • Instruction Fuzzy Hash: 14E06D3120A625A7DF213B769D02BAB7A4CEF833B0F150560AE459A1D2DFA8CC0082E1
                                                                              Function 009A17A0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ExitProcess
                                                                              • String ID:
                                                                              • API String ID: 621844428-0
                                                                              • Opcode ID: 45137b88dff520a9ab5897397a588b9e65709846456d2a510d0fd0e4a8219326
                                                                              • Instruction ID: 73edb055628724b9f792a8733d133aac82557b9b173b3e54fb99d7646543a1ed
                                                                              • Opcode Fuzzy Hash: 45137b88dff520a9ab5897397a588b9e65709846456d2a510d0fd0e4a8219326
                                                                              • Instruction Fuzzy Hash: A2E0C230A18208ABD300EF79CC0479A7BE4EF4A320F418038E988CB344DA34E8408796

                                                                              Non-executed Functions

                                                                              Function 009ABF4B Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009AC03B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: FileFindFirst
                                                                              • String ID:
                                                                              • API String ID: 1974802433-0
                                                                              • Opcode ID: 4c9102af5bfc20c85b56e6cca22f084281f4f2287bc2bf131e62df7cd2a5d273
                                                                              • Instruction ID: 361cf21a114be61aae24ad28b791fd7dfc5b1c57f930a5884e0693c4a4243192
                                                                              • Opcode Fuzzy Hash: 4c9102af5bfc20c85b56e6cca22f084281f4f2287bc2bf131e62df7cd2a5d273
                                                                              • Instruction Fuzzy Hash: E571D8B19091689FDF20AF28CC8DABEB7B9EF46304F1441D9E40DA7252DB354E859F90
                                                                              Function 009A5027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009A5033
                                                                              • IsDebuggerPresent.KERNEL32 ref: 009A50FF
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009A5118
                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 009A5122
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                              • String ID:
                                                                              • API String ID: 254469556-0
                                                                              • Opcode ID: 07a1f03c9ba84d87ace61368335bc5fe2bc0c396918eded940e1d64fc633ea95
                                                                              • Instruction ID: 322b30c106090feb4ba349b24dafb1523542fb2f956019d2a8b9c0bc2d5c8015
                                                                              • Opcode Fuzzy Hash: 07a1f03c9ba84d87ace61368335bc5fe2bc0c396918eded940e1d64fc633ea95
                                                                              • Instruction Fuzzy Hash: 38312975D05218DBDF20EFA4D9497CDBBB8BF08300F1041AAE40CAB250EB709A84CF85
                                                                              Function 009A78CC Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 009A79C4
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 009A79CE
                                                                              • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 009A79DB
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                              • String ID:
                                                                              • API String ID: 3906539128-0
                                                                              • Opcode ID: bd38d527c8e62e891740035053cd47ce91f4d3930fda4331cfa7d1552e3c378e
                                                                              • Instruction ID: 2fa09dd8cd3c8485fb0552213996473a70a752ef7644b4b98d5fb15250a345d5
                                                                              • Opcode Fuzzy Hash: bd38d527c8e62e891740035053cd47ce91f4d3930fda4331cfa7d1552e3c378e
                                                                              • Instruction Fuzzy Hash: 9931D3749012199BCB61DF64DD89B8DBBB8BF48310F5042EAE41CA6250EB709B858F45
                                                                              Function 009A48D3 Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,009A4844,?,?,?,?,009A4868,000000FF,?,?,?,009A4780,00000000), ref: 009A490B
                                                                              • GetSystemTimeAsFileTime.KERNEL32(?,EFF5169C,?,?,009B1B3D,000000FF,?,009A4844,?,?,?,?,009A4868,000000FF,?), ref: 009A490F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: Time$FileSystem$Precise
                                                                              • String ID:
                                                                              • API String ID: 743729956-0
                                                                              • Opcode ID: cef6daea4f57ec4a42ea7d921f674ee55bb3c774785b98b0e37271350c15076d
                                                                              • Instruction ID: 1e965eebcc0eda7302fcb39feb3e4f57a7ccdded04f9d3608a0d95c3924dcd40
                                                                              • Opcode Fuzzy Hash: cef6daea4f57ec4a42ea7d921f674ee55bb3c774785b98b0e37271350c15076d
                                                                              • Instruction Fuzzy Hash: 26F0A07291C558EFCB019F44DD40B9AB7A8FB89F30F00472AE81293290DBB469009A80
                                                                              Function 009B1542 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009B149D,?,?,00000008,?,?,009B106F,00000000), ref: 009B176F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise
                                                                              • String ID:
                                                                              • API String ID: 3997070919-0
                                                                              • Opcode ID: 7fa87736b37089d49c70f2615b57555682a49e7427471b5295ae04bc722592fc
                                                                              • Instruction ID: c35a8b3a686a25476e146a2f068a68e81de44d8d759d22bbceaeec47b51a572d
                                                                              • Opcode Fuzzy Hash: 7fa87736b37089d49c70f2615b57555682a49e7427471b5295ae04bc722592fc
                                                                              • Instruction Fuzzy Hash: A5B17E31610608DFD719CF28C59ABA47BE0FF45364F69865CE89ACF2A1C735D992CB40
                                                                              Function 009A5235 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 009A524B
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: FeaturePresentProcessor
                                                                              • String ID:
                                                                              • API String ID: 2325560087-0
                                                                              • Opcode ID: c781cc53eab90a83bd73c58f60cbec986851fd2133e2ce4b508c2a9835cdc374
                                                                              • Instruction ID: df1cf6e6ba1017b9755f8f59eed6cc1daf664062aac89684631d62d322885c3f
                                                                              • Opcode Fuzzy Hash: c781cc53eab90a83bd73c58f60cbec986851fd2133e2ce4b508c2a9835cdc374
                                                                              • Instruction Fuzzy Hash: E1A1B1B1E25604CFDB19CF59EA89299BBF5FB49330F19822AD419E73A0D3749840CF91
                                                                              Function 009ABE9A Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 009AAF77: HeapAlloc.KERNEL32(00000008,?,?,?,009A97D4,00000001,00000364,?,00000002,000000FF,?,009A6931,009B8D78,0000000C), ref: 009AAFB8
                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009AC03B
                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 009AC12F
                                                                              • FindClose.KERNEL32(00000000), ref: 009AC16E
                                                                              • FindClose.KERNEL32(00000000), ref: 009AC1A1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                              • String ID:
                                                                              • API String ID: 2701053895-0
                                                                              • Opcode ID: e1ac476da1c96a9b1f2ce3497cf0db6c2f005c2d6169bc2e8e85568ce60cfd0d
                                                                              • Instruction ID: 9a9bbd830bedca2ee9a3d7f61e716d1205a0e60780ea6e1785d20283409fd159
                                                                              • Opcode Fuzzy Hash: e1ac476da1c96a9b1f2ce3497cf0db6c2f005c2d6169bc2e8e85568ce60cfd0d
                                                                              • Instruction Fuzzy Hash: 52513975904118AFDF24AF289C85AFEB7ADDF87354F284199F41997202EB308D429FE0
                                                                              Function 009A501B Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0000513C,009A4ACD), ref: 009A5020
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled
                                                                              • String ID:
                                                                              • API String ID: 3192549508-0
                                                                              • Opcode ID: ddda61707dc807ae78a08d0cac42aa7c806b9a24a5f75ba729d6dffbbe3af3ec
                                                                              • Instruction ID: cddc9908a9bf00e25f628a35dd8185046de524e1ab33abd478eb7ead5c4e8579
                                                                              • Opcode Fuzzy Hash: ddda61707dc807ae78a08d0cac42aa7c806b9a24a5f75ba729d6dffbbe3af3ec
                                                                              • Instruction Fuzzy Hash:
                                                                              Function 009A9726 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: HeapProcess
                                                                              • String ID:
                                                                              • API String ID: 54951025-0
                                                                              • Opcode ID: 59d98c05383cdda0de75be7570194aa4639b16de44d16586c17b254b83542b06
                                                                              • Instruction ID: d33ca6a5e0bfe99cadc899763ecf8e49da88ffc2dd4a63d63bab38074a5619da
                                                                              • Opcode Fuzzy Hash: 59d98c05383cdda0de75be7570194aa4639b16de44d16586c17b254b83542b06
                                                                              • Instruction Fuzzy Hash: 62A0113022A2008B83008F30AF0822A3BA8AA882E03080228A008C02A0EB388088BA00
                                                                              Function 009A1000 Relevance: .1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0de833190065c281e4c59c4b97fc940f557d3fffbfb6dbd4246990f0bf234e24
                                                                              • Instruction ID: 61c23a42e0a4c70f97472f71b195e2905685b2013adfba454fd70ad84df8593e
                                                                              • Opcode Fuzzy Hash: 0de833190065c281e4c59c4b97fc940f557d3fffbfb6dbd4246990f0bf234e24
                                                                              • Instruction Fuzzy Hash: 9B519CB4D0421D9FCB40CFA8C591AEEBBF4EB49350F24845AE415FB310D734AA41CBA5
                                                                              Function 009A1770 Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ae8820505454afb2c4dbda9d98820f600b461d38d1dc6edc1ad5d484576f57d8
                                                                              • Instruction ID: f64957d39cd97ebaa91e780d50ee7ad9df96e537e2e63e727d1d93187ac7130a
                                                                              • Opcode Fuzzy Hash: ae8820505454afb2c4dbda9d98820f600b461d38d1dc6edc1ad5d484576f57d8
                                                                              • Instruction Fuzzy Hash: 9DD0927A655A58EFC610DF49E440D41F7B8FB8DA70B168166EA0893B20C331FC11CAE0
                                                                              Function 009AF878 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(00B70530,00B70530,00000000,7FFFFFFF,?,009AF863,00B70530,00B70530,00000000,00B70530,?,?,?,?,00B70530,00000000), ref: 009AF91E
                                                                              • __alloca_probe_16.LIBCMT ref: 009AF9D9
                                                                              • __alloca_probe_16.LIBCMT ref: 009AFA68
                                                                              • __freea.LIBCMT ref: 009AFAB3
                                                                              • __freea.LIBCMT ref: 009AFAB9
                                                                              • __freea.LIBCMT ref: 009AFAEF
                                                                              • __freea.LIBCMT ref: 009AFAF5
                                                                              • __freea.LIBCMT ref: 009AFB05
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: __freea$__alloca_probe_16$Info
                                                                              • String ID:
                                                                              • API String ID: 127012223-0
                                                                              • Opcode ID: 8b247963671dc457030f398971ed3b4e6c9161701d92ba7c5fd4e74df975e9ba
                                                                              • Instruction ID: 30098e30e494c8bad2174f3113632eeb4d6fe41f97203ac291abca1d767197d7
                                                                              • Opcode Fuzzy Hash: 8b247963671dc457030f398971ed3b4e6c9161701d92ba7c5fd4e74df975e9ba
                                                                              • Instruction Fuzzy Hash: B871A372A002066BDF209BD4CC71BEF77BD9F8B314F294465E959A7282E7359C0087E0
                                                                              Function 009A5C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _ValidateLocalCookies.LIBCMT ref: 009A5CB7
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 009A5CBF
                                                                              • _ValidateLocalCookies.LIBCMT ref: 009A5D48
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 009A5D73
                                                                              • _ValidateLocalCookies.LIBCMT ref: 009A5DC8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                              • String ID: csm
                                                                              • API String ID: 1170836740-1018135373
                                                                              • Opcode ID: 84de25382fdff9bc768f5ef44ec691e27ee6db108f70e7680c5203d6dcd08c45
                                                                              • Instruction ID: 461fd20b615458a13ebcc93630798c4ef1ff6a66eb2ccec7fcca31495f361113
                                                                              • Opcode Fuzzy Hash: 84de25382fdff9bc768f5ef44ec691e27ee6db108f70e7680c5203d6dcd08c45
                                                                              • Instruction Fuzzy Hash: 7441B334A00619EBCF10DF68C888A9EBBB5FF86324F158155E8149B392D731AE41CBD1
                                                                              Function 009A489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 009A48A5
                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 009A48B3
                                                                              • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 009A48C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                              • API String ID: 667068680-1047828073
                                                                              • Opcode ID: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                                              • Instruction ID: b34c87e8097b9f3c3ee6df09a95954731a0815f6fec601da13503c03224605d2
                                                                              • Opcode Fuzzy Hash: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                                              • Instruction Fuzzy Hash: 80D09E316AA620AF8350AF747F0D8DB7EA9EB496B53064216F511E2261DBB44504DB90
                                                                              Function 009A7F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,009A7F40,009A5A6B,009A5180), ref: 009A7F57
                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009A7F65
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009A7F7E
                                                                              • SetLastError.KERNEL32(00000000,009A7F40,009A5A6B,009A5180), ref: 009A7FD0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue___vcrt_
                                                                              • String ID:
                                                                              • API String ID: 3852720340-0
                                                                              • Opcode ID: 3928c1046ab0db9c52f6bc9df5bd9df68d59ddccb5fa94073e3d2cb5f72471e7
                                                                              • Instruction ID: 0347aee122adfd4ccf86276ea0daabdae4a8c1a56758d8923d5243ba4a158e74
                                                                              • Opcode Fuzzy Hash: 3928c1046ab0db9c52f6bc9df5bd9df68d59ddccb5fa94073e3d2cb5f72471e7
                                                                              • Instruction Fuzzy Hash: D701F77251D2127EE61527F4ADCBA67BBACDB877B47200339F410450F0EF114C02A1D0
                                                                              Function 009A87D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator==.LIBVCRUNTIME ref: 009A88F8
                                                                              • CallUnexpected.LIBVCRUNTIME ref: 009A8B71
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CallUnexpectedtype_info::operator==
                                                                              • String ID: csm$csm$csm
                                                                              • API String ID: 2673424686-393685449
                                                                              • Opcode ID: 4a72702d4310071c175c1b7991267e06501531079fc49fc026ef44c3859a9272
                                                                              • Instruction ID: 40b251a1df3fc350a080cf0c510fc48fb691ece20f5d9b8013d5b25cd9ef1f62
                                                                              • Opcode Fuzzy Hash: 4a72702d4310071c175c1b7991267e06501531079fc49fc026ef44c3859a9272
                                                                              • Instruction Fuzzy Hash: F4B16B71800209EFCF18DFA4C881AAFBBB9FF86310F55455AE8116B212DB35DA51CBE1
                                                                              Function 009AC2C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • C:\Users\user\Desktop\drop1.exe, xrefs: 009AC2E0
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: C:\Users\user\Desktop\drop1.exe
                                                                              • API String ID: 0-3875088153
                                                                              • Opcode ID: 0a05f609badd52dc5240a1e9a41d75fea421e49b3c09078c830089d5689ddea5
                                                                              • Instruction ID: 05507d55ab378ad77012b7e0a0c70fbd9d7593f76e689c04475c192514aa4026
                                                                              • Opcode Fuzzy Hash: 0a05f609badd52dc5240a1e9a41d75fea421e49b3c09078c830089d5689ddea5
                                                                              • Instruction Fuzzy Hash: 8C216DB1604205AFDF20AFB5C881A6B77ADAF463687108A15F929EB151DB35EC40CBE1
                                                                              Function 009A6A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,EFF5169C,?,?,00000000,009B1B77,000000FF,?,009A6B21,00000002,?,009A6BBD,009A7DE9), ref: 009A6A95
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009A6AA7
                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,009B1B77,000000FF,?,009A6B21,00000002,?,009A6BBD,009A7DE9), ref: 009A6AC9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                                              • Instruction ID: c90c5b911599311d384dfbf4fb694a9f234e078919072ae645309173d3991b86
                                                                              • Opcode Fuzzy Hash: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                                              • Instruction Fuzzy Hash: B3018431958519EBCB119F80CD05FBEB7BCFB48B64F084625A811A2290DB749804CA84
                                                                              Function 009A46F6 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 009A470A
                                                                              • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4729
                                                                              • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4757
                                                                              • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47B2
                                                                              • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 66001078-0
                                                                              • Opcode ID: 621655cd93056934d67174f84aa8f6b1c5cf74be6eac924badd68353f50ab94e
                                                                              • Instruction ID: 3ca6a88fedcde88c12fcad319cb7f3d8516d2de825da09f77564b99f192a8789
                                                                              • Opcode Fuzzy Hash: 621655cd93056934d67174f84aa8f6b1c5cf74be6eac924badd68353f50ab94e
                                                                              • Instruction Fuzzy Hash: 51414A30910686DFCB20DF69D984AAAB3F9FF87310B504A2AD45697A40D7B4F944CFD1
                                                                              Function 009AD200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748), ref: 009AD20D
                                                                              • GetLastError.KERNEL32(?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748,00000000,?,009A8E2C), ref: 009AD217
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 009AD23F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad$ErrorLast
                                                                              • String ID: api-ms-
                                                                              • API String ID: 3177248105-2084034818
                                                                              • Opcode ID: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                                              • Instruction ID: d79eb59beefabec8c9a5e5fc1b309fdebffbf904ceb2f1ce7c05f0f86d008f97
                                                                              • Opcode Fuzzy Hash: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                                              • Instruction Fuzzy Hash: 75E0D870298204B7DF112F50DC06FA93F6C9B85BA0F140020FD0DE44E1DB71E995D5C0
                                                                              Function 009ADCA8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleOutputCP.KERNEL32(EFF5169C,00000000,00000000,?), ref: 009ADD0B
                                                                                • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 009ADF5D
                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009ADFA3
                                                                              • GetLastError.KERNEL32 ref: 009AE046
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                              • String ID:
                                                                              • API String ID: 2112829910-0
                                                                              • Opcode ID: 71f5ac62476ce1d6fb3d90b754c54030c2f9b189a90062fcebf77ea2fda14e7d
                                                                              • Instruction ID: ab360b0bec38862491303f8b94eb5905db546f83b05f4926d5eec648f4170ce5
                                                                              • Opcode Fuzzy Hash: 71f5ac62476ce1d6fb3d90b754c54030c2f9b189a90062fcebf77ea2fda14e7d
                                                                              • Instruction Fuzzy Hash: 20D1AF75D042589FCF14CFA8C9809EDBBB9FF4A314F28452AE416EB751D730A942CB90
                                                                              Function 009A8500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AdjustPointer
                                                                              • String ID:
                                                                              • API String ID: 1740715915-0
                                                                              • Opcode ID: 9f4434b05531692d1851ead5088034e89c00f9ec6c880990a3e6f45d73c0a6e9
                                                                              • Instruction ID: 64eb0d958b18bc1c6ef1e9a5ab8750c24b95537435cdfc67330fac35c1d6284f
                                                                              • Opcode Fuzzy Hash: 9f4434b05531692d1851ead5088034e89c00f9ec6c880990a3e6f45d73c0a6e9
                                                                              • Instruction Fuzzy Hash: AB51E272A05606AFEB298F54D941BBB77A8FF46310F15456DEC02972A1EB31EC50CBD0
                                                                              Function 009ABD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                                              • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,009AC0CE,?,?,?,00000000), ref: 009ABD8C
                                                                              • __dosmaperr.LIBCMT ref: 009ABD93
                                                                              • GetLastError.KERNEL32(00000000,009AC0CE,?,?,00000000,?,?,?,00000000,00000000,?,009AC0CE,?,?,?,00000000), ref: 009ABDCD
                                                                              • __dosmaperr.LIBCMT ref: 009ABDD4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 1913693674-0
                                                                              • Opcode ID: f05f385384b0de71ebd2d610496399c1b4d85874f241a30bfc415241a960314e
                                                                              • Instruction ID: eccb56bab440cbaf77b51c30396320524af657333288217487c52a5cea59894d
                                                                              • Opcode Fuzzy Hash: f05f385384b0de71ebd2d610496399c1b4d85874f241a30bfc415241a960314e
                                                                              • Instruction Fuzzy Hash: AF21A4B1600206BFDB20AF66C881E6BB7ADFF463687118919F81997192D734EC40DBD1
                                                                              Function 009AC99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 009AC9A5
                                                                                • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9DD
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 158306478-0
                                                                              • Opcode ID: af4c3897fe8b515ce2c431340ef3e668c8ac88aa3d17d6eda54dc436fcfdd1e6
                                                                              • Instruction ID: 349e1d20f2aeed0942e84ce737000675205ba597ec21927584cdadd0c8e2ab8b
                                                                              • Opcode Fuzzy Hash: af4c3897fe8b515ce2c431340ef3e668c8ac88aa3d17d6eda54dc436fcfdd1e6
                                                                              • Instruction Fuzzy Hash: F31104F5915219BF6611A7B59C8DCBF695CDEDB3A43110124F401E9200EA28CD0291F1
                                                                              Function 009A1E00 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E2D
                                                                              • GetCurrentThreadId.KERNEL32 ref: 009A1E3B
                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E54
                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E93
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 2261580123-0
                                                                              • Opcode ID: d712e8c894e125d99cee007e307dbcadc6ddf9f1cbb911202c22b7d4c8661dc4
                                                                              • Instruction ID: e28c2aeaaf5c3a040c85ecc6c965378effdf32fa309211f74cfd85a1637c5f8b
                                                                              • Opcode Fuzzy Hash: d712e8c894e125d99cee007e307dbcadc6ddf9f1cbb911202c22b7d4c8661dc4
                                                                              • Instruction Fuzzy Hash: 3121E4B0E042098FCB04EFA8C5857AEBBF5EF89300F11845DE849AB351D7389A41CF91
                                                                              Function 009AFD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000), ref: 009AFD17
                                                                              • GetLastError.KERNEL32(?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?,?,009AD9E0,00000000), ref: 009AFD23
                                                                                • Part of subcall function 009AFD74: CloseHandle.KERNEL32(FFFFFFFE,009AFD33,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?), ref: 009AFD84
                                                                              • ___initconout.LIBCMT ref: 009AFD33
                                                                                • Part of subcall function 009AFD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009AFCF1,009AF48E,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD68
                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD48
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                              • String ID:
                                                                              • API String ID: 2744216297-0
                                                                              • Opcode ID: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                                              • Instruction ID: d5653beaa3dc4be1b3262693e083b589b4e8550667f4f386525d479a7ba7cda1
                                                                              • Opcode Fuzzy Hash: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                                              • Instruction Fuzzy Hash: C0F01C36414116BBCF232FD1DD08A8A3F6AFB493B1B004220FA0985570DB32C860EBD1
                                                                              Function 009A4F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 009A4F13
                                                                              • GetCurrentThreadId.KERNEL32 ref: 009A4F22
                                                                              • GetCurrentProcessId.KERNEL32 ref: 009A4F2B
                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 009A4F38
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                              • String ID:
                                                                              • API String ID: 2933794660-0
                                                                              • Opcode ID: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                                              • Instruction ID: 249e697ac7c80175cdc73755d8fdc4735cdd91e78fe27fa41fa217d7d6f19e67
                                                                              • Opcode Fuzzy Hash: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                                              • Instruction Fuzzy Hash: 9CF06774D1420DEBCB00EBB4DA49ADFB7F8FF1D254B514A95A412E7110EB30A748EB51
                                                                              Function 009A8BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,009A8AFE,?,?,00000000,00000000,00000000,?), ref: 009A8C22
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: EncodePointer
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 2118026453-2084237596
                                                                              • Opcode ID: 506913a0be1e3cf64139a302bef5eee10b0f706d4473a170e38788dee1134567
                                                                              • Instruction ID: 390a7c09216b659692ea9dda0a0bb16a51e3ea6b253e92099ff5ed3820b8f932
                                                                              • Opcode Fuzzy Hash: 506913a0be1e3cf64139a302bef5eee10b0f706d4473a170e38788dee1134567
                                                                              • Instruction Fuzzy Hash: 8A41AB71900209AFCF15CF94CD81AEEBBBAFF49310F144168F90467291D7359A50CFA0
                                                                              Function 009A8469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 009A86E0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1671436384.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1671419234.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671459949.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671508297.00000000009BA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671571670.00000000009BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671605135.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1671628002.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ___except_validate_context_record
                                                                              • String ID: csm$csm
                                                                              • API String ID: 3493665558-3733052814
                                                                              • Opcode ID: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                                              • Instruction ID: e5eb7fef57c388b1591a1162c3e1c9b1a461c8bec64cc51ab6a3ef1869e36f37
                                                                              • Opcode Fuzzy Hash: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                                              • Instruction Fuzzy Hash: 7831C436400219DFCF268F50CC449ABBBAAFF4A365B38455AF85449221DB36CCA1DFD1

                                                                              Execution Graph

                                                                              Execution Coverage:10%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:1.6%
                                                                              Total number of Nodes:1703
                                                                              Total number of Limit Nodes:90
                                                                              execution_graph 55895 49c50a 55896 49c52f 55895->55896 55897 49c517 55895->55897 55901 49c58e 55896->55901 55909 49c527 55896->55909 55954 49e8bd 14 API calls 2 library calls 55896->55954 55952 4950d4 14 API calls __dosmaperr 55897->55952 55899 49c51c 55953 497d29 41 API calls _strftime 55899->55953 55915 498cea 55901->55915 55904 49c5a7 55922 49edf5 55904->55922 55907 498cea __fread_nolock 41 API calls 55908 49c5e0 55907->55908 55908->55909 55910 498cea __fread_nolock 41 API calls 55908->55910 55911 49c5ee 55910->55911 55911->55909 55912 498cea __fread_nolock 41 API calls 55911->55912 55913 49c5fc 55912->55913 55914 498cea __fread_nolock 41 API calls 55913->55914 55914->55909 55916 498d0b 55915->55916 55917 498cf6 55915->55917 55916->55904 55955 4950d4 14 API calls __dosmaperr 55917->55955 55919 498cfb 55956 497d29 41 API calls _strftime 55919->55956 55921 498d06 55921->55904 55923 49ee01 __FrameHandler3::FrameUnwindToState 55922->55923 55924 49ee09 55923->55924 55929 49ee24 55923->55929 56023 4950c1 14 API calls __dosmaperr 55924->56023 55926 49ee0e 56024 4950d4 14 API calls __dosmaperr 55926->56024 55928 49ee3b 56025 4950c1 14 API calls __dosmaperr 55928->56025 55929->55928 55930 49ee76 55929->55930 55932 49ee7f 55930->55932 55933 49ee94 55930->55933 56028 4950c1 14 API calls __dosmaperr 55932->56028 55957 4a2e7b EnterCriticalSection 55933->55957 55934 49ee40 56026 4950d4 14 API calls __dosmaperr 55934->56026 55938 49ee84 56029 4950d4 14 API calls __dosmaperr 55938->56029 55939 49ee9a 55942 49eeb9 55939->55942 55943 49eece 55939->55943 55940 49ee48 56027 497d29 41 API calls _strftime 55940->56027 56030 4950d4 14 API calls __dosmaperr 55942->56030 55958 49ef0e 55943->55958 55947 49eec9 56032 49ef06 LeaveCriticalSection __wsopen_s 55947->56032 55948 49eebe 56031 4950c1 14 API calls __dosmaperr 55948->56031 55951 49c5af 55951->55907 55951->55909 55952->55899 55953->55909 55954->55901 55955->55919 55956->55921 55957->55939 55959 49ef38 55958->55959 55960 49ef20 55958->55960 55962 49f27a 55959->55962 55967 49ef7b 55959->55967 56042 4950c1 14 API calls __dosmaperr 55960->56042 56064 4950c1 14 API calls __dosmaperr 55962->56064 55963 49ef25 56043 4950d4 14 API calls __dosmaperr 55963->56043 55966 49f27f 56065 4950d4 14 API calls __dosmaperr 55966->56065 55968 49ef2d 55967->55968 55970 49ef86 55967->55970 55975 49efb6 55967->55975 55968->55947 56044 4950c1 14 API calls __dosmaperr 55970->56044 55971 49ef93 56066 497d29 41 API calls _strftime 55971->56066 55973 49ef8b 56045 4950d4 14 API calls __dosmaperr 55973->56045 55977 49efcf 55975->55977 55978 49efdc 55975->55978 55980 49f00a 55975->55980 55977->55978 55979 49eff8 55977->55979 56046 4950c1 14 API calls __dosmaperr 55978->56046 56033 4a652f 55979->56033 56049 49d15a 15 API calls 3 library calls 55980->56049 55983 49efe1 56047 4950d4 14 API calls __dosmaperr 55983->56047 55984 49f01b 56050 49c0bd 55984->56050 55988 49efe8 56048 497d29 41 API calls _strftime 55988->56048 55989 49f156 55992 49f1ca 55989->55992 55993 49f16f GetConsoleMode 55989->55993 55995 49f1ce ReadFile 55992->55995 55993->55992 55996 49f180 55993->55996 55994 49c0bd __freea 14 API calls 55997 49f02b 55994->55997 55998 49f242 GetLastError 55995->55998 55999 49f1e6 55995->55999 55996->55995 56000 49f186 ReadConsoleW 55996->56000 56001 49f050 55997->56001 56002 49f035 55997->56002 56003 49f24f 55998->56003 56004 49f1a6 55998->56004 55999->55998 56005 49f1bf 55999->56005 56000->56005 56007 49f1a0 GetLastError 56000->56007 56058 49f49f 43 API calls 2 library calls 56001->56058 56056 4950d4 14 API calls __dosmaperr 56002->56056 56062 4950d4 14 API calls __dosmaperr 56003->56062 56020 49eff3 __fread_nolock 56004->56020 56059 49507a 14 API calls __dosmaperr 56004->56059 56015 49f20b 56005->56015 56016 49f222 56005->56016 56005->56020 56007->56004 56008 49c0bd __freea 14 API calls 56008->55968 56011 49f254 56063 4950c1 14 API calls __dosmaperr 56011->56063 56013 49f03a 56057 4950c1 14 API calls __dosmaperr 56013->56057 56060 49ec20 46 API calls 4 library calls 56015->56060 56019 49f23b 56016->56019 56016->56020 56061 49ea66 44 API calls __wsopen_s 56019->56061 56020->56008 56022 49f240 56022->56020 56023->55926 56024->55951 56025->55934 56026->55940 56027->55951 56028->55938 56029->55940 56030->55948 56031->55947 56032->55951 56034 4a6549 56033->56034 56035 4a653c 56033->56035 56039 4a6555 56034->56039 56068 4950d4 14 API calls __dosmaperr 56034->56068 56067 4950d4 14 API calls __dosmaperr 56035->56067 56038 4a6541 56038->55989 56039->55989 56040 4a6576 56069 497d29 41 API calls _strftime 56040->56069 56042->55963 56043->55968 56044->55973 56045->55971 56046->55983 56047->55988 56048->56020 56049->55984 56051 49c0c8 RtlFreeHeap 56050->56051 56055 49c0f2 56050->56055 56052 49c0dd GetLastError 56051->56052 56051->56055 56053 49c0ea __dosmaperr 56052->56053 56070 4950d4 14 API calls __dosmaperr 56053->56070 56055->55994 56056->56013 56057->56020 56058->55979 56059->56020 56060->56020 56061->56022 56062->56011 56063->56020 56064->55966 56065->55971 56066->55968 56067->56038 56068->56040 56069->56038 56070->56055 56071 486f20 GetCurrentHwProfileW 56072 487050 56071->56072 56073 486f94 56071->56073 56099 4517f0 56072->56099 56083 47a340 56073->56083 56076 48704e 56114 4abbf5 56076->56114 56077 486fa2 56078 486ffb 56077->56078 56093 49054d 45 API calls 56077->56093 56094 44d060 56078->56094 56081 48709c 56084 47a3b5 56083->56084 56085 47a394 56083->56085 56121 43fda0 56084->56121 56086 4abbf5 CatchGuardHandler 5 API calls 56085->56086 56088 47a426 56086->56088 56088->56077 56089 47a3e9 56126 47a430 43 API calls CatchGuardHandler 56089->56126 56091 47a3fa 56127 44cfd0 56091->56127 56093->56077 56095 44d08d 56094->56095 56096 44d0a8 std::ios_base::_Ios_base_dtor 56094->56096 56095->56096 56137 497d39 41 API calls 2 library calls 56095->56137 56096->56076 56100 451810 56099->56100 56101 4518bd 56099->56101 56102 451815 _Yarn 56100->56102 56106 451883 56100->56106 56107 45188c 56100->56107 56110 451844 56100->56110 56103 4350b0 41 API calls 56101->56103 56102->56076 56104 4518c2 56103->56104 56152 434f80 41 API calls 2 library calls 56104->56152 56106->56104 56106->56110 56111 4abc08 std::_Facet_Register 41 API calls 56107->56111 56109 451857 56109->56102 56153 497d39 41 API calls 2 library calls 56109->56153 56138 4abc08 56110->56138 56111->56102 56115 4abbfe IsProcessorFeaturePresent 56114->56115 56116 4abbfd 56114->56116 56118 4ac011 56115->56118 56116->56081 56178 4abfd4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 56118->56178 56120 4ac0f4 56120->56081 56122 43fe3f 56121->56122 56125 43fdbf _Yarn 56121->56125 56132 4350b0 56122->56132 56125->56089 56126->56091 56128 44cffd 56127->56128 56129 44d01e std::ios_base::_Ios_base_dtor 56127->56129 56128->56129 56136 497d39 41 API calls 2 library calls 56128->56136 56129->56085 56135 4b9061 41 API calls 2 library calls 56132->56135 56139 4abc0d 56138->56139 56141 4abc27 56139->56141 56143 4abc29 56139->56143 56154 497e9c 56139->56154 56170 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 56139->56170 56141->56109 56144 434f80 Concurrency::cancel_current_task 56143->56144 56145 4abc33 Concurrency::cancel_current_task 56143->56145 56161 4afa0c RaiseException 56144->56161 56171 4afa0c RaiseException 56145->56171 56148 434f9c 56162 4ad3de 56148->56162 56149 4acede 56152->56109 56158 49d15a _strftime 56154->56158 56155 49d198 56173 4950d4 14 API calls __dosmaperr 56155->56173 56156 49d183 RtlAllocateHeap 56156->56158 56159 49d196 56156->56159 56158->56155 56158->56156 56172 4a6cfd EnterCriticalSection LeaveCriticalSection std::_Facet_Register 56158->56172 56159->56139 56161->56148 56163 434ff6 56162->56163 56164 4ad3eb 56162->56164 56163->56109 56164->56163 56164->56164 56165 497e9c ___std_exception_copy 15 API calls 56164->56165 56166 4ad408 56165->56166 56167 4ad418 56166->56167 56174 49826d 41 API calls 2 library calls 56166->56174 56175 497357 56167->56175 56170->56139 56171->56149 56172->56158 56173->56159 56174->56167 56176 49c0bd __freea 14 API calls 56175->56176 56177 49736f 56176->56177 56177->56163 56178->56120 56179 459bad 56275 460ac0 56179->56275 56181 45a514 56403 4540f0 56181->56403 56182 45a057 56182->56181 56184 44d060 41 API calls 56182->56184 56186 45a508 56184->56186 56185 45a523 56187 4abbf5 CatchGuardHandler 5 API calls 56185->56187 56188 44d060 41 API calls 56186->56188 56189 45a53d 56187->56189 56188->56181 56190 455090 43 API calls 56214 459bca 56190->56214 56191 459d7e 56291 455090 56191->56291 56192 459a9e 56196 455090 43 API calls 56192->56196 56194 45a060 56198 4517f0 41 API calls 56194->56198 56195 459fb4 56199 4517f0 41 API calls 56195->56199 56200 4599f3 56196->56200 56203 45a084 56198->56203 56204 459fd8 56199->56204 56209 4517f0 41 API calls 56200->56209 56201 459d92 56305 4632d0 56201->56305 56202 45a1b8 56206 4517f0 41 API calls 56202->56206 56207 4543f0 46 API calls 56203->56207 56318 4543f0 56204->56318 56211 45a1dc 56206->56211 56212 45a09c 56207->56212 56215 45a47a 56209->56215 56210 459da8 56216 455090 43 API calls 56210->56216 56217 4543f0 46 API calls 56211->56217 56218 459790 41 API calls 56212->56218 56214->56182 56214->56190 56214->56191 56214->56192 56214->56194 56214->56195 56219 45c700 41 API calls 56214->56219 56221 4543f0 46 API calls 56215->56221 56222 459db8 56216->56222 56223 45a1f4 56217->56223 56224 45a0c1 56218->56224 56219->56214 56226 45a492 56221->56226 56227 459dc4 56222->56227 56228 45a10c 56222->56228 56229 459790 41 API calls 56223->56229 56230 454730 46 API calls 56224->56230 56234 459790 41 API calls 56226->56234 56235 455090 43 API calls 56227->56235 56233 4517f0 41 API calls 56228->56233 56236 45a219 56229->56236 56237 45a0d6 56230->56237 56240 45a130 56233->56240 56241 45a4b7 56234->56241 56235->56200 56242 454730 46 API calls 56236->56242 56238 45a590 41 API calls 56237->56238 56243 45a0e5 56238->56243 56245 4543f0 46 API calls 56240->56245 56246 454730 46 API calls 56241->56246 56247 45a22e 56242->56247 56248 44d060 41 API calls 56243->56248 56250 45a148 56245->56250 56251 45a4cc 56246->56251 56252 45a590 41 API calls 56247->56252 56253 45a0f4 56248->56253 56249 44d060 41 API calls 56254 45a048 56249->56254 56255 459790 41 API calls 56250->56255 56256 45a590 41 API calls 56251->56256 56257 45a23d 56252->56257 56259 438d50 14 API calls 56253->56259 56398 438d50 56254->56398 56261 45a16d 56255->56261 56262 45a4db 56256->56262 56258 44d060 41 API calls 56257->56258 56263 45a24c 56258->56263 56259->56182 56264 454730 46 API calls 56261->56264 56265 44d060 41 API calls 56262->56265 56266 438d50 14 API calls 56263->56266 56267 45a182 56264->56267 56268 45a4ea 56265->56268 56266->56182 56270 45a590 41 API calls 56267->56270 56269 438d50 14 API calls 56268->56269 56269->56182 56271 45a191 56270->56271 56272 44d060 41 API calls 56271->56272 56273 45a1a0 56272->56273 56274 438d50 14 API calls 56273->56274 56274->56182 56276 460b97 56275->56276 56277 460b0c 56275->56277 56278 460c12 56276->56278 56279 460b9f 56276->56279 56408 44d3b0 56277->56408 56283 44d3b0 41 API calls 56278->56283 56281 460bf0 56279->56281 56282 460bb0 56279->56282 56441 468060 41 API calls 2 library calls 56281->56441 56285 44d3b0 41 API calls 56282->56285 56287 460c42 56283->56287 56289 460b8d 56285->56289 56290 44d3b0 41 API calls 56287->56290 56288 44d3b0 41 API calls 56288->56289 56289->56214 56290->56289 56292 4550aa 56291->56292 56296 4550cb 56291->56296 56459 456790 56292->56459 56293 456790 43 API calls 56293->56296 56296->56293 56299 4550d2 56296->56299 56304 455124 56296->56304 56297 456790 43 API calls 56298 4550bd 56297->56298 56298->56299 56300 456790 43 API calls 56298->56300 56301 4abbf5 CatchGuardHandler 5 API calls 56299->56301 56300->56296 56302 4553ab 56301->56302 56302->56201 56302->56202 56303 456790 43 API calls 56303->56304 56304->56299 56304->56303 56312 46330e 56305->56312 56306 46336e 56309 4abc08 std::_Facet_Register 41 API calls 56306->56309 56307 46341a 56624 4351b0 41 API calls 56307->56624 56311 46338f 56309->56311 56585 44bad0 56311->56585 56312->56306 56312->56307 56314 463342 56312->56314 56314->56210 56315 4633ae 56601 44ca70 56315->56601 56317 4633c5 56317->56210 56319 4517f0 41 API calls 56318->56319 56320 454470 56319->56320 56321 4544b3 56320->56321 56634 457160 41 API calls 56320->56634 56322 4544c0 56321->56322 56640 4520f0 56321->56640 56328 4544ff 56322->56328 56332 454559 56322->56332 56325 454499 56635 44b9d0 56325->56635 56327 4544a7 56329 44d060 41 API calls 56327->56329 56330 454730 46 API calls 56328->56330 56329->56321 56331 45450f 56330->56331 56655 45a6d0 41 API calls 56331->56655 56332->56332 56335 4545bc 56332->56335 56656 4516d0 56332->56656 56334 454532 56336 44b9d0 41 API calls 56334->56336 56340 4520f0 41 API calls 56335->56340 56341 4545d2 _Yarn 56335->56341 56338 454541 56336->56338 56339 44d060 41 API calls 56338->56339 56342 45454d 56339->56342 56340->56341 56671 44b960 56341->56671 56345 44d060 41 API calls 56342->56345 56344 45460a 56346 44b9d0 41 API calls 56344->56346 56348 45462f 56345->56348 56346->56342 56347 45470c 56358 459790 56347->56358 56348->56347 56349 4516d0 41 API calls 56348->56349 56351 45469e 56348->56351 56349->56351 56350 4520f0 41 API calls 56352 4546b4 _Yarn 56350->56352 56351->56350 56351->56352 56353 44b960 41 API calls 56352->56353 56354 4546ef 56353->56354 56355 44b9d0 41 API calls 56354->56355 56356 4546fa 56355->56356 56357 44d060 41 API calls 56356->56357 56357->56347 56359 459817 56358->56359 56360 4517f0 41 API calls 56358->56360 56680 438b10 56359->56680 56360->56359 56363 4517f0 41 API calls 56364 459855 56363->56364 56699 438780 56364->56699 56369 44d060 41 API calls 56370 459894 56369->56370 56371 44d060 41 API calls 56370->56371 56372 4598a0 56371->56372 56373 44d060 41 API calls 56372->56373 56374 4598af 56373->56374 56375 44d060 41 API calls 56374->56375 56376 4598c9 56375->56376 56735 4386d0 56376->56735 56379 44d060 41 API calls 56380 45990a 56379->56380 56381 4abbf5 CatchGuardHandler 5 API calls 56380->56381 56382 459924 56381->56382 56383 454730 56382->56383 56384 454833 56383->56384 56389 4547c2 56383->56389 56385 4abbf5 CatchGuardHandler 5 API calls 56384->56385 56386 45484c 56385->56386 56391 45a590 56386->56391 56388 451e50 41 API calls 56388->56389 56389->56384 56389->56388 56390 44b960 41 API calls 56389->56390 56746 434bc0 46 API calls 56389->56746 56390->56389 56392 45a039 56391->56392 56393 45a5a8 56391->56393 56392->56249 56747 44d1a0 41 API calls 56393->56747 56395 45a5b3 56748 4afa0c RaiseException 56395->56748 56397 45a5c1 56749 4ad441 56398->56749 56401 4ad441 ___std_exception_destroy 14 API calls 56402 438db1 56401->56402 56402->56182 56404 45411b 56403->56404 56405 45413b std::ios_base::_Ios_base_dtor 56403->56405 56404->56405 56753 497d39 41 API calls 2 library calls 56404->56753 56405->56185 56409 44d3fb 56408->56409 56411 44d495 56409->56411 56412 44d43f 56409->56412 56416 44d5f6 56409->56416 56436 44d633 std::ios_base::_Ios_base_dtor 56409->56436 56410 4abbf5 CatchGuardHandler 5 API calls 56413 44d694 56410->56413 56415 44d69d 56411->56415 56417 44d4aa 56411->56417 56427 44d4b6 56411->56427 56414 44d463 56412->56414 56412->56415 56435 44d46f 56412->56435 56413->56288 56442 452540 41 API calls 2 library calls 56414->56442 56457 449730 41 API calls 56415->56457 56421 44d655 56416->56421 56422 44d660 56416->56422 56423 44d61a 56416->56423 56424 44d64a 56416->56424 56416->56436 56444 452540 41 API calls 2 library calls 56417->56444 56420 44d5e4 56447 44de70 41 API calls std::ios_base::_Ios_base_dtor 56420->56447 56432 44d060 41 API calls 56421->56432 56450 454ec0 56422->56450 56448 452630 41 API calls std::ios_base::_Ios_base_dtor 56423->56448 56449 44de70 41 API calls std::ios_base::_Ios_base_dtor 56424->56449 56440 44d490 56427->56440 56445 451c60 41 API calls 56427->56445 56432->56436 56435->56440 56443 451c60 41 API calls 56435->56443 56436->56410 56437 44aa40 41 API calls 56437->56440 56438 451c60 41 API calls 56438->56440 56440->56420 56440->56437 56440->56438 56446 452630 41 API calls std::ios_base::_Ios_base_dtor 56440->56446 56441->56289 56442->56435 56443->56435 56444->56427 56445->56427 56446->56440 56447->56416 56448->56436 56449->56436 56451 454eeb 56450->56451 56452 454f08 std::ios_base::_Ios_base_dtor 56450->56452 56451->56452 56458 497d39 41 API calls 2 library calls 56451->56458 56452->56436 56460 4567ac 56459->56460 56462 4567a6 56459->56462 56463 4567c0 56460->56463 56467 449e50 56460->56467 56461 4550af 56461->56296 56461->56297 56462->56461 56483 460310 56462->56483 56463->56462 56517 436640 56463->56517 56468 449e88 56467->56468 56470 449ef4 56468->56470 56471 449edc 56468->56471 56475 449e93 56468->56475 56469 4abbf5 CatchGuardHandler 5 API calls 56473 44a052 56469->56473 56472 494a65 43 API calls 56470->56472 56526 494a65 56471->56526 56481 449f2a _Yarn 56472->56481 56473->56463 56475->56469 56476 44a027 56477 44d060 41 API calls 56476->56477 56477->56475 56479 44a06b 56479->56476 56561 497466 43 API calls 4 library calls 56479->56561 56481->56476 56481->56479 56482 494a65 43 API calls 56481->56482 56546 451e50 56481->56546 56482->56481 56484 4604af 56483->56484 56485 46035f 56483->56485 56579 449730 41 API calls 56484->56579 56487 460379 56485->56487 56491 4603d4 56485->56491 56492 4603c4 56485->56492 56495 46038c _Yarn 56485->56495 56490 4abc08 std::_Facet_Register 41 API calls 56487->56490 56488 4604b4 56580 434f80 41 API calls 2 library calls 56488->56580 56490->56495 56493 4abc08 std::_Facet_Register 41 API calls 56491->56493 56492->56487 56492->56488 56493->56495 56498 460463 std::ios_base::_Ios_base_dtor 56495->56498 56581 497d39 41 API calls 2 library calls 56495->56581 56498->56461 56518 436662 56517->56518 56519 43665a 56517->56519 56518->56462 56521 436672 56519->56521 56582 4afa0c RaiseException 56519->56582 56583 436560 41 API calls 56521->56583 56523 4366a8 56584 4afa0c RaiseException 56523->56584 56525 4366b7 std::ios_base::_Ios_base_dtor 56525->56462 56527 494a71 __FrameHandler3::FrameUnwindToState 56526->56527 56528 494a7b 56527->56528 56529 494a93 56527->56529 56570 4950d4 14 API calls __dosmaperr 56528->56570 56562 494ce8 EnterCriticalSection 56529->56562 56532 494a80 56571 497d29 41 API calls _strftime 56532->56571 56533 494a9e 56535 498cea __fread_nolock 41 API calls 56533->56535 56538 494ab6 56533->56538 56535->56538 56536 494b1e 56572 4950d4 14 API calls __dosmaperr 56536->56572 56537 494b46 56563 494a29 56537->56563 56538->56536 56538->56537 56541 494b23 56573 497d29 41 API calls _strftime 56541->56573 56542 494b4c 56574 494b76 LeaveCriticalSection __fread_nolock 56542->56574 56545 494a8b 56545->56475 56547 451f7a 56546->56547 56552 451e74 56546->56552 56548 4350b0 41 API calls 56547->56548 56550 451f7f 56548->56550 56549 451e8a 56555 4abc08 std::_Facet_Register 41 API calls 56549->56555 56577 434f80 41 API calls 2 library calls 56550->56577 56552->56549 56553 451ee8 56552->56553 56554 451edb 56552->56554 56558 451e9a _Yarn 56552->56558 56556 4abc08 std::_Facet_Register 41 API calls 56553->56556 56554->56549 56554->56550 56555->56558 56556->56558 56560 451f3c std::ios_base::_Ios_base_dtor _Yarn 56558->56560 56578 497d39 41 API calls 2 library calls 56558->56578 56560->56481 56561->56479 56562->56533 56564 494a35 56563->56564 56568 494a4a __fread_nolock 56563->56568 56575 4950d4 14 API calls __dosmaperr 56564->56575 56566 494a3a 56576 497d29 41 API calls _strftime 56566->56576 56568->56542 56569 494a45 56569->56542 56570->56532 56571->56545 56572->56541 56573->56545 56574->56545 56575->56566 56576->56569 56577->56558 56580->56495 56582->56521 56583->56523 56584->56525 56586 44bafc 56585->56586 56587 44bbae 56586->56587 56588 44bb0d 56586->56588 56589 4350b0 41 API calls 56587->56589 56590 44bb3a 56588->56590 56592 44bb12 _Yarn 56588->56592 56594 44bb82 56588->56594 56595 44bb79 56588->56595 56591 44bbb3 56589->56591 56596 4abc08 std::_Facet_Register 41 API calls 56590->56596 56625 434f80 41 API calls 2 library calls 56591->56625 56592->56315 56598 4abc08 std::_Facet_Register 41 API calls 56594->56598 56595->56590 56595->56591 56597 44bb4d 56596->56597 56597->56592 56626 497d39 41 API calls 2 library calls 56597->56626 56598->56592 56602 44cc1d 56601->56602 56603 44cabf 56601->56603 56608 44cc2b 56602->56608 56615 44cacb 56602->56615 56603->56602 56604 44cb35 56603->56604 56605 44cac6 56603->56605 56606 44cacd 56603->56606 56607 44cb8d 56603->56607 56603->56615 56614 4abc08 std::_Facet_Register 41 API calls 56604->56614 56627 451310 41 API calls 2 library calls 56605->56627 56611 4abc08 std::_Facet_Register 41 API calls 56606->56611 56610 4abc08 std::_Facet_Register 41 API calls 56607->56610 56628 44ba90 56608->56628 56610->56615 56611->56615 56612 4abbf5 CatchGuardHandler 5 API calls 56616 44cb2c 56612->56616 56618 44cb44 56614->56618 56615->56612 56616->56317 56619 4517f0 41 API calls 56618->56619 56619->56615 56621 44cc4c 56633 4afa0c RaiseException 56621->56633 56623 44cc5d 56625->56597 56627->56615 56629 44bab3 56628->56629 56629->56629 56630 4517f0 41 API calls 56629->56630 56631 44bac5 56630->56631 56632 451b00 41 API calls CatchGuardHandler 56631->56632 56632->56621 56633->56623 56634->56325 56636 44b9e4 56635->56636 56637 4520f0 41 API calls 56636->56637 56639 44b9f4 _Yarn 56636->56639 56638 44ba36 56637->56638 56638->56327 56639->56327 56641 452238 56640->56641 56645 45211b 56640->56645 56642 4350b0 41 API calls 56641->56642 56643 45223d 56642->56643 56676 434f80 41 API calls 2 library calls 56643->56676 56647 452181 56645->56647 56648 45218e 56645->56648 56651 452130 56645->56651 56652 452140 _Yarn 56645->56652 56646 4abc08 std::_Facet_Register 41 API calls 56646->56652 56647->56643 56647->56651 56649 4abc08 std::_Facet_Register 41 API calls 56648->56649 56649->56652 56651->56646 56654 4521f6 std::ios_base::_Ios_base_dtor _Yarn 56652->56654 56677 497d39 41 API calls 2 library calls 56652->56677 56654->56322 56655->56334 56657 4517da 56656->56657 56661 4516f5 56656->56661 56658 4350b0 41 API calls 56657->56658 56659 4517df 56658->56659 56678 434f80 41 API calls 2 library calls 56659->56678 56662 451763 56661->56662 56663 45175a 56661->56663 56665 451709 56661->56665 56669 451719 _Yarn 56661->56669 56666 4abc08 std::_Facet_Register 41 API calls 56662->56666 56663->56659 56663->56665 56664 4abc08 std::_Facet_Register 41 API calls 56664->56669 56665->56664 56666->56669 56670 4517aa std::ios_base::_Ios_base_dtor _Yarn 56669->56670 56679 497d39 41 API calls 2 library calls 56669->56679 56670->56335 56672 44b970 56671->56672 56672->56672 56673 4520f0 41 API calls 56672->56673 56675 44b987 _Yarn 56672->56675 56674 44b9be 56673->56674 56674->56344 56675->56344 56676->56652 56678->56669 56740 4350c0 56680->56740 56683 4350c0 41 API calls 56684 438b7d 56683->56684 56685 438bce 56684->56685 56686 4516d0 41 API calls 56684->56686 56687 4520f0 41 API calls 56685->56687 56688 438bdd _Yarn 56685->56688 56686->56685 56687->56688 56689 44b9d0 41 API calls 56688->56689 56690 438c20 56689->56690 56691 4520f0 41 API calls 56690->56691 56692 438c2f _Yarn 56690->56692 56691->56692 56693 44b9d0 41 API calls 56692->56693 56694 438c74 56693->56694 56695 44d060 41 API calls 56694->56695 56696 438c9b 56695->56696 56697 44d060 41 API calls 56696->56697 56698 438ca7 56697->56698 56698->56363 56700 4387e1 56699->56700 56701 4517f0 41 API calls 56700->56701 56703 438869 56700->56703 56701->56703 56702 4388f8 56705 4520f0 41 API calls 56702->56705 56706 43890c _Yarn 56702->56706 56703->56702 56704 4516d0 41 API calls 56703->56704 56704->56702 56705->56706 56707 44b9d0 41 API calls 56706->56707 56708 43893d 56707->56708 56709 438947 56708->56709 56710 451e50 41 API calls 56708->56710 56711 44b9d0 41 API calls 56709->56711 56710->56709 56712 438977 56711->56712 56713 438986 56712->56713 56714 4520f0 41 API calls 56712->56714 56715 44d060 41 API calls 56713->56715 56714->56713 56716 4389dd 56715->56716 56717 4abbf5 CatchGuardHandler 5 API calls 56716->56717 56718 4389f6 56717->56718 56719 4582b0 56718->56719 56720 458341 56719->56720 56723 458351 56719->56723 56721 4516d0 41 API calls 56720->56721 56721->56723 56722 44b9d0 41 API calls 56724 45835e 56722->56724 56723->56722 56725 44b960 41 API calls 56724->56725 56726 45836a 56725->56726 56727 44b9d0 41 API calls 56726->56727 56728 458374 56727->56728 56729 44b960 41 API calls 56728->56729 56730 458380 56729->56730 56731 44b9d0 41 API calls 56730->56731 56732 45838a 56731->56732 56733 44b9d0 41 API calls 56732->56733 56734 458394 56733->56734 56734->56369 56736 4ad3de ___std_exception_copy 41 API calls 56735->56736 56737 43874a 56736->56737 56738 4abbf5 CatchGuardHandler 5 API calls 56737->56738 56739 438777 56738->56739 56739->56379 56741 435106 56740->56741 56741->56741 56742 435148 56741->56742 56743 4517f0 41 API calls 56741->56743 56744 4abbf5 CatchGuardHandler 5 API calls 56742->56744 56743->56742 56745 4351a4 56744->56745 56745->56683 56746->56389 56747->56395 56748->56397 56750 4ad44e 56749->56750 56751 438d9b 56749->56751 56752 497357 ___std_exception_destroy 14 API calls 56750->56752 56751->56401 56752->56751 56754 455e8e 56755 456790 43 API calls 56754->56755 56756 455e95 56755->56756 56757 456045 56756->56757 56758 455f97 56756->56758 56759 455fd1 56756->56759 56760 455f23 56756->56760 56761 455f5d 56756->56761 56762 455eaf 56756->56762 56763 45607f 56756->56763 56764 455ee9 56756->56764 56765 45600b 56756->56765 56781 455e51 56756->56781 56766 455e4a 56757->56766 56778 451e50 41 API calls 56757->56778 56758->56766 56771 451e50 41 API calls 56758->56771 56759->56766 56773 451e50 41 API calls 56759->56773 56760->56766 56776 451e50 41 API calls 56760->56776 56761->56766 56769 451e50 41 API calls 56761->56769 56762->56766 56772 451e50 41 API calls 56762->56772 56804 456920 43 API calls CatchGuardHandler 56763->56804 56764->56766 56774 451e50 41 API calls 56764->56774 56765->56766 56775 451e50 41 API calls 56765->56775 56780 456790 43 API calls 56766->56780 56767 4abbf5 CatchGuardHandler 5 API calls 56777 456432 56767->56777 56769->56766 56770 456086 56779 4560c7 56770->56779 56770->56781 56782 456790 43 API calls 56770->56782 56771->56766 56772->56766 56773->56766 56774->56766 56775->56766 56776->56766 56778->56766 56779->56781 56783 45610f 56779->56783 56787 45611c 56779->56787 56780->56781 56781->56767 56784 4560a7 56782->56784 56806 456740 41 API calls 56783->56806 56784->56781 56788 456790 43 API calls 56784->56788 56786 456131 56812 456740 41 API calls 56786->56812 56787->56786 56789 456180 56787->56789 56790 456159 56787->56790 56792 4560b7 56788->56792 56810 456740 41 API calls 56789->56810 56807 456740 41 API calls 56790->56807 56792->56781 56805 456920 43 API calls CatchGuardHandler 56792->56805 56795 4561b0 56813 456740 41 API calls 56795->56813 56796 456167 56808 456740 41 API calls 56796->56808 56797 45618e 56811 456740 41 API calls 56797->56811 56802 456171 56809 456740 41 API calls 56802->56809 56804->56770 56805->56779 56806->56766 56807->56796 56808->56802 56809->56766 56810->56797 56811->56786 56812->56795 56813->56766 56814 48d6e6 56815 48d6ff 56814->56815 56834 48d6f3 56814->56834 56816 48d709 56815->56816 56830 48d898 56815->56830 56833 48d742 56816->56833 56859 44b8f0 56816->56859 56817 4abbf5 CatchGuardHandler 5 API calls 56819 48e0d0 56817->56819 56818 48d915 56822 48e1c0 46 API calls 56818->56822 56821 48e1c0 46 API calls 56821->56830 56823 48d92a 56822->56823 56825 48d6a0 5 API calls 56823->56825 56824 48d7fa 56828 48e1c0 46 API calls 56824->56828 56825->56834 56826 48d6a0 5 API calls 56826->56830 56829 48d83e 56828->56829 56832 48d6a0 5 API calls 56829->56832 56830->56818 56830->56821 56830->56826 56832->56834 56833->56824 56835 48e1c0 56833->56835 56855 48d6a0 56833->56855 56834->56817 56840 48e212 56835->56840 56844 48e3fa 56835->56844 56836 48e47a 56878 48e550 41 API calls 56836->56878 56839 48e485 56841 4350c0 41 API calls 56839->56841 56840->56836 56846 48e3f4 56840->56846 56865 48e0dc 56840->56865 56870 48e110 56840->56870 56875 434bc0 46 API calls 56840->56875 56842 48e499 56841->56842 56879 48ef40 41 API calls 56842->56879 56844->56833 56845 48e474 56880 4511a0 41 API calls CatchGuardHandler 56845->56880 56846->56844 56876 48e550 41 API calls 56846->56876 56849 48e464 56877 48f020 41 API calls 56849->56877 56850 48e4c0 56881 4afa0c RaiseException 56850->56881 56856 48d6df 56855->56856 56857 4abbf5 CatchGuardHandler 5 API calls 56856->56857 56858 48e0d0 56857->56858 56858->56833 56860 44b912 56859->56860 56861 44b8fe 56859->56861 56862 44b920 __fread_nolock 56860->56862 56882 451f90 56860->56882 56861->56833 56862->56833 56864 44b953 56864->56833 56866 48e103 56865->56866 56869 48e129 _Yarn 56865->56869 56867 4520f0 41 API calls 56866->56867 56866->56869 56868 48e15d 56867->56868 56868->56840 56869->56840 56871 48e150 56870->56871 56874 48e129 _Yarn 56870->56874 56872 4520f0 41 API calls 56871->56872 56873 48e15d 56872->56873 56873->56840 56874->56840 56875->56840 56876->56849 56877->56845 56878->56839 56879->56845 56880->56850 56883 4520d9 56882->56883 56887 451fb5 56882->56887 56884 4350b0 41 API calls 56883->56884 56885 4520de 56884->56885 56897 434f80 41 API calls 2 library calls 56885->56897 56889 452028 56887->56889 56890 45201b 56887->56890 56892 451fca 56887->56892 56895 451fda _Yarn __fread_nolock 56887->56895 56888 4abc08 std::_Facet_Register 41 API calls 56888->56895 56893 4abc08 std::_Facet_Register 41 API calls 56889->56893 56890->56885 56890->56892 56892->56888 56893->56895 56896 452097 std::ios_base::_Ios_base_dtor _Yarn __fread_nolock 56895->56896 56898 497d39 41 API calls 2 library calls 56895->56898 56896->56864 56897->56895 56899 48d95a 56900 48d96a 56899->56900 56901 48d976 56899->56901 56903 4abbf5 CatchGuardHandler 5 API calls 56900->56903 56902 48d980 56901->56902 56910 48daad 56901->56910 56909 44b8f0 41 API calls 56902->56909 56911 48d9b9 56902->56911 56905 48e0d0 56903->56905 56904 48daf5 56907 48d6a0 5 API calls 56904->56907 56906 48da31 56912 48d6a0 5 API calls 56906->56912 56907->56900 56908 48d6a0 5 API calls 56908->56910 56909->56911 56910->56904 56910->56908 56911->56906 56913 48d6a0 5 API calls 56911->56913 56912->56900 56913->56911 56914 49865a 56915 49866a 56914->56915 56916 49867d 56914->56916 56953 4950d4 14 API calls __dosmaperr 56915->56953 56918 49868f 56916->56918 56925 4986a2 56916->56925 56955 4950d4 14 API calls __dosmaperr 56918->56955 56919 49866f 56954 497d29 41 API calls _strftime 56919->56954 56921 4986d3 56945 4a1286 56921->56945 56923 498694 56956 497d29 41 API calls _strftime 56923->56956 56924 4986c2 56957 4950d4 14 API calls __dosmaperr 56924->56957 56925->56921 56925->56924 56931 4986ea 56932 4988e0 56931->56932 56965 4a06a5 56931->56965 56981 497d56 IsProcessorFeaturePresent 56932->56981 56935 4986fc 56935->56932 56972 4a06d1 56935->56972 56936 4988ea 56938 49870e 56938->56932 56939 498717 56938->56939 56940 49879c 56939->56940 56941 498738 56939->56941 56944 498679 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 56940->56944 56980 4a12e3 41 API calls 2 library calls 56940->56980 56941->56944 56979 4a12e3 41 API calls 2 library calls 56941->56979 56946 4a1292 __FrameHandler3::FrameUnwindToState 56945->56946 56947 4986d8 56946->56947 56985 49b2e1 EnterCriticalSection 56946->56985 56958 4a0679 56947->56958 56949 4a12a3 56952 4a12b7 56949->56952 56986 4a11ce 56949->56986 56998 4a12da LeaveCriticalSection std::_Lockit::~_Lockit 56952->56998 56953->56919 56954->56944 56955->56923 56956->56944 56957->56944 56959 4a069a 56958->56959 56960 4a0685 56958->56960 56959->56931 57114 4950d4 14 API calls __dosmaperr 56960->57114 56962 4a068a 57115 497d29 41 API calls _strftime 56962->57115 56964 4a0695 56964->56931 56966 4a06b1 56965->56966 56967 4a06c6 56965->56967 57116 4950d4 14 API calls __dosmaperr 56966->57116 56967->56935 56969 4a06b6 57117 497d29 41 API calls _strftime 56969->57117 56971 4a06c1 56971->56935 56973 4a06dd 56972->56973 56974 4a06f2 56972->56974 57118 4950d4 14 API calls __dosmaperr 56973->57118 56974->56938 56976 4a06e2 57119 497d29 41 API calls _strftime 56976->57119 56978 4a06ed 56978->56938 56979->56944 56980->56944 56982 497d62 56981->56982 57120 497b2d 56982->57120 56985->56949 56999 4a0d24 56986->56999 56989 4a122a 56990 4a1227 56989->56990 57068 4a1074 56989->57068 56994 49c0bd __freea 14 API calls 56990->56994 56992 4a1221 57008 4a0de2 56992->57008 56995 4a1235 56994->56995 56996 4abbf5 CatchGuardHandler 5 API calls 56995->56996 56997 4a1242 56996->56997 56997->56952 56998->56947 57001 4a0d43 _strftime 56999->57001 57000 4a0d4a 57000->56989 57000->56992 57001->57000 57100 49d15a 15 API calls 3 library calls 57001->57100 57003 4a0d64 _strftime 57004 4a0d6b 57003->57004 57006 4a0d8d 57003->57006 57005 49c0bd __freea 14 API calls 57004->57005 57005->57000 57007 49c0bd __freea 14 API calls 57006->57007 57007->57000 57009 4a0df2 _strftime 57008->57009 57010 4a06d1 _strftime 41 API calls 57009->57010 57011 4a0e13 57010->57011 57012 4a1067 57011->57012 57013 4a0679 _strftime 41 API calls 57011->57013 57014 497d56 __Getcoll 11 API calls 57012->57014 57016 4a0e25 57013->57016 57015 4a1073 _strftime 57014->57015 57018 4a06d1 _strftime 41 API calls 57015->57018 57016->57012 57019 4a0e9b 57016->57019 57101 49d15a 15 API calls 3 library calls 57016->57101 57021 4a10a1 57018->57021 57019->56990 57020 4a0e8c 57022 4a0e93 57020->57022 57023 4a0ea1 57020->57023 57026 4a11c3 57021->57026 57028 4a0679 _strftime 41 API calls 57021->57028 57024 49c0bd __freea 14 API calls 57022->57024 57025 49c0bd __freea 14 API calls 57023->57025 57024->57019 57027 4a0eac 57025->57027 57029 497d56 __Getcoll 11 API calls 57026->57029 57102 4a4e67 41 API calls 2 library calls 57027->57102 57030 4a10b3 57028->57030 57031 4a11cd 57029->57031 57030->57026 57034 4a06a5 _strftime 41 API calls 57030->57034 57032 4a0d24 _strftime 15 API calls 57031->57032 57035 4a1207 57032->57035 57037 4a10c5 57034->57037 57038 4a122a 57035->57038 57043 4a1221 57035->57043 57036 4a0ed3 57036->57012 57039 4a0ede __fread_nolock 57036->57039 57037->57026 57040 4a10ce 57037->57040 57041 4a1227 57038->57041 57042 4a1074 _strftime 46 API calls 57038->57042 57103 4a0d9b 47 API calls 6 library calls 57039->57103 57044 49c0bd __freea 14 API calls 57040->57044 57046 49c0bd __freea 14 API calls 57041->57046 57042->57041 57045 4a0de2 _strftime 46 API calls 57043->57045 57047 4a10d9 GetTimeZoneInformation 57044->57047 57045->57041 57048 4a1235 57046->57048 57053 4a10f5 __fread_nolock 57047->57053 57062 4a119d _strftime 57047->57062 57049 4abbf5 CatchGuardHandler 5 API calls 57048->57049 57050 4a1242 57049->57050 57050->56990 57052 4a0f23 57104 4949e3 42 API calls _strftime 57052->57104 57108 4a3e20 41 API calls __Getcoll 57053->57108 57056 4a1178 57109 4a1244 47 API calls 4 library calls 57056->57109 57058 4a1189 57110 4a1244 47 API calls 4 library calls 57058->57110 57060 4a0f57 57061 4a0fe9 57060->57061 57105 4949e3 42 API calls _strftime 57060->57105 57066 4a104b _strftime 57061->57066 57107 4a0d9b 47 API calls 6 library calls 57061->57107 57062->56990 57065 4a0f94 57065->57061 57106 4949e3 42 API calls _strftime 57065->57106 57066->57012 57069 4a1084 _strftime 57068->57069 57070 4a06d1 _strftime 41 API calls 57069->57070 57071 4a10a1 57070->57071 57072 4a11c3 57071->57072 57073 4a0679 _strftime 41 API calls 57071->57073 57074 497d56 __Getcoll 11 API calls 57072->57074 57075 4a10b3 57073->57075 57076 4a11cd 57074->57076 57075->57072 57078 4a06a5 _strftime 41 API calls 57075->57078 57077 4a0d24 _strftime 15 API calls 57076->57077 57079 4a1207 57077->57079 57080 4a10c5 57078->57080 57081 4a122a 57079->57081 57085 4a1221 57079->57085 57080->57072 57082 4a10ce 57080->57082 57083 4a1227 57081->57083 57084 4a1074 _strftime 46 API calls 57081->57084 57086 49c0bd __freea 14 API calls 57082->57086 57088 49c0bd __freea 14 API calls 57083->57088 57084->57083 57087 4a0de2 _strftime 46 API calls 57085->57087 57089 4a10d9 GetTimeZoneInformation 57086->57089 57087->57083 57090 4a1235 57088->57090 57093 4a119d _strftime 57089->57093 57094 4a10f5 __fread_nolock 57089->57094 57091 4abbf5 CatchGuardHandler 5 API calls 57090->57091 57092 4a1242 57091->57092 57092->56990 57093->56990 57111 4a3e20 41 API calls __Getcoll 57094->57111 57096 4a1178 57112 4a1244 47 API calls 4 library calls 57096->57112 57098 4a1189 57113 4a1244 47 API calls 4 library calls 57098->57113 57100->57003 57101->57020 57102->57036 57103->57052 57104->57060 57105->57065 57106->57061 57107->57066 57108->57056 57109->57058 57110->57062 57111->57096 57112->57098 57113->57093 57114->56962 57115->56964 57116->56969 57117->56971 57118->56976 57119->56978 57121 497b49 __fread_nolock __FrameHandler3::FrameUnwindToState 57120->57121 57122 497b75 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 57121->57122 57123 497c46 __FrameHandler3::FrameUnwindToState 57122->57123 57124 4abbf5 CatchGuardHandler 5 API calls 57123->57124 57125 497c64 GetCurrentProcess TerminateProcess 57124->57125 57125->56936 57126 4ac379 57127 4ac385 __FrameHandler3::FrameUnwindToState 57126->57127 57154 4abdc3 57127->57154 57129 4ac38c 57130 4ac4df 57129->57130 57136 4ac3b6 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 57129->57136 57251 4ac6bf 4 API calls 2 library calls 57130->57251 57132 4ac4e6 57244 4a2a0e 57132->57244 57138 4ac3d5 57136->57138 57139 4ac456 57136->57139 57247 4a29e8 41 API calls 3 library calls 57136->57247 57137 4ac4f4 57162 4ac7d4 57139->57162 57155 4abdcc 57154->57155 57253 4aca4b IsProcessorFeaturePresent 57155->57253 57157 4abdd8 57254 4af9d6 10 API calls 2 library calls 57157->57254 57159 4abddd 57160 4abde1 57159->57160 57255 4af9f5 7 API calls 2 library calls 57159->57255 57160->57129 57256 4ade50 57162->57256 57165 4ac45c 57166 4ba53e 57165->57166 57258 4a3a7a 57166->57258 57168 4ac464 57171 47e240 GetCurrentProcess OpenProcessToken 57168->57171 57169 4ba547 57169->57168 57264 4bb09f 41 API calls 57169->57264 57172 47e2b4 GetTokenInformation 57171->57172 57173 47e2d8 57171->57173 57172->57173 57174 47e2f2 CloseHandle 57173->57174 57175 47e2f9 57173->57175 57174->57175 57176 47e337 57175->57176 57177 47e2fd 57175->57177 57267 48cb50 57176->57267 58392 481970 42 API calls 2 library calls 57177->58392 57181 47e308 58393 48aa80 61 API calls CatchGuardHandler 57181->58393 57182 48cb50 10 API calls 57184 47e34b 57182->57184 57277 47ecc0 57184->57277 57185 47e316 57186 47e328 ExitProcess 57185->57186 57189 44d060 41 API calls 57190 47e3fe OpenMutexA 57189->57190 57191 47e426 CreateMutexA 57190->57191 57192 47e41b ExitProcess 57190->57192 57281 479130 57191->57281 60984 4a2800 57244->60984 57247->57139 57251->57132 57252 4a29d2 41 API calls __FrameHandler3::FrameUnwindToState 57252->57137 57253->57157 57254->57159 57255->57160 57257 4ac7e7 GetStartupInfoW 57256->57257 57257->57165 57259 4a3ab5 57258->57259 57260 4a3a83 57258->57260 57259->57169 57265 499362 41 API calls 3 library calls 57260->57265 57262 4a3aa6 57266 4a3885 51 API calls 3 library calls 57262->57266 57264->57169 57265->57262 57266->57259 57268 48cbb0 57267->57268 57268->57268 57269 48cbbb GetCurrentProcess OpenProcessToken 57268->57269 57270 48cc1d 57269->57270 57271 48cbd2 LookupPrivilegeValueW 57269->57271 57273 48cc2d CloseHandle 57270->57273 57274 48cc37 57270->57274 57271->57270 57272 48cbe9 AdjustTokenPrivileges 57271->57272 57272->57270 57273->57274 57275 4abbf5 CatchGuardHandler 5 API calls 57274->57275 57276 47e341 57275->57276 57276->57182 57278 47ed00 57277->57278 57278->57278 58396 4740f0 57278->58396 57280 47e3ec 57280->57189 58402 478d40 57281->58402 57284 4517f0 41 API calls 57285 479249 57284->57285 57286 4517f0 41 API calls 57285->57286 57287 47930d 57286->57287 57288 4517f0 41 API calls 57287->57288 57289 4793d1 57288->57289 57290 4517f0 41 API calls 57289->57290 57291 479499 57290->57291 57292 4517f0 41 API calls 57291->57292 57293 47955d 57292->57293 57294 4517f0 41 API calls 57293->57294 57295 479621 57294->57295 57296 4517f0 41 API calls 57295->57296 57297 4796e9 57296->57297 57298 4517f0 41 API calls 57297->57298 57299 4797ad 57298->57299 57300 4517f0 41 API calls 57299->57300 57301 479871 57300->57301 57302 4517f0 41 API calls 57301->57302 57303 479939 57302->57303 58427 479ec0 57303->58427 57305 47996e 58453 44d7d0 57305->58453 57307 4799a2 58468 4738e0 57307->58468 57310 44ba90 41 API calls 57311 4799ed 57310->57311 58479 44eb90 57311->58479 57318 479a38 58517 44c960 57318->58517 57319 44c960 41 API calls 57319->57318 57321 479a70 57322 44d060 41 API calls 57321->57322 57323 479a7f 57322->57323 57324 44d060 41 API calls 57323->57324 57325 479a8e 57324->57325 57326 44eb90 41 API calls 57325->57326 57327 479a9b 57326->57327 58526 479c20 57327->58526 57330 44eb90 41 API calls 57331 479ab5 57330->57331 58535 479d70 57331->58535 58392->57181 58393->57185 58397 474178 58396->58397 58400 47410a _Yarn 58396->58400 58401 477640 44 API calls 5 library calls 58397->58401 58399 474186 58399->57280 58400->57280 58401->58399 58403 4517f0 41 API calls 58402->58403 58404 478dc8 _Yarn 58403->58404 58543 44fe10 58404->58543 58407 4517f0 41 API calls 58408 478ee8 58407->58408 58409 44fe10 41 API calls 58408->58409 58410 478efd 58409->58410 58411 44d060 41 API calls 58410->58411 58412 478f0c 58411->58412 58413 4517f0 41 API calls 58412->58413 58414 478f3c 58413->58414 58415 44fe10 41 API calls 58414->58415 58416 478f51 58415->58416 58417 44d060 41 API calls 58416->58417 58423 478f60 58417->58423 58418 44d060 41 API calls 58419 4790ef 58418->58419 58420 44d060 41 API calls 58419->58420 58421 4790fe 58420->58421 58422 44d060 41 API calls 58421->58422 58424 47910a 58422->58424 58423->58418 58423->58423 58425 4abbf5 CatchGuardHandler 5 API calls 58424->58425 58426 479127 58425->58426 58426->57284 58428 479ef7 58427->58428 58429 479fdc 58427->58429 58430 479f03 58428->58430 58431 47a0c0 58428->58431 58432 47a062 58429->58432 58450 47a001 58429->58450 58440 479f44 58430->58440 58446 479f84 std::ios_base::_Ios_base_dtor 58430->58446 58449 44d060 41 API calls 58430->58449 58551 449730 41 API calls 58431->58551 58442 47a094 58432->58442 58445 44d7d0 41 API calls 58432->58445 58435 47a0c5 58552 497d39 41 API calls 2 library calls 58435->58552 58436 47a053 58436->57305 58438 44d060 41 API calls 58438->58442 58439 47a03c 58550 47a0d0 41 API calls CatchGuardHandler 58439->58550 58440->58435 58440->58446 58442->58438 58443 47a0b1 58442->58443 58443->57305 58445->58432 58548 454e60 41 API calls 2 library calls 58446->58548 58447 44d7d0 41 API calls 58447->58450 58448 479fb1 58549 47a0d0 41 API calls CatchGuardHandler 58448->58549 58449->58430 58450->58439 58450->58447 58452 479fcd 58452->57305 58457 44d7ee _Yarn 58453->58457 58460 44d814 58453->58460 58454 44d8f4 58455 4350b0 41 API calls 58454->58455 58456 44d8f9 58455->58456 58554 434f80 41 API calls 2 library calls 58456->58554 58457->57307 58458 4abc08 std::_Facet_Register 41 API calls 58466 44d84b _Yarn 58458->58466 58460->58454 58461 44d857 58460->58461 58462 44d88b 58460->58462 58460->58466 58461->58456 58461->58458 58464 4abc08 std::_Facet_Register 41 API calls 58462->58464 58463 44d8fe 58464->58466 58467 44d8d6 std::ios_base::_Ios_base_dtor 58466->58467 58553 497d39 41 API calls 2 library calls 58466->58553 58467->57307 58469 44ca70 41 API calls 58468->58469 58471 473957 58469->58471 58555 4759f0 58471->58555 58475 44d060 41 API calls 58476 4739e6 58475->58476 58477 454ec0 41 API calls 58476->58477 58478 4739f2 58477->58478 58478->57310 58480 44ebf1 58479->58480 58480->58480 58481 4517f0 41 API calls 58480->58481 58482 44ec06 58481->58482 58782 44a980 58482->58782 58485 44f070 58486 44f13c 58485->58486 58487 44f0ef 58485->58487 58813 4510c0 41 API calls 58486->58813 58488 44f10a 58487->58488 58489 44d7d0 41 API calls 58487->58489 58496 44f180 58488->58496 58489->58488 58491 44f155 58814 4511a0 41 API calls CatchGuardHandler 58491->58814 58493 44f16a 58815 4afa0c RaiseException 58493->58815 58495 44f17b 58509 44f220 58496->58509 58497 44f31c 58498 44f3e6 58497->58498 58499 44f343 58497->58499 58818 44d7c0 41 API calls 58498->58818 58502 4517f0 41 API calls 58499->58502 58504 44f362 58502->58504 58503 4517f0 41 API calls 58503->58509 58505 44f373 58504->58505 58817 45ffe0 41 API calls 58504->58817 58508 44d060 41 API calls 58505->58508 58507 44d060 41 API calls 58507->58509 58510 44f3ba 58508->58510 58509->58497 58509->58498 58509->58503 58509->58507 58512 44bad0 41 API calls 58509->58512 58816 458940 41 API calls 58509->58816 58511 44d060 41 API calls 58510->58511 58513 44f3c6 58511->58513 58512->58509 58515 4abbf5 CatchGuardHandler 5 API calls 58513->58515 58516 44f3df 58515->58516 58516->57318 58516->57319 58518 44c98d 58517->58518 58521 44c9d8 std::ios_base::_Ios_base_dtor 58517->58521 58519 44c9a2 58518->58519 58520 44d060 41 API calls 58518->58520 58519->58521 58819 497d39 41 API calls 2 library calls 58519->58819 58520->58518 58521->57321 58528 479c53 58526->58528 58527 479aa2 58527->57330 58528->58527 58820 4510c0 41 API calls 58528->58820 58530 479d14 58821 4511a0 41 API calls CatchGuardHandler 58530->58821 58532 479d29 58822 4afa0c RaiseException 58532->58822 58534 479d3a 58536 479da3 58535->58536 58823 4510c0 41 API calls 58536->58823 58538 479e63 58824 4511a0 41 API calls CatchGuardHandler 58538->58824 58540 479e78 58825 4afa0c RaiseException 58540->58825 58542 479e89 58544 44b8f0 41 API calls 58543->58544 58545 44fea4 _Yarn 58544->58545 58546 44b8f0 41 API calls 58545->58546 58547 44ffad 58546->58547 58547->58407 58548->58448 58549->58452 58550->58436 58554->58463 58556 475a5c 58555->58556 58637 494d10 58556->58637 58560 4739ba 58561 473b90 58560->58561 58562 473e7f 58561->58562 58563 473bec __fread_nolock 58561->58563 58777 476a20 46 API calls CatchGuardHandler 58562->58777 58774 454180 41 API calls 58563->58774 58565 473eca 58566 474190 44 API calls 58565->58566 58567 473eda 58566->58567 58569 474003 58567->58569 58571 4517f0 41 API calls 58567->58571 58572 474076 58569->58572 58576 44ca70 41 API calls 58569->58576 58570 473c61 58775 475df0 46 API calls CatchGuardHandler 58570->58775 58575 473f16 58571->58575 58574 4540f0 41 API calls 58572->58574 58578 473e7a 58574->58578 58579 4543f0 46 API calls 58575->58579 58580 474029 58576->58580 58577 473c76 58581 474190 44 API calls 58577->58581 58583 4abbf5 CatchGuardHandler 5 API calls 58578->58583 58584 473f31 58579->58584 58585 44d3b0 41 API calls 58580->58585 58582 473c7e 58581->58582 58586 473d96 58582->58586 58589 4517f0 41 API calls 58582->58589 58587 4739cd 58583->58587 58588 459790 41 API calls 58584->58588 58585->58572 58590 473df6 58586->58590 58591 473d9c 58586->58591 58587->58475 58592 473f5f 58588->58592 58593 473cae 58589->58593 58595 473e68 58590->58595 58599 44ca70 41 API calls 58590->58599 58594 44ca70 41 API calls 58591->58594 58596 454730 46 API calls 58592->58596 58597 4543f0 46 API calls 58593->58597 58598 473dbc 58594->58598 58776 453fe0 41 API calls 58595->58776 58600 473f7a 58596->58600 58602 473cc6 58597->58602 58608 44d3b0 41 API calls 58598->58608 58599->58598 58603 473f8c 58600->58603 58604 4740c9 58600->58604 58606 459790 41 API calls 58602->58606 58605 44d060 41 API calls 58603->58605 58780 44d1a0 41 API calls 58604->58780 58609 473f9b 58605->58609 58610 473cf4 58606->58610 58608->58595 58612 4ad441 ___std_exception_destroy 14 API calls 58609->58612 58613 454730 46 API calls 58610->58613 58611 4740d5 58781 4afa0c RaiseException 58611->58781 58615 473fc5 58612->58615 58616 473d10 58613->58616 58618 4ad441 ___std_exception_destroy 14 API calls 58615->58618 58619 4740a7 58616->58619 58620 473d22 58616->58620 58617 4740e6 58621 473fe2 58618->58621 58778 44d1a0 41 API calls 58619->58778 58623 44d060 41 API calls 58620->58623 58624 44d060 41 API calls 58621->58624 58626 473d31 58623->58626 58627 473ff4 58624->58627 58625 4740b8 58779 4afa0c RaiseException 58625->58779 58629 4ad441 ___std_exception_destroy 14 API calls 58626->58629 58630 44d060 41 API calls 58627->58630 58631 473d5b 58629->58631 58630->58569 58632 4ad441 ___std_exception_destroy 14 API calls 58631->58632 58633 473d78 58632->58633 58634 44d060 41 API calls 58633->58634 58635 473d8a 58634->58635 58636 44d060 41 API calls 58635->58636 58636->58586 58708 4992a7 GetLastError 58637->58708 58642 474190 58643 4741a9 58642->58643 58648 4741ec 58642->58648 58763 475760 41 API calls 58643->58763 58646 4741ae 58646->58648 58764 475760 41 API calls 58646->58764 58647 474243 58652 474389 58647->58652 58653 474286 58647->58653 58654 474324 58647->58654 58655 4742c2 58647->58655 58656 4742ae 58647->58656 58657 474349 58647->58657 58658 4742d6 58647->58658 58659 474375 58647->58659 58660 474272 58647->58660 58661 47435f 58647->58661 58662 47425e 58647->58662 58663 4742fb 58647->58663 58664 47429a 58647->58664 58766 474460 41 API calls 58648->58766 58650 4741bc 58672 4741d1 58650->58672 58765 475760 41 API calls 58650->58765 58676 4abbf5 CatchGuardHandler 5 API calls 58652->58676 58670 4abbf5 CatchGuardHandler 5 API calls 58653->58670 58771 4744f0 41 API calls 58654->58771 58677 4abbf5 CatchGuardHandler 5 API calls 58655->58677 58675 4abbf5 CatchGuardHandler 5 API calls 58656->58675 58772 474e30 41 API calls CatchGuardHandler 58657->58772 58769 4744f0 41 API calls 58658->58769 58674 4abbf5 CatchGuardHandler 5 API calls 58659->58674 58669 4abbf5 CatchGuardHandler 5 API calls 58660->58669 58773 4745a0 44 API calls 2 library calls 58661->58773 58667 4abbf5 CatchGuardHandler 5 API calls 58662->58667 58770 4744f0 41 API calls 58663->58770 58673 4abbf5 CatchGuardHandler 5 API calls 58664->58673 58681 47426e 58667->58681 58683 474282 58669->58683 58684 474296 58670->58684 58688 4abbf5 CatchGuardHandler 5 API calls 58672->58688 58687 4742aa 58673->58687 58689 474385 58674->58689 58690 4742be 58675->58690 58691 4743a0 58676->58691 58692 4742d2 58677->58692 58679 474315 58694 4abbf5 CatchGuardHandler 5 API calls 58679->58694 58680 47433a 58696 4abbf5 CatchGuardHandler 5 API calls 58680->58696 58681->58560 58682 474350 58697 4abbf5 CatchGuardHandler 5 API calls 58682->58697 58683->58560 58684->58560 58685 474366 58698 4abbf5 CatchGuardHandler 5 API calls 58685->58698 58687->58560 58700 4741e8 58688->58700 58689->58560 58690->58560 58691->58560 58692->58560 58693 4742ec 58701 4abbf5 CatchGuardHandler 5 API calls 58693->58701 58702 474320 58694->58702 58704 474345 58696->58704 58705 47435b 58697->58705 58706 474371 58698->58706 58699 4741ca 58699->58648 58699->58672 58700->58560 58707 4742f7 58701->58707 58702->58560 58703 47421b 58703->58647 58703->58652 58767 474d00 41 API calls 58703->58767 58768 474460 41 API calls 58703->58768 58704->58560 58705->58560 58706->58560 58707->58560 58709 4992bd 58708->58709 58710 4992c3 58708->58710 58741 49cbd8 6 API calls std::_Lockit::_Lockit 58709->58741 58714 4992c7 58710->58714 58742 49cc17 6 API calls std::_Lockit::_Lockit 58710->58742 58713 4992df 58713->58714 58715 4992e7 58713->58715 58716 49934c SetLastError 58714->58716 58743 49c6a4 14 API calls 3 library calls 58715->58743 58719 49935c 58716->58719 58720 494d1b 58716->58720 58718 4992f4 58721 49930d 58718->58721 58722 4992fc 58718->58722 58748 498ca6 58719->58748 58737 49b0ec 58720->58737 58745 49cc17 6 API calls std::_Lockit::_Lockit 58721->58745 58744 49cc17 6 API calls std::_Lockit::_Lockit 58722->58744 58727 499319 58728 49931d 58727->58728 58729 499334 58727->58729 58746 49cc17 6 API calls std::_Lockit::_Lockit 58728->58746 58747 4990d5 14 API calls __dosmaperr 58729->58747 58731 49c0bd __freea 14 API calls 58734 499331 58731->58734 58733 49930a 58733->58731 58734->58716 58735 49933f 58736 49c0bd __freea 14 API calls 58735->58736 58736->58734 58738 49b0ff 58737->58738 58739 475b5c 58737->58739 58738->58739 58762 4a342d 41 API calls 3 library calls 58738->58762 58739->58642 58741->58710 58742->58713 58743->58718 58744->58733 58745->58727 58746->58733 58747->58735 58759 4a2af6 EnterCriticalSection LeaveCriticalSection __FrameHandler3::FrameUnwindToState 58748->58759 58750 498cab 58751 498cb6 58750->58751 58760 4a2b3b 41 API calls 6 library calls 58750->58760 58753 498cc0 IsProcessorFeaturePresent 58751->58753 58754 498cdf 58751->58754 58756 498ccc 58753->58756 58761 4a29d2 41 API calls __FrameHandler3::FrameUnwindToState 58754->58761 58758 497b2d __FrameHandler3::FrameUnwindToState 8 API calls 58756->58758 58757 498ce9 58758->58754 58759->58750 58760->58751 58761->58757 58762->58739 58763->58646 58764->58650 58765->58699 58766->58703 58767->58703 58768->58703 58769->58693 58770->58679 58771->58680 58772->58682 58773->58685 58774->58570 58775->58577 58776->58578 58777->58565 58778->58625 58779->58604 58780->58611 58781->58617 58783 44a9b5 58782->58783 58784 44a9bd 58782->58784 58808 451310 41 API calls 2 library calls 58783->58808 58786 44a9c5 58784->58786 58787 44a9fe 58784->58787 58798 458110 58786->58798 58809 4513c0 41 API calls 58787->58809 58789 44a9d6 58791 44d060 41 API calls 58789->58791 58793 44a9e8 58791->58793 58792 44aa14 58810 4511a0 41 API calls CatchGuardHandler 58792->58810 58793->58485 58795 44aa26 58811 4afa0c RaiseException 58795->58811 58797 44aa37 58801 458164 58798->58801 58799 4581c4 58802 4abc08 std::_Facet_Register 41 API calls 58799->58802 58800 4582a0 58812 4351b0 41 API calls 58800->58812 58801->58799 58801->58800 58807 4581a4 58801->58807 58804 4581e5 58802->58804 58806 44ca70 41 API calls 58804->58806 58806->58807 58807->58789 58808->58784 58809->58792 58810->58795 58811->58797 58813->58491 58814->58493 58815->58495 58816->58509 58817->58505 58820->58530 58821->58532 58822->58534 58823->58538 58824->58540 58825->58542 60985 4a283f 60984->60985 60986 4a282d 60984->60986 60996 4a26b0 60985->60996 61011 4a28c8 GetModuleHandleW 60986->61011 60990 4a287c 60990->57252 60991 4a2832 60991->60985 61012 4a2923 GetModuleHandleExW 60991->61012 60997 4a26bc __FrameHandler3::FrameUnwindToState 60996->60997 61018 49b2e1 EnterCriticalSection 60997->61018 60999 4a26c6 61019 4a2718 60999->61019 61001 4a26d3 61023 4a26f1 61001->61023 61004 4a2897 61056 4a290a 61004->61056 61006 4a28a1 61007 4a28b5 61006->61007 61008 4a28a5 GetCurrentProcess TerminateProcess 61006->61008 61009 4a2923 __FrameHandler3::FrameUnwindToState 3 API calls 61007->61009 61008->61007 61010 4a28bd ExitProcess 61009->61010 61011->60991 61013 4a2962 GetProcAddress 61012->61013 61014 4a2983 61012->61014 61013->61014 61017 4a2976 61013->61017 61015 4a2989 FreeLibrary 61014->61015 61016 4a283e 61014->61016 61015->61016 61016->60985 61017->61014 61018->60999 61020 4a2724 __FrameHandler3::FrameUnwindToState 61019->61020 61022 4a2788 __FrameHandler3::FrameUnwindToState 61020->61022 61026 4a8d62 61020->61026 61022->61001 61055 49b329 LeaveCriticalSection 61023->61055 61025 4a26df 61025->60990 61025->61004 61027 4a8d6e __EH_prolog3 61026->61027 61030 4a8aba 61027->61030 61029 4a8d95 __FrameHandler3::FrameUnwindToState 61029->61022 61031 4a8ac6 __FrameHandler3::FrameUnwindToState 61030->61031 61038 49b2e1 EnterCriticalSection 61031->61038 61033 4a8ad4 61039 4a8c72 61033->61039 61037 4a8af2 61037->61029 61038->61033 61040 4a8ae1 61039->61040 61041 4a8c91 61039->61041 61045 4a8b09 LeaveCriticalSection std::_Lockit::~_Lockit 61040->61045 61041->61040 61042 4a8d1f 61041->61042 61046 4cee50 61041->61046 61042->61040 61043 49c0bd __freea 14 API calls 61042->61043 61043->61040 61045->61037 61047 44d3b0 41 API calls 61046->61047 61048 4cee99 61047->61048 61049 44cfd0 41 API calls 61048->61049 61050 4ceeb2 61049->61050 61051 44cfd0 41 API calls 61050->61051 61052 4ceecb 61051->61052 61053 44cfd0 41 API calls 61052->61053 61054 4ceeea 61053->61054 61054->61041 61055->61025 61059 4a6ed5 5 API calls __FrameHandler3::FrameUnwindToState 61056->61059 61058 4a290f __FrameHandler3::FrameUnwindToState 61058->61006 61059->61058 61060 44a0b0 61061 44a0bc 61060->61061 61062 44a0c7 61061->61062 61064 449e50 43 API calls 61061->61064 61063 44a0d4 61064->61063 61065 470ef0 61066 4385b0 53 API calls 61065->61066 61067 470f74 61066->61067 61068 4385b0 53 API calls 61067->61068 61070 4717ff 61068->61070 61069 471c5b 61071 4abbf5 CatchGuardHandler 5 API calls 61069->61071 61070->61069 61073 44e320 41 API calls 61070->61073 61072 471c72 61071->61072 61074 471873 61073->61074 61075 436ee0 47 API calls 61074->61075 61076 47188f 61075->61076 61150 4735e0 61076->61150 61079 44d060 41 API calls 61080 4718b3 61079->61080 61081 44cfd0 41 API calls 61080->61081 61082 4718d9 61081->61082 61083 481830 125 API calls 61082->61083 61084 4718e7 61083->61084 61085 471c37 61084->61085 61087 44cd00 41 API calls 61084->61087 61086 471c49 61085->61086 61088 44d060 41 API calls 61085->61088 61090 44d060 41 API calls 61086->61090 61089 471908 61087->61089 61088->61086 61091 44d3b0 41 API calls 61089->61091 61090->61069 61092 47194e 61091->61092 61093 4abc08 std::_Facet_Register 41 API calls 61092->61093 61094 471964 61093->61094 61095 44bad0 41 API calls 61094->61095 61096 471984 61095->61096 61097 4517f0 41 API calls 61096->61097 61098 4719d0 61097->61098 61099 44a980 41 API calls 61098->61099 61100 4719e0 61099->61100 61101 44d3b0 41 API calls 61100->61101 61102 471a2f 61101->61102 61102->61085 61103 471c9c 61102->61103 61104 4368a0 RaiseException 61103->61104 61105 471ca1 61104->61105 61106 44e320 41 API calls 61105->61106 61107 471d45 61106->61107 61108 436ee0 47 API calls 61107->61108 61109 471d61 61108->61109 61110 44cfd0 41 API calls 61109->61110 61111 471d88 61110->61111 61112 44eaf0 44 API calls 61111->61112 61113 472133 61112->61113 61114 437150 41 API calls 61113->61114 61115 47214e 61114->61115 61116 44cfd0 41 API calls 61115->61116 61117 472161 61116->61117 61118 44ba90 41 API calls 61117->61118 61119 472348 61118->61119 61120 45d680 44 API calls 61119->61120 61121 47238c 61120->61121 61122 437150 41 API calls 61121->61122 61123 4723c3 61122->61123 61124 481110 125 API calls 61123->61124 61125 4723d7 61124->61125 61126 44cfd0 41 API calls 61125->61126 61127 4723ea 61126->61127 61128 44cfd0 41 API calls 61127->61128 61129 4723fd 61128->61129 61154 449510 52 API calls 61129->61154 61131 4727e0 61133 472dc5 61131->61133 61155 4384a0 61131->61155 61135 438f80 41 API calls 61133->61135 61136 472de3 61135->61136 61138 44d060 41 API calls 61136->61138 61137 472e47 61139 4368a0 RaiseException 61137->61139 61140 472def 61138->61140 61141 472e4c 61139->61141 61142 44cfd0 41 API calls 61140->61142 61143 437c30 46 API calls 61141->61143 61144 472e02 61142->61144 61145 472e60 61143->61145 61146 44d060 41 API calls 61144->61146 61147 472e29 61146->61147 61148 4abbf5 CatchGuardHandler 5 API calls 61147->61148 61149 472e40 61148->61149 61151 47361a 61150->61151 61152 4740f0 44 API calls 61151->61152 61153 4718a1 61152->61153 61153->61079 61154->61131 61156 4385b0 53 API calls 61155->61156 61157 4384bc 61156->61157 61158 4384dc 61157->61158 61159 4384f7 61157->61159 61161 4abbf5 CatchGuardHandler 5 API calls 61158->61161 61160 437c30 46 API calls 61159->61160 61163 438505 61160->61163 61162 4384ed 61161->61162 61162->61133 61162->61137 61164 4865d0 61195 47fd70 61164->61195 61167 48689b 61202 47fb50 61167->61202 61171 48666c 61174 44e320 41 API calls 61171->61174 61176 4866cf 61174->61176 61177 44cfd0 41 API calls 61176->61177 61179 486715 GetVolumeInformationW 61177->61179 61181 44cfd0 41 API calls 61179->61181 61182 486778 __fread_nolock 61181->61182 61183 48677c 61182->61183 61209 47b120 52 API calls 61182->61209 61184 4abbf5 CatchGuardHandler 5 API calls 61183->61184 61185 486894 61184->61185 61187 4867c5 61210 47b1e0 50 API calls 61187->61210 61189 4867fa 61190 448cc0 41 API calls 61189->61190 61191 48680c 61190->61191 61192 44d060 41 API calls 61191->61192 61193 48686c 61192->61193 61194 447920 41 API calls 61193->61194 61194->61183 61196 47fe28 61195->61196 61200 47fe0c 61195->61200 61196->61200 61215 451cf0 41 API calls 2 library calls 61196->61215 61201 47ff2c 61200->61201 61211 4b8517 GetCurrentDirectoryW 61200->61211 61216 451cf0 41 API calls 2 library calls 61200->61216 61201->61167 61201->61171 61203 44ba90 41 API calls 61202->61203 61204 47fb9d 61203->61204 61217 437450 41 API calls 61204->61217 61206 47fbb5 61218 4afa0c RaiseException 61206->61218 61208 47fbc6 61209->61187 61210->61189 61212 4b852d 61211->61212 61213 4b8536 GetLastError 61211->61213 61212->61213 61214 4b8532 61212->61214 61213->61214 61214->61200 61215->61200 61216->61200 61217->61206 61218->61208 61219 4561bf 61220 4561cf 61219->61220 61221 451e50 41 API calls 61220->61221 61222 456200 61221->61222 61223 451e50 41 API calls 61222->61223 61223->61222 61224 4bb697 61229 4bb3a9 61224->61229 61227 4bb6d6 61234 4bb3d7 61229->61234 61231 4bb602 61248 497d29 41 API calls _strftime 61231->61248 61233 4bb532 61233->61227 61241 4bc8a4 61233->61241 61234->61234 61239 4bb527 61234->61239 61244 4a92c0 42 API calls 2 library calls 61234->61244 61236 4bb58f 61236->61239 61245 4a92c0 42 API calls 2 library calls 61236->61245 61238 4bb5ad 61238->61239 61246 4a92c0 42 API calls 2 library calls 61238->61246 61239->61233 61247 4950d4 14 API calls __dosmaperr 61239->61247 61249 4bbeff 61241->61249 61244->61236 61245->61238 61246->61239 61247->61231 61248->61233 61251 4bbf0b __FrameHandler3::FrameUnwindToState 61249->61251 61250 4bbf12 61306 4950d4 14 API calls __dosmaperr 61250->61306 61251->61250 61254 4bbf3d 61251->61254 61253 4bbf17 61307 497d29 41 API calls _strftime 61253->61307 61260 4bc57a 61254->61260 61259 4bbf21 61259->61227 61261 4bc597 61260->61261 61262 4bc5ac 61261->61262 61263 4bc5c5 61261->61263 61323 4950c1 14 API calls __dosmaperr 61262->61323 61309 4a2f56 61263->61309 61266 4bc5b1 61324 4950d4 14 API calls __dosmaperr 61266->61324 61268 4bc5ea 61322 4bc233 CreateFileW 61268->61322 61269 4bc5d3 61325 4950c1 14 API calls __dosmaperr 61269->61325 61273 4bc5d8 61326 4950d4 14 API calls __dosmaperr 61273->61326 61274 4bc6a0 GetFileType 61277 4bc6ab GetLastError 61274->61277 61278 4bc6f2 61274->61278 61276 4bc675 GetLastError 61328 49507a 14 API calls __dosmaperr 61276->61328 61329 49507a 14 API calls __dosmaperr 61277->61329 61331 4a2e9e 15 API calls 2 library calls 61278->61331 61279 4bc623 61279->61274 61279->61276 61327 4bc233 CreateFileW 61279->61327 61283 4bc6b9 CloseHandle 61283->61266 61286 4bc6e2 61283->61286 61285 4bc668 61285->61274 61285->61276 61330 4950d4 14 API calls __dosmaperr 61286->61330 61288 4bc713 61290 4bc75f 61288->61290 61332 4bc442 75 API calls 3 library calls 61288->61332 61289 4bc6e7 61289->61266 61294 4bc766 61290->61294 61334 4bbfdd 75 API calls 4 library calls 61290->61334 61293 4bc794 61293->61294 61295 4bc7a2 61293->61295 61333 49c22b 44 API calls 2 library calls 61294->61333 61296 4bbf61 61295->61296 61298 4bc81e CloseHandle 61295->61298 61308 4bbf94 LeaveCriticalSection __wsopen_s 61296->61308 61335 4bc233 CreateFileW 61298->61335 61300 4bc849 61301 4bc853 GetLastError 61300->61301 61302 4bc87f 61300->61302 61336 49507a 14 API calls __dosmaperr 61301->61336 61302->61296 61304 4bc85f 61337 4a3069 15 API calls 2 library calls 61304->61337 61306->61253 61307->61259 61308->61259 61310 4a2f62 __FrameHandler3::FrameUnwindToState 61309->61310 61338 49b2e1 EnterCriticalSection 61310->61338 61312 4a2fb0 61339 4a3060 61312->61339 61314 4a2f8e 61342 4a2d2d 15 API calls 3 library calls 61314->61342 61315 4a2f69 61315->61312 61315->61314 61319 4a2ffd EnterCriticalSection 61315->61319 61318 4a2f93 61318->61312 61343 4a2e7b EnterCriticalSection 61318->61343 61319->61312 61321 4a300a LeaveCriticalSection 61319->61321 61321->61315 61322->61279 61323->61266 61324->61296 61325->61273 61326->61266 61327->61285 61328->61266 61329->61283 61330->61289 61331->61288 61332->61290 61333->61296 61334->61293 61335->61300 61336->61304 61337->61302 61338->61315 61344 49b329 LeaveCriticalSection 61339->61344 61341 4a2fd0 61341->61268 61341->61269 61342->61318 61343->61312 61344->61341 61345 48db16 61346 48db1e 61345->61346 61347 48e1c0 46 API calls 61346->61347 61348 48db2a 61347->61348 61349 4abbf5 CatchGuardHandler 5 API calls 61348->61349 61350 48e0d0 61349->61350

                                                                              Executed Functions

                                                                              Function 00485F00 Relevance: 31.7, APIs: 21, Instructions: 205windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • KiUserCallbackDispatcher.NTDLL(0000004C), ref: 00485F72
                                                                              • GetSystemMetrics.USER32(0000004D), ref: 00485F7C
                                                                              • GetSystemMetrics.USER32(0000004E), ref: 00485F86
                                                                              • GetSystemMetrics.USER32(0000004F), ref: 00485F90
                                                                              • GetDC.USER32(00000000), ref: 00485F9A
                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 00485FAF
                                                                              • GetDeviceCaps.GDI32(?,0000000A), ref: 00485FBB
                                                                              • CreateCompatibleDC.GDI32(?), ref: 00485FC5
                                                                              • CreateCompatibleBitmap.GDI32(?,00000000,00000000), ref: 00485FDA
                                                                              • SelectObject.GDI32(?,00000000), ref: 00485FEE
                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,40CC0020), ref: 0048601D
                                                                              • SHCreateMemStream.SHLWAPI(00000000,00000000), ref: 0048604F
                                                                              • DeleteDC.GDI32(?), ref: 0048606E
                                                                              • ReleaseDC.USER32(00000000,?), ref: 00486077
                                                                              • DeleteObject.GDI32(?), ref: 00486083
                                                                              • IStream_Size.SHLWAPI(?,?,?), ref: 004860F5
                                                                              • IStream_Reset.SHLWAPI(?), ref: 00486104
                                                                              • IStream_Read.SHLWAPI(?,00000000,?,?), ref: 0048611E
                                                                              • DeleteDC.GDI32(?), ref: 00486175
                                                                              • ReleaseDC.USER32(00000000,?), ref: 00486183
                                                                              • DeleteObject.GDI32(?), ref: 0048618F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Delete$CreateMetricsObjectStream_System$CapsCompatibleDeviceRelease$BitmapCallbackDispatcherReadResetSelectSizeStreamUser
                                                                              • String ID:
                                                                              • API String ID: 2798906502-0
                                                                              • Opcode ID: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                                                              • Instruction ID: 1540f068b23de5c11a4fec01122546931e44dbb37a8a944e45ab45a1281bc334
                                                                              • Opcode Fuzzy Hash: 99dc10b740a5f021b41c68854b237c0d4245f8800150c2945631f9edaba6f951
                                                                              • Instruction Fuzzy Hash: F4812971C01218AFDB11EB64DC49BEDBBB8EF09314F1041AAE509B7291DB742E84CF99
                                                                              Function 00488400 Relevance: 27.7, APIs: 5, Strings: 10, Instructions: 1461COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 37 488400-488efa call 486990 call 4868b0 call 486c50 call 4863f0 call 4864e0 call 488190 call 486250 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 GlobalMemoryStatusEx call 4bcea0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 156 488f01-488f06 37->156 156->156 157 488f08-48908f call 4517f0 call 44a980 call 44d3b0 call 4517f0 call 44a980 call 485f00 156->157 170 489091 157->170 171 489093-4890ec call 44e890 call 44ed10 157->171 170->171 176 4890f0-4890f5 171->176 176->176 177 4890f7-48945b call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 GetDesktopWindow GetWindowRect call 47fa30 * 2 call 44e220 call 48f1f0 call 44d060 * 3 call 44ed10 176->177 208 489462-489467 177->208 208->208 209 489469-489590 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 497ec8 call 4988eb call 498c76 208->209 228 489597-48959c 209->228 228->228 229 48959e-4897c4 call 4517f0 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 call 4517f0 call 44a980 call 4ade50 GetModuleFileNameA 228->229 248 4897c7-4897cc 229->248 248->248 249 4897ce-48986b call 4517f0 call 44e890 call 44ed10 248->249 256 489870-489875 249->256 256->256 257 489877-489975 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 487780 256->257 274 489979-489bdc call 44e890 call 44ed10 call 4517f0 call 44a980 call 44d3b0 call 44d060 * 2 call 4517f0 call 44a980 call 44e890 call 44ed10 257->274 275 489977 257->275 298 489be0-489be5 274->298 275->274 298->298 299 489be7-489c9a call 4517f0 call 44a980 call 44d3b0 call 44d060 298->299 308 489ca0-489dcd call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 299->308 309 489dd2-489e7d call 4517f0 call 44a980 call 44ca70 call 4517f0 call 44a980 299->309 330 489e83-489f21 call 44d3b0 call 44d060 * 7 call 4abbf5 308->330 309->330
                                                                              APIs
                                                                                • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000000,00000348,00000001), ref: 00486A68
                                                                                • Part of subcall function 00486990: EnumDisplayDevicesW.USER32(00000000,00000001,00000348,00000001), ref: 00486ABD
                                                                                • Part of subcall function 004868B0: RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                                                • Part of subcall function 004863F0: GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                                                                • Part of subcall function 004864E0: GetComputerNameW.KERNEL32(?,?), ref: 00486554
                                                                                • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                                                                • Part of subcall function 0044BAD0: Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                                                              • GlobalMemoryStatusEx.KERNEL32(?,00000003), ref: 00488A6C
                                                                              • GetDesktopWindow.USER32 ref: 0048936A
                                                                              • GetWindowRect.USER32(00000000), ref: 00489371
                                                                              • _strftime.LIBCMT ref: 0048956B
                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,system,00000006), ref: 0048979A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Name$Concurrency::cancel_current_taskDevicesDisplayEnumWindow$ComputerDesktopFileGlobalMemoryModuleRectStatusUserValue_strftime
                                                                              • String ID: %d-%m-%Y, %H:%M:%S$>wfw$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                              • API String ID: 3994675093-2215247992
                                                                              • Opcode ID: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                                                              • Instruction ID: 1ab1bce1cb2369babe93dc2c843a9f66333b387f055d73d8335e63cf3a34051b
                                                                              • Opcode Fuzzy Hash: 780eb4c071b8c58362fb5c4d0a213da67d6cb8a55b1d61346fd39ba53df65c40
                                                                              • Instruction Fuzzy Hash: FC037970C052A99BDB26DF28C8547DDBBB1AF19308F2482DEE44867242DB751F85CF92
                                                                              Function 0047E240 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 199synchronizationCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000,A3776857), ref: 0047E2A3
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0047E2AA
                                                                              • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,00000004), ref: 0047E2CE
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0047E2F3
                                                                              • ExitProcess.KERNEL32 ref: 0047E32D
                                                                              • OpenMutexA.KERNEL32(001F0001,00000000,?), ref: 0047E411
                                                                              • ExitProcess.KERNEL32 ref: 0047E420
                                                                              • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0047E436
                                                                              • ExitProcess.KERNEL32 ref: 0047E457
                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$ExitMutex$CloseHandleOpenToken$CreateCurrentInformationRelease
                                                                              • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                              • API String ID: 1905835197-3768118664
                                                                              • Opcode ID: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                                                              • Instruction ID: e600725b129d9e3f70f3f4d3925b8df88ff981f4a24a656009bcaac003b6a44b
                                                                              • Opcode Fuzzy Hash: 1304b057001cb0e859eaf618cd2e17930212c1f0f1b5904f04536edf5095bcb9
                                                                              • Instruction Fuzzy Hash: 80817F70D01258EFDB00EFE6D9457DDBBB4EF08308F10815EE51AA7281DB785A05DB69
                                                                              Function 00446400 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 833libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 435 446400-44650e LoadLibraryA 436 446514-446a39 GetProcAddress * 6 435->436 437 44738b-447390 435->437 438 447385 436->438 439 446a3f-446a46 436->439 440 447392-447395 437->440 441 44739c-44739e 437->441 438->437 439->438 442 446a4c-446a53 439->442 440->441 443 4473a7-4473c4 call 4abbf5 441->443 444 4473a0-4473a1 FreeLibrary 441->444 442->438 446 446a59-446a60 442->446 444->443 446->438 449 446a66-446a68 446->449 449->438 450 446a6e-446a70 449->450 450->438 451 446a76-446a84 450->451 451->438 453 446a8a-446a95 451->453 453->438 454 446a9b-446a9d 453->454 455 446aa3-446aba 454->455 457 447366-44737f 455->457 458 446ac0-446ade 455->458 457->438 457->455 458->457 460 446ae4-446aed 458->460 461 447352-44735a 460->461 462 446af3-446b06 460->462 461->457 463 446b10-446b54 call 4abc08 462->463 467 446d5e-446d62 463->467 468 446b5a-446b5f 463->468 470 446f6e-446f9d 467->470 471 446d68-446d6d 467->471 468->467 469 446b65-446c5d call 47a340 468->469 479 446c60-446c65 469->479 477 4471c6-4471cd 470->477 478 446fa3-446fae 470->478 471->470 473 446d73-446e6b call 47a340 471->473 486 446e70-446e75 473->486 484 447302-447340 call 452630 call 4abfa3 477->484 485 4471d3-4472fc call 4517f0 call 44a980 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 46b040 call 44a850 call 44d3b0 477->485 481 446fb4-446fb9 478->481 482 4471bb-4471bd 478->482 479->479 483 446c67-446d58 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 479->483 481->482 487 446fbf-4470ad call 47a340 481->487 482->477 489 4471bf 482->489 483->467 484->463 510 447346-44734c 484->510 485->484 486->486 491 446e77-446f68 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 486->491 504 4470b7-4470bc 487->504 489->477 491->470 504->504 511 4470be-4471b5 call 4517f0 call 44e890 call 44ed10 call 4503c0 call 44d3b0 call 44d060 * 3 504->511 510->461 511->482
                                                                              APIs
                                                                              • LoadLibraryA.KERNEL32(?,A3776857), ref: 004464FE
                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0044664C
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 0044678C
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 00446831
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 004468D6
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 0044697B
                                                                              • GetProcAddress.KERNEL32(?,?), ref: 00446A27
                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004473A1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressProc$Library$FreeLoad
                                                                              • String ID: system$vault$!F
                                                                              • API String ID: 2449869053-2452413646
                                                                              • Opcode ID: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                                                              • Instruction ID: b3fd50756066dde9c2bcdca3b11f87412f5b17b86e41c1a20d378922be8368ac
                                                                              • Opcode Fuzzy Hash: e0fea6c89a0f53085211ecf823e563bfcd2fd38e707c4234fd3e69986002ee46
                                                                              • Instruction Fuzzy Hash: 2CA2DFB4D0426D8BDB25CFA8C884BEEBBB1BF59304F1081DAD948B7251DB385A85CF54
                                                                              Function 00485840 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 364networkfileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1601 485840-485a7a 1602 485a84-485a89 1601->1602 1602->1602 1603 485a8b-485ac7 call 4517f0 InternetOpenA 1602->1603 1606 485ac9-485aeb 1603->1606 1607 485af0-485b0f 1603->1607 1608 485e01-485e2f call 44d060 call 4abbf5 1606->1608 1609 485b11 1607->1609 1610 485b13-485b37 InternetOpenUrlA 1607->1610 1609->1610 1612 485b39-485b58 1610->1612 1613 485b5d-485b87 HttpQueryInfoW 1610->1613 1615 485df4-485df8 1612->1615 1616 485b89-485ba8 1613->1616 1617 485bad-485c15 call 4ade50 HttpQueryInfoW 1613->1617 1615->1608 1619 485de9-485dee InternetCloseHandle 1616->1619 1623 485c46-485c57 InternetQueryDataAvailable 1617->1623 1624 485c17-485c2a call 4949e3 1617->1624 1619->1615 1626 485d8a-485de4 call 44d060 1623->1626 1627 485c5d-485c5f 1623->1627 1624->1623 1631 485c2c-485c40 call 4516d0 1624->1631 1626->1619 1630 485c60-485c6b 1627->1630 1632 485d81 1630->1632 1633 485c71-485ce8 call 465e90 call 4ade50 InternetReadFile 1630->1633 1631->1623 1636 485d84 1632->1636 1641 485cee-485cf3 1633->1641 1642 485d73-485d7f call 454ec0 1633->1642 1636->1626 1643 485d70 1641->1643 1644 485cf5-485d05 1641->1644 1642->1636 1643->1642 1646 485d31-485d3e call 4520f0 1644->1646 1647 485d07-485d2f call 4ad8d0 1644->1647 1652 485d43-485d63 call 454ec0 InternetQueryDataAvailable 1646->1652 1647->1652 1652->1636 1655 485d65-485d6b 1652->1655 1655->1630
                                                                              APIs
                                                                              • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00485AB8
                                                                              • InternetOpenUrlA.WININET(00000000,?,?,00000000,84880100,00000000), ref: 00485B23
                                                                              • HttpQueryInfoW.WININET(00000000,00000013,?,?,00000000), ref: 00485B7C
                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,00000040,00000000), ref: 00485C0D
                                                                              • InternetQueryDataAvailable.WININET(00000000,?,00000000,00000000), ref: 00485C4F
                                                                              • InternetReadFile.WININET(00000000,00000000,?,0B911A77), ref: 00485CE0
                                                                              • InternetCloseHandle.WININET(00000000), ref: 00485DEE
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Internet$Query$HttpInfoOpen$AvailableCloseDataFileHandleRead
                                                                              • String ID: dk{u
                                                                              • API String ID: 1359475806-1025949191
                                                                              • Opcode ID: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                                                              • Instruction ID: 61ea4010c365d261526b7633df9a1f3866779007c1279ae13805143fd257e1b9
                                                                              • Opcode Fuzzy Hash: 27b0cd3a0b6fc00430f0ab845b11a26261cda9ec311c293bfde6673f79c1c1f5
                                                                              • Instruction Fuzzy Hash: 320203B0D057599BDB20CFA4C944BDDBBB5BF19304F20819AE848BB241EB746A84CF95
                                                                              Function 004B8545 Relevance: 15.2, APIs: 10, Instructions: 200fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1656 4b8545-4b857a 1657 4b858d-4b8596 1656->1657 1658 4b857c-4b8583 1656->1658 1660 4b8598-4b859b 1657->1660 1661 4b85b0-4b85b2 1657->1661 1658->1657 1659 4b8585-4b8588 1658->1659 1662 4b87a0-4b87ae call 4abbf5 1659->1662 1660->1661 1663 4b859d-4b85a4 1660->1663 1664 4b85b8-4b85bb 1661->1664 1665 4b879e 1661->1665 1667 4b85aa-4b85ad 1663->1667 1668 4b85a6-4b85a8 1663->1668 1669 4b85c1-4b85c4 1664->1669 1670 4b86b4-4b86e1 call 4b8827 1664->1670 1665->1662 1667->1661 1668->1661 1668->1667 1673 4b85d6-4b85e5 GetFileAttributesExW 1669->1673 1674 4b85c6-4b85cc 1669->1674 1681 4b86ea-4b86ed 1670->1681 1682 4b86e3-4b86e5 1670->1682 1677 4b864d-4b8668 1673->1677 1678 4b85e7-4b85f0 GetLastError 1673->1678 1674->1673 1676 4b85ce-4b85d0 1674->1676 1676->1670 1676->1673 1680 4b866e-4b8676 1677->1680 1678->1662 1679 4b85f6-4b8607 FindFirstFileW 1678->1679 1683 4b8609-4b860f GetLastError 1679->1683 1684 4b8614-4b864b FindClose 1679->1684 1685 4b8678-4b867f 1680->1685 1686 4b8681-4b86a8 1680->1686 1688 4b86ef-4b8700 GetFileInformationByHandleEx 1681->1688 1689 4b875c-4b875f 1681->1689 1687 4b8794-4b879c call 4b830c 1682->1687 1683->1662 1684->1680 1685->1686 1690 4b86ae 1685->1690 1686->1665 1686->1690 1687->1662 1694 4b870f-4b872a 1688->1694 1695 4b8702-4b870a GetLastError 1688->1695 1691 4b8789-4b878b 1689->1691 1692 4b8761-4b8772 GetFileInformationByHandleEx 1689->1692 1690->1670 1698 4b878d-4b878f 1691->1698 1699 4b8791-4b8793 1691->1699 1692->1695 1697 4b8774-4b8786 1692->1697 1694->1689 1696 4b872c-4b8732 1694->1696 1695->1687 1701 4b8755 1696->1701 1702 4b8734-4b8748 GetFileInformationByHandleEx 1696->1702 1697->1691 1698->1687 1699->1687 1704 4b8759 1701->1704 1702->1695 1703 4b874a-4b8753 1702->1703 1703->1704 1704->1689
                                                                              APIs
                                                                              • GetFileAttributesExW.KERNEL32(000000FF,00000000,?,00000001,?,?), ref: 004B85DD
                                                                              • GetLastError.KERNEL32 ref: 004B85E7
                                                                              • FindFirstFileW.KERNEL32(000000FF,?), ref: 004B85FE
                                                                              • GetLastError.KERNEL32 ref: 004B8609
                                                                              • FindClose.KERNEL32(00000000), ref: 004B8615
                                                                              • ___std_fs_open_handle@16.LIBCPMT ref: 004B86CE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorFileFindLast$AttributesCloseFirst___std_fs_open_handle@16
                                                                              • String ID:
                                                                              • API String ID: 2340820627-0
                                                                              • Opcode ID: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                                                              • Instruction ID: b482ff722bd6c6e5562e69f300935f677b27db246a655513dfd80cbad8c50a56
                                                                              • Opcode Fuzzy Hash: 26e86fa6e15967cd6674ed6e37e588395ab66286ab2511015f361a3ca517eeda
                                                                              • Instruction Fuzzy Hash: 6271A174A01619AFCB60CF28DC84BEAB7B8BF15314F24466AE854E3380DF389D41CB65
                                                                              Function 0048CB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1944 48cb50-48cbae 1945 48cbb0-48cbb9 1944->1945 1945->1945 1946 48cbbb-48cbd0 GetCurrentProcess OpenProcessToken 1945->1946 1947 48cc1d 1946->1947 1948 48cbd2-48cbe7 LookupPrivilegeValueW 1946->1948 1950 48cc1f-48cc2b 1947->1950 1948->1947 1949 48cbe9-48cc1b AdjustTokenPrivileges 1948->1949 1949->1950 1951 48cc2d-48cc34 CloseHandle 1950->1951 1952 48cc37-48cc54 call 4abbf5 1950->1952 1951->1952
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(00000028,A3776857,A3776857,00000000,00000000), ref: 0048CBC1
                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0048CBC8
                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 0048CBDF
                                                                              • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000), ref: 0048CC10
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0048CC2E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                              • String ID: SeDebugPrivilege
                                                                              • API String ID: 3038321057-2896544425
                                                                              • Opcode ID: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                                                              • Instruction ID: c2b5bf8999928723eaabf61e86e1a0babf1022b92d12b441156265fc3f808218
                                                                              • Opcode Fuzzy Hash: 0de4daaceb39ec4f5814627b6f1dd40d7c5fb6c13739ccbd22e93afb17c114b7
                                                                              • Instruction Fuzzy Hash: 4631A471D01208AFDB10DFA5DD85BEEBBB8EB09710F14422BE911B7280DB745A44CBB5
                                                                              Function 004473D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 301processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,A3776857), ref: 0044741C
                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                                                              • Process32NextW.KERNEL32(?,0000022C), ref: 004475CD
                                                                              • CloseHandle.KERNEL32(?), ref: 004478D2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                              • String ID: [PID:
                                                                              • API String ID: 420147892-2210602247
                                                                              • Opcode ID: cefa39f860a061b5cdc928b49f93e6ea5fa11b751c85222641e7e19468bf29e5
                                                                              • Instruction ID: 3632983ffbfa210010dfb9a713b5006bf5dbac80d679a8e5b8b4f374b17b9b69
                                                                              • Opcode Fuzzy Hash: cefa39f860a061b5cdc928b49f93e6ea5fa11b751c85222641e7e19468bf29e5
                                                                              • Instruction Fuzzy Hash: 0AE14770D112689BDB2ADF24CC807AEBBB9BF59304F1481D9E84867251DB346F89CF45
                                                                              Function 004402D0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004403C0
                                                                              • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileFind$FirstNext
                                                                              • String ID: content$filename
                                                                              • API String ID: 1690352074-474635906
                                                                              • Opcode ID: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                                                              • Instruction ID: 3fd07a7a2c97014430c74f1e6d5836f1a3ad12268408335d8deab24a75892f91
                                                                              • Opcode Fuzzy Hash: 3df7f202a6b99253f354de22ded639a46978a58fefe962044121c03344fab8ef
                                                                              • Instruction Fuzzy Hash: 2BD1D430D01249DBEB15EB64CD457EEBBB4AF21308F1440AEE505A7292DB785F48CB96
                                                                              Function 00485350 Relevance: 6.3, APIs: 4, Instructions: 316networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                                              • recv.WS2_32(?,00000001,00000000), ref: 004857E2
                                                                              • closesocket.WS2_32(0000025C), ref: 004857EE
                                                                              • WSACleanup.WS2_32 ref: 004857F4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: recv$Cleanupclosesocket
                                                                              • String ID:
                                                                              • API String ID: 146070474-0
                                                                              • Opcode ID: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                                                              • Instruction ID: ea48c0c3f42896101b1dfecbe024c21eb3956ad5c3a4809403442742827d540a
                                                                              • Opcode Fuzzy Hash: 9e36abc3380925dd93690334c8facdcdb208839f31d4ee637cc8ac082e786f44
                                                                              • Instruction Fuzzy Hash: 4CE19C70D01298DEDB14EB64CC49BDEBBB2BF14308F1041DAE449AB292DB745E88DF95
                                                                              Function 00487780 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 515timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTimeZoneInformation.KERNEL32(?,A3776857,00000000,000000BF), ref: 00487C87
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationTimeZone
                                                                              • String ID: @Zb=$[UTC
                                                                              • API String ID: 565725191-730387550
                                                                              • Opcode ID: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                                                              • Instruction ID: 6d71337f0f8cf227c7c56c381cd8fae4285dcd83216f0cb77706b7edbf0b928b
                                                                              • Opcode Fuzzy Hash: cf8fb0669151e3915c1c56c918cda204041e77f9a4f9e4b93b5b3df9b86f4cc7
                                                                              • Instruction Fuzzy Hash: E0520270D052688BDB25CF28CC947DDBBB1BF59304F1082DAD949AB281DB756B85CF84
                                                                              Function 004A1074 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0049C0BD: RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                                                                • Part of subcall function 0049C0BD: GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                                                              • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                              • API String ID: 3335090040-239921721
                                                                              • Opcode ID: ad663869331fc52042eea7bfe790139a2e80b582501180bae3c234ee24cd9100
                                                                              • Instruction ID: 53762b2ebd1cb462dfa51e434dc7c6f7f2cc61e8d19f93444a713380c049c16d
                                                                              • Opcode Fuzzy Hash: ad663869331fc52042eea7bfe790139a2e80b582501180bae3c234ee24cd9100
                                                                              • Instruction Fuzzy Hash: 73410871C00224ABDB10AF76DC45A9F7BB8EF6A754F10415BF510EB2A1E7349D04DB98
                                                                              Function 004B84C0 Relevance: 4.5, APIs: 3, Instructions: 35COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindClose.KERNEL32(000000FF,?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,A3776857,00000001), ref: 004B84CC
                                                                              • FindFirstFileExW.KERNEL32(000000FF,00000001,A3776857,00000000,00000000,00000000,00000001,00000001,?,?,004B84EE,00000001,?,?,00437D69,?), ref: 004B84FB
                                                                              • GetLastError.KERNEL32(?,004B84EE,00000001,?,?,00437D69,?,004BDC4D,00000001,?,?,?,A3776857,00000001), ref: 004B850D
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Find$CloseErrorFileFirstLast
                                                                              • String ID:
                                                                              • API String ID: 4020440971-0
                                                                              • Opcode ID: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                                                              • Instruction ID: a5a0d7868366c0cca89b591e166bcddb9b03d08ebbd2c2fb18ba3c3c76c3338f
                                                                              • Opcode Fuzzy Hash: 6891505d0e316c560b8af891ce29886cce9dd01a211028f8c8b4780eaf2fe176
                                                                              • Instruction Fuzzy Hash: 0AF03071001109BFDB216FA4EC08AAA7B9DEB14360B10862ABD28C55A0EA359961DB79
                                                                              Function 004479C0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 647COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00487290: RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,A3776857,?,0051C288), ref: 0048735B
                                                                                • Part of subcall function 00487290: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                                                                • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,A3776857,0051C570,0051C2A0), ref: 00487182
                                                                                • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004487A3
                                                                                • Part of subcall function 004870B0: RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Open$CloseEnumIos_base_dtorQueryValuestd::ios_base::_
                                                                              • String ID: 0hC
                                                                              • API String ID: 3553622603-2581318919
                                                                              • Opcode ID: ade7bf363ed15e6875cf1af1c8a60079e7d2754fd8a921585c80e4634e37238f
                                                                              • Instruction ID: d381e0b8d15ce89c3a027b92e8a5ae116750b180a2e65f5cba22683de7249f8f
                                                                              • Opcode Fuzzy Hash: ade7bf363ed15e6875cf1af1c8a60079e7d2754fd8a921585c80e4634e37238f
                                                                              • Instruction Fuzzy Hash: EA82CEB4E152688FEB25CF18C8957DDBBB0BF5A304F5082DAD98DA7241DB305A85CF81
                                                                              Function 0047A610 Relevance: 3.1, APIs: 2, Instructions: 119encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                                                              • LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CryptDataFreeLocalUnprotect
                                                                              • String ID:
                                                                              • API String ID: 1561624719-0
                                                                              • Opcode ID: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                                                              • Instruction ID: 0fc5e8941a16b16f9458543aa06cdc6e77fe0ca1878954e15eaf8ff6be4b297f
                                                                              • Opcode Fuzzy Hash: 23f8f3dfd76d3946956684746ccb5c99c2b1de592e134c678ee3552ffd4f36d7
                                                                              • Instruction Fuzzy Hash: 86518B70C00249EBEB00DFA5D845BDEFBB4FF54708F14821AE81477281D7B96A98CBA5
                                                                              Function 00487550 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLogicalDriveStringsW.KERNEL32(00000104,?,A3776857), ref: 00487605
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DriveLogicalStrings
                                                                              • String ID:
                                                                              • API String ID: 2022863570-0
                                                                              • Opcode ID: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                                                              • Instruction ID: 0be71067b94349f3b163f10fc7865c9901b3f86c171c2f757c76e38bbf7f7ec5
                                                                              • Opcode Fuzzy Hash: af7986355f76353f56621d05ed0878166b8efb0a331a21fa16df84ccda1fe4cc
                                                                              • Instruction Fuzzy Hash: 3351BD70C05318DBDB20DF64D85979EB7B0EF18304F1082DED409A7291EBB86A88CB95
                                                                              Function 004863F0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 00486464
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: NameUser
                                                                              • String ID:
                                                                              • API String ID: 2645101109-0
                                                                              • Opcode ID: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                                                              • Instruction ID: 991b9e5c4f1dd7985d860474454b41f109cd49006b683c09ab2e27c6457cb47f
                                                                              • Opcode Fuzzy Hash: f4ed9f5e37941df1e9ba9867385f1ec3f0cb7986d12087e88cefc21d8231c34a
                                                                              • Instruction Fuzzy Hash: AF217FB0D043189BD721DF15C844B9ABBF4FB08714F0046AEE84997380DBB9A6849BE5
                                                                              Function 00486C50 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: cores
                                                                              • API String ID: 0-2370456839
                                                                              • Opcode ID: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                                                              • Instruction ID: e3a9e89045bf121aadbf864e887aeb25ba0c58f762de233e8adf5c73134b1a6d
                                                                              • Opcode Fuzzy Hash: 7caecc748150b05fedb2737b290fa2d10d67063e027dfbdfaad7aac65fe8cbf0
                                                                              • Instruction Fuzzy Hash: 2B916871D003599BDB00CFA8C9547EEFBB4FF59304F14825AE404BB292EBB56A84CB91
                                                                              Function 00480C80 Relevance: 19.8, APIs: 13, Instructions: 258windowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 565 480c80-480cd2 call 4808f0 568 480d19 565->568 569 480cd4-480ce1 EnterCriticalSection 565->569 572 480d1e-480d3e call 4abbf5 568->572 570 480d41-480d58 LeaveCriticalSection GdipGetImageEncodersSize 569->570 571 480ce3-480d10 GdiplusStartup 569->571 570->568 575 480d5a-480d6e 570->575 571->570 573 480d12-480d13 LeaveCriticalSection 571->573 573->568 577 480d8a-480d91 575->577 578 480d70-480d77 call 480510 575->578 579 480f79-480f83 call 4805d0 577->579 580 480d97-480da5 call 497e9c 577->580 587 480d79-480d85 call 4ac9f0 578->587 588 480d87 578->588 589 480db5 580->589 590 480da7-480db2 580->590 592 480db8-480dbd 587->592 588->577 589->592 590->589 594 480dc9-480dd6 GdipGetImageEncoders 592->594 595 480dbf-480dc4 592->595 597 480f39-480f3e 594->597 598 480ddc-480de2 594->598 596 480f54-480f5d 595->596 599 480f5f 596->599 600 480f72-480f74 596->600 597->596 601 480e32 598->601 602 480de4-480ded 598->602 603 480f60-480f70 call 497357 599->603 600->572 604 480e39-480e4a 601->604 605 480df0-480dfa 602->605 603->600 607 480e50-480e54 604->607 608 480e00-480e04 605->608 610 480e6b-480e80 607->610 611 480e56-480e5f 607->611 612 480e1d-480e30 608->612 613 480e06-480e0f 608->613 615 480ee1-480f22 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 610->615 616 480e82-480ed8 GdipCreateBitmapFromScan0 GdipSaveImageToStream 610->616 611->607 614 480e61-480e66 611->614 612->601 612->605 613->608 617 480e11-480e1b 613->617 614->596 620 480f40-480f52 GdipDisposeImage 615->620 621 480f24 615->621 618 480eda-480edd 616->618 619 480edf 616->619 617->604 622 480f27-480f33 GdipDisposeImage 618->622 619->620 620->596 621->622 622->597
                                                                              APIs
                                                                                • Part of subcall function 004808F0: InitializeCriticalSectionEx.KERNEL32(0051C7AC,00000000,00000000), ref: 0048096F
                                                                                • Part of subcall function 004808F0: GetLastError.KERNEL32 ref: 00480979
                                                                              • EnterCriticalSection.KERNEL32(00000004,A3776857,?,?), ref: 00480CD8
                                                                              • GdiplusStartup.GDIPLUS(00000000,00000001,?), ref: 00480D08
                                                                              • LeaveCriticalSection.KERNEL32(00000004), ref: 00480D13
                                                                              • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00480D42
                                                                              • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00480D50
                                                                              • __alloca_probe_16.LIBCMT ref: 00480D7E
                                                                              • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00480DCE
                                                                              • GdipCreateBitmapFromScan0.GDIPLUS(?,?,?,0026200A,?,?), ref: 00480EB3
                                                                              • GdipSaveImageToStream.GDIPLUS(00000000,?,?,00000000), ref: 00480ED0
                                                                              • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F33
                                                                              • GdipDisposeImage.GDIPLUS(00000000), ref: 00480F4C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream__alloca_probe_16
                                                                              • String ID:
                                                                              • API String ID: 1308617310-0
                                                                              • Opcode ID: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                                                              • Instruction ID: f4feccb951fe1b922ecb3dfaf5b8302156747445c0b76c240fb24b0f4f51c94e
                                                                              • Opcode Fuzzy Hash: db8e19989c3c8e354b887b54b5669c89f7a5afa25811b29cf81357a5f4059125
                                                                              • Instruction Fuzzy Hash: D1A165B1D10208DFDB50DFA4C984BAEBBF4FF49314F24452AE905A7340D778A949CBA9
                                                                              Function 00481B10 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 293networkCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1454 481b10-481c8d call 485e30 call 4517f0 call 44a980 call 44d3b0 call 4abc08 call 44bad0 call 4517f0 call 44a980 call 44d3b0 WSAStartup 1473 481de1 1454->1473 1474 481c93-481ca6 socket 1454->1474 1477 481de5-481e14 call 44d060 call 4abbf5 1473->1477 1475 481ddb WSACleanup 1474->1475 1476 481cac-481cde htons 1474->1476 1475->1473 1478 481e34-481ea7 call 480f90 call 44cfd0 * 2 call 480f90 1476->1478 1479 481ce4-481ceb 1476->1479 1509 481eac-481efd call 44cfd0 * 2 1478->1509 1482 481ced-481cf1 1479->1482 1483 481cf3-481cf5 1479->1483 1486 481cf7-481cfc 1482->1486 1483->1486 1489 481d18-481d1e 1486->1489 1490 481cfe 1486->1490 1492 481d20 1489->1492 1493 481d22-481d36 call 473550 1489->1493 1495 481d00-481d0e call 498020 1490->1495 1492->1493 1502 481d38-481d44 1493->1502 1503 481d46-481d53 1493->1503 1505 481d10-481d13 1495->1505 1506 481d15 1495->1506 1507 481d55 1502->1507 1503->1507 1508 481d57-481d5c 1503->1508 1505->1495 1505->1506 1506->1489 1507->1508 1510 481d5e 1508->1510 1511 481d81-481d96 call 473550 1508->1511 1509->1477 1514 481d61-481d75 call 498020 1510->1514 1519 481d98 1511->1519 1520 481d9a-481dbe inet_pton connect 1511->1520 1525 481d7e 1514->1525 1526 481d77-481d7c 1514->1526 1519->1520 1523 481dc0-481dc9 1520->1523 1524 481e15-481e1b 1520->1524 1523->1479 1527 481dcf-481dd5 closesocket 1523->1527 1524->1478 1528 481e1d-481e24 1524->1528 1525->1511 1526->1514 1526->1525 1527->1475 1529 481e28-481e2f call 44d7d0 1528->1529 1530 481e26 1528->1530 1529->1478 1530->1529
                                                                              APIs
                                                                                • Part of subcall function 00485E30: GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                                                                • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                                                                • Part of subcall function 00485E30: GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                                                              • WSAStartup.WS2_32(00000202,00516D04), ref: 00481C85
                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 00481C98
                                                                              • htons.WS2_32(00000002), ref: 00481CBF
                                                                              • inet_pton.WS2_32(00000002,00000000,00516E98), ref: 00481DA2
                                                                              • connect.WS2_32(00516E94,00000010), ref: 00481DB5
                                                                              • closesocket.WS2_32 ref: 00481DD5
                                                                              • WSACleanup.WS2_32 ref: 00481DDB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                              • String ID: NG$geo$system
                                                                              • API String ID: 213021568-968879199
                                                                              • Opcode ID: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                                                              • Instruction ID: a79096e42c26a1a604384fcb43a931ed9af1c00745f33276f8ffcea807cfd111
                                                                              • Opcode Fuzzy Hash: 3e51a562f8bb916ff5cdbc648a8933530491576e42c442edfc0125d67360bed5
                                                                              • Instruction Fuzzy Hash: 1DC1AE70D01248DBDB00EFA8C8457DEBBB5FF15308F14421BE854AB391EBB86A85CB95
                                                                              Function 004BC57A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1532 4bc57a-4bc5aa call 4bc2c8 1535 4bc5ac-4bc5b7 call 4950c1 1532->1535 1536 4bc5c5-4bc5d1 call 4a2f56 1532->1536 1541 4bc5b9-4bc5c0 call 4950d4 1535->1541 1542 4bc5ea-4bc633 call 4bc233 1536->1542 1543 4bc5d3-4bc5e8 call 4950c1 call 4950d4 1536->1543 1552 4bc89f-4bc8a3 1541->1552 1550 4bc6a0-4bc6a9 GetFileType 1542->1550 1551 4bc635-4bc63e 1542->1551 1543->1541 1556 4bc6ab-4bc6dc GetLastError call 49507a CloseHandle 1550->1556 1557 4bc6f2-4bc6f5 1550->1557 1554 4bc640-4bc644 1551->1554 1555 4bc675-4bc69b GetLastError call 49507a 1551->1555 1554->1555 1561 4bc646-4bc673 call 4bc233 1554->1561 1555->1541 1556->1541 1571 4bc6e2-4bc6ed call 4950d4 1556->1571 1559 4bc6fe-4bc704 1557->1559 1560 4bc6f7-4bc6fc 1557->1560 1564 4bc708-4bc756 call 4a2e9e 1559->1564 1565 4bc706 1559->1565 1560->1564 1561->1550 1561->1555 1575 4bc758-4bc764 call 4bc442 1564->1575 1576 4bc775-4bc79d call 4bbfdd 1564->1576 1565->1564 1571->1541 1575->1576 1583 4bc766 1575->1583 1581 4bc79f-4bc7a0 1576->1581 1582 4bc7a2-4bc7e3 1576->1582 1584 4bc768-4bc770 call 49c22b 1581->1584 1585 4bc7e5-4bc7e9 1582->1585 1586 4bc804-4bc812 1582->1586 1583->1584 1584->1552 1585->1586 1587 4bc7eb-4bc7ff 1585->1587 1588 4bc818-4bc81c 1586->1588 1589 4bc89d 1586->1589 1587->1586 1588->1589 1591 4bc81e-4bc851 CloseHandle call 4bc233 1588->1591 1589->1552 1595 4bc853-4bc87f GetLastError call 49507a call 4a3069 1591->1595 1596 4bc885-4bc899 1591->1596 1595->1596 1596->1589
                                                                              APIs
                                                                                • Part of subcall function 004BC233: CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                                                              • GetLastError.KERNEL32 ref: 004BC68E
                                                                              • __dosmaperr.LIBCMT ref: 004BC695
                                                                              • GetFileType.KERNEL32(00000000), ref: 004BC6A1
                                                                              • GetLastError.KERNEL32 ref: 004BC6AB
                                                                              • __dosmaperr.LIBCMT ref: 004BC6B4
                                                                              • CloseHandle.KERNEL32(00000000), ref: 004BC6D4
                                                                              • CloseHandle.KERNEL32(004BB653), ref: 004BC821
                                                                              • GetLastError.KERNEL32 ref: 004BC853
                                                                              • __dosmaperr.LIBCMT ref: 004BC85A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                              • String ID: H
                                                                              • API String ID: 4237864984-2852464175
                                                                              • Opcode ID: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                                                              • Instruction ID: e4caf95108e2d56c13f9780512823c5111e6df0be3dd416bceb2684eca6e9c1f
                                                                              • Opcode Fuzzy Hash: 1092716943437c36cfa02252dfbb3b8d28f6a4b1d2fea1c18a37bf8b19ebdc4d
                                                                              • Instruction Fuzzy Hash: 65A13632A041549FCF19AF68DCD1BEE3BA1AB46314F14015FF8119F391CB798906CBA9
                                                                              Function 00481110 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 526fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1752 481110-481191 call 4385b0 1755 4817e2-4817e4 1752->1755 1756 481197-48119f 1752->1756 1757 48181b-48188f call 437c30 call 481110 1755->1757 1758 4817e6-4817f1 1755->1758 1756->1758 1759 4811a5-4811fd call 4ade50 call 44ee20 1756->1759 1776 48191f-481927 1757->1776 1777 481895-4818aa call 44e890 1757->1777 1760 4817fb-48181a call 4abbf5 1758->1760 1772 481551-481589 call 466040 call 465f20 1759->1772 1773 481203-481209 1759->1773 1795 48158b-48159a call 4516d0 1772->1795 1796 4815a2-481625 call 466040 call 48fa10 1772->1796 1774 48120b 1773->1774 1775 48120d-48122d call 489f30 call 48a0a0 1773->1775 1774->1775 1798 4812f9-481312 GetFileSize 1775->1798 1799 481233-4812f4 call 44d060 call 44a340 call 4b94ea 1775->1799 1782 48192e-481939 1776->1782 1784 4818af-48191d call 44d060 1777->1784 1786 48193b-48193e call 44d060 1782->1786 1787 481943-481961 call 4abbf5 1782->1787 1784->1782 1786->1787 1804 48159f 1795->1804 1819 48163b-48164b call 48fab0 1796->1819 1820 481627-481639 1796->1820 1805 481328-48133a 1798->1805 1806 481314-481326 1798->1806 1799->1760 1804->1796 1807 481368-481375 call 451f90 1805->1807 1808 48133c-481366 call 4ade50 1805->1808 1811 48137a-4813ac SetFilePointer ReadFile 1806->1811 1807->1811 1808->1811 1815 48149f-481542 call 44d060 call 44a340 1811->1815 1816 4813b2-481490 call 44d060 call 44a340 1811->1816 1815->1772 1816->1815 1823 481650-48165a 1819->1823 1820->1823 1828 48165c-481680 1823->1828 1829 481682-481693 call 44d7d0 1823->1829 1833 481698-48169f call 44d060 1828->1833 1829->1833 1840 4816a4-4816d5 call 436640 call 44c7a0 1833->1840 1846 481700-4817d3 call 44d060 call 44a340 1840->1846 1847 4816d7-4816fb call 436640 1840->1847 1846->1755 1847->1846
                                                                              APIs
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004812EC
                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000,000000B8), ref: 004812FC
                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00481388
                                                                              • ReadFile.KERNEL32(00000000,00000000,00516C10,00000000,00000000), ref: 004813A4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: File$Ios_base_dtorPointerReadSizestd::ios_base::_
                                                                              • String ID: 0hC$exists
                                                                              • API String ID: 418202444-4085241440
                                                                              • Opcode ID: 484f58a7a18a46d98bb1edb3502d40a625e7069bcaa41c24cad3f5034e0e3b9d
                                                                              • Instruction ID: 03b619e30c80654d4b10cf1501dd509fce63877f60a48615618d7203a258c35b
                                                                              • Opcode Fuzzy Hash: 484f58a7a18a46d98bb1edb3502d40a625e7069bcaa41c24cad3f5034e0e3b9d
                                                                              • Instruction Fuzzy Hash: 3E425D70D01248DFDB10DFA9C9447DDBBF4BF19308F10819AE849A7291DB746A89CF95
                                                                              Function 00453280 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 340COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00453446
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00453463
                                                                                • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,A3776857), ref: 004AFA6C
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 004536B0
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 004536CD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_destroy$ExceptionRaise
                                                                              • String ID: MC$value
                                                                              • API String ID: 299339551-3840657116
                                                                              • Opcode ID: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                                                              • Instruction ID: 0b049260404a019bd3923239173dd3b15bf9369a861e2bc94eedd162a5d5976f
                                                                              • Opcode Fuzzy Hash: 105946c5cbd8b82caa2ff389fd77db40c33b1abb7ad3302a948b5beaa238df8e
                                                                              • Instruction Fuzzy Hash: 1EF16B70C05298DEEB20DB65C954BDEFBB4AF19304F1481DED84963282E7746B88CF96
                                                                              Function 0049EF0E Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2369 49ef0e-49ef1e 2370 49ef38-49ef3a 2369->2370 2371 49ef20-49ef33 call 4950c1 call 4950d4 2369->2371 2373 49f27a-49f287 call 4950c1 call 4950d4 2370->2373 2374 49ef40-49ef46 2370->2374 2387 49f292 2371->2387 2392 49f28d call 497d29 2373->2392 2374->2373 2377 49ef4c-49ef75 2374->2377 2377->2373 2380 49ef7b-49ef84 2377->2380 2383 49ef9e-49efa0 2380->2383 2384 49ef86-49ef99 call 4950c1 call 4950d4 2380->2384 2385 49f276-49f278 2383->2385 2386 49efa6-49efaa 2383->2386 2384->2392 2391 49f295-49f298 2385->2391 2386->2385 2390 49efb0-49efb4 2386->2390 2387->2391 2390->2384 2395 49efb6-49efcd 2390->2395 2392->2387 2398 49efcf-49efd2 2395->2398 2399 49f002-49f008 2395->2399 2402 49eff8-49f000 2398->2402 2403 49efd4-49efda 2398->2403 2400 49f00a-49f011 2399->2400 2401 49efdc-49eff3 call 4950c1 call 4950d4 call 497d29 2399->2401 2405 49f013 2400->2405 2406 49f015-49f033 call 49d15a call 49c0bd * 2 2400->2406 2435 49f1ad 2401->2435 2404 49f075-49f094 2402->2404 2403->2401 2403->2402 2408 49f09a-49f0a6 2404->2408 2409 49f150-49f159 call 4a652f 2404->2409 2405->2406 2439 49f050-49f073 call 49f49f 2406->2439 2440 49f035-49f04b call 4950d4 call 4950c1 2406->2440 2408->2409 2412 49f0ac-49f0ae 2408->2412 2423 49f15b-49f16d 2409->2423 2424 49f1ca 2409->2424 2412->2409 2416 49f0b4-49f0d5 2412->2416 2416->2409 2420 49f0d7-49f0ed 2416->2420 2420->2409 2426 49f0ef-49f0f1 2420->2426 2423->2424 2425 49f16f-49f17e GetConsoleMode 2423->2425 2428 49f1ce-49f1e4 ReadFile 2424->2428 2425->2424 2430 49f180-49f184 2425->2430 2426->2409 2431 49f0f3-49f116 2426->2431 2433 49f242-49f24d GetLastError 2428->2433 2434 49f1e6-49f1ec 2428->2434 2430->2428 2436 49f186-49f19e ReadConsoleW 2430->2436 2431->2409 2438 49f118-49f12e 2431->2438 2441 49f24f-49f261 call 4950d4 call 4950c1 2433->2441 2442 49f266-49f269 2433->2442 2434->2433 2443 49f1ee 2434->2443 2437 49f1b0-49f1ba call 49c0bd 2435->2437 2446 49f1bf-49f1c8 2436->2446 2447 49f1a0 GetLastError 2436->2447 2437->2391 2438->2409 2451 49f130-49f132 2438->2451 2439->2404 2440->2435 2441->2435 2448 49f26f-49f271 2442->2448 2449 49f1a6-49f1ac call 49507a 2442->2449 2445 49f1f1-49f203 2443->2445 2445->2437 2456 49f205-49f209 2445->2456 2446->2445 2447->2449 2448->2437 2449->2435 2451->2409 2459 49f134-49f14b 2451->2459 2462 49f20b-49f21b call 49ec20 2456->2462 2463 49f222-49f22f 2456->2463 2459->2409 2474 49f21e-49f220 2462->2474 2468 49f23b-49f240 call 49ea66 2463->2468 2469 49f231 call 49ed77 2463->2469 2475 49f236-49f239 2468->2475 2469->2475 2474->2437 2475->2474
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ccfc0c2450c919e5ca8e87a3f3fa153f15bbe28b91ce2660b0eab54348b933ba
                                                                              • Instruction ID: af9c87e70908a1ee06dfbc346dd9d7a470d4d3b04964572cafa80a59c2292356
                                                                              • Opcode Fuzzy Hash: ccfc0c2450c919e5ca8e87a3f3fa153f15bbe28b91ce2660b0eab54348b933ba
                                                                              • Instruction Fuzzy Hash: ACB13274A04249EFEF11CF99C841BAE7FB1AF46304F14417AE5009B392C7B99D4ACB99
                                                                              Function 0049865A Relevance: 9.3, APIs: 6, Instructions: 265COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 2477 49865a-498668 2478 49866a-49867b call 4950d4 call 497d29 2477->2478 2479 49867d-49868d 2477->2479 2499 4986d0-4986d2 2478->2499 2481 49868f-4986a0 call 4950d4 call 497d29 2479->2481 2482 4986a2-4986a8 2479->2482 2504 4986cf 2481->2504 2485 4986aa 2482->2485 2486 4986b0-4986b6 2482->2486 2491 4986ac-4986ae 2485->2491 2492 4986c2-4986cc call 4950d4 2485->2492 2487 4986b8 2486->2487 2488 4986d3 call 4a1286 2486->2488 2487->2492 2493 4986ba-4986c0 2487->2493 2500 4986d8-4986ed call 4a0679 2488->2500 2491->2486 2491->2492 2502 4986ce 2492->2502 2493->2488 2493->2492 2506 4988e0-4988ea call 497d56 2500->2506 2507 4986f3-4986ff call 4a06a5 2500->2507 2502->2504 2504->2499 2507->2506 2512 498705-498711 call 4a06d1 2507->2512 2512->2506 2515 498717-49872c 2512->2515 2516 49879c-4987a7 call 4a097d 2515->2516 2517 49872e 2515->2517 2516->2502 2523 4987ad-4987b8 2516->2523 2519 498738-498754 call 4a097d 2517->2519 2520 498730-498736 2517->2520 2519->2502 2527 49875a-49875d 2519->2527 2520->2516 2520->2519 2525 4987ba-4987c3 call 4a12e3 2523->2525 2526 4987d4 2523->2526 2525->2526 2535 4987c5-4987d2 2525->2535 2529 4987d7-4987eb call 4ac930 2526->2529 2530 4988d9-4988db 2527->2530 2531 498763-49876c call 4a12e3 2527->2531 2538 4987f8-49881f call 4ac880 call 4ac930 2529->2538 2539 4987ed-4987f5 2529->2539 2530->2502 2531->2530 2540 498772-49878a call 4a097d 2531->2540 2535->2529 2548 49882d-498854 call 4ac880 call 4ac930 2538->2548 2549 498821-49882a 2538->2549 2539->2538 2540->2502 2545 498790-498797 2540->2545 2545->2530 2554 498862-498871 call 4ac880 2548->2554 2555 498856-49885f 2548->2555 2549->2548 2558 498899-4988b9 2554->2558 2559 498873 2554->2559 2555->2554 2560 4988bb-4988d4 2558->2560 2561 4988d6 2558->2561 2562 498879-49888d 2559->2562 2563 498875-498877 2559->2563 2560->2530 2561->2530 2562->2530 2563->2562 2564 49888f-498891 2563->2564 2564->2530 2565 498893 2564->2565 2565->2558 2566 498895-498897 2565->2566 2566->2530 2566->2558
                                                                              APIs
                                                                              • __allrem.LIBCMT ref: 004987E2
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004987FE
                                                                              • __allrem.LIBCMT ref: 00498815
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498833
                                                                              • __allrem.LIBCMT ref: 0049884A
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498868
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                              • String ID:
                                                                              • API String ID: 1992179935-0
                                                                              • Opcode ID: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                                                              • Instruction ID: bac2f8d64b4771d1480d5067db4f3a3676e567bfb19d99c183f063f20f68270c
                                                                              • Opcode Fuzzy Hash: 0bad0c18fe0cf381acad9996688c966a33eada49a23c210a765f4fa7ac2e53a6
                                                                              • Instruction Fuzzy Hash: A68107B26007069BDB20EA6DCC41B5B7BE9AF52364F24453FF111DB791EB78D9008B98
                                                                              Function 004823F0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 280COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Ios_base_dtorstd::ios_base::_
                                                                              • String ID: 0$0hC$exists
                                                                              • API String ID: 323602529-1229763112
                                                                              • Opcode ID: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                                                              • Instruction ID: 8ad686ceee80f5ac92384c61aa111afe13dce58c6585d204e44adfbc4e8d440e
                                                                              • Opcode Fuzzy Hash: f10948b3ed40f3b076f8b225239c75273635f3694046d4e0320974136430c3f1
                                                                              • Instruction Fuzzy Hash: 81D18070D0528CDAEB10DBA8CA45BDCBBF4AF19308F2440DDE4456B282DBB95F48DB56
                                                                              Function 004865D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 230registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0047FD70: ___std_fs_get_current_path@8.LIBCPMT ref: 0047FE92
                                                                              • GetVolumeInformationW.KERNEL32(?,?,00000100,?,?,?,?,00000100,00000000,?,A3776857,?,?), ref: 00486757
                                                                              • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                                              Strings
                                                                              • ProductName, xrefs: 00486900
                                                                              • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationValueVolume___std_fs_get_current_path@8
                                                                              • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                              • API String ID: 2814272438-1787575317
                                                                              • Opcode ID: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                                                              • Instruction ID: 5513a57b40c567382305f19abecc614c7fb65df7785b10e0462d816fc7d7abf5
                                                                              • Opcode Fuzzy Hash: b1404d09f7114e8511fbbac145fb6ec7f4eb5f2e1f33eee02c53c21e1c4c82cd
                                                                              • Instruction Fuzzy Hash: DFA18BB1C012199BDB21DF55CD59BE9B7B4FF14304F1042EAE419A7281EB786B88CF94
                                                                              Function 004A0DE2 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004A1227,00000000,00000000,00000000), ref: 004A10E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InformationTimeZone
                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                              • API String ID: 565725191-239921721
                                                                              • Opcode ID: f479341c917e5b85ea8d4f872af5b2a7ed3f0ffe6aef50257419f0e8574b0954
                                                                              • Instruction ID: d63cae11faca7fbaaedfd5ec0c01f193a5a5e64d1a9f5e85edff99bc4745f09f
                                                                              • Opcode Fuzzy Hash: f479341c917e5b85ea8d4f872af5b2a7ed3f0ffe6aef50257419f0e8574b0954
                                                                              • Instruction Fuzzy Hash: D5C15872D00211ABDB20AB65CC02ABF7BB9EF76754F10405BF901EB291E7788E41D798
                                                                              Function 00481F10 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 282COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D726
                                                                                • Part of subcall function 0045D680: ___std_fs_convert_narrow_to_wide@20.LIBCPMT ref: 0045D750
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00482387
                                                                                • Part of subcall function 0043E440: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0043E4CF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Ios_base_dtor___std_fs_convert_narrow_to_wide@20std::ios_base::_
                                                                              • String ID: 0hC$exists
                                                                              • API String ID: 1525435645-4085241440
                                                                              • Opcode ID: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                                                              • Instruction ID: 349907f898d0770bf1c6c6bee16b757a414fbaa0545e2b95a55e182eb82389be
                                                                              • Opcode Fuzzy Hash: 8ca7fd5849306998ec001e4bdecb4b4743a0745ed80b2030e0a7e1d66a3192b0
                                                                              • Instruction Fuzzy Hash: 1ED19F70D0528CDAEB10DBA8CA45BDCBBF0AF19308F2480DDD4456B282D7B95F58DB56
                                                                              Function 00438180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 004381BC
                                                                                • Part of subcall function 004B849F: FindNextFileW.KERNELBASE(?,00000001,?,00437D97,?,00000001,?,004BDC4D,00000001,?,?,?,A3776857,00000001), ref: 004B84A8
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                                                              • String ID: .$directory_iterator::operator++
                                                                              • API String ID: 3878998205-1036657373
                                                                              • Opcode ID: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                                                              • Instruction ID: 735a56af49808cf236c7d8626bd4983a1e4e1118483563b87a501f55d85a1d57
                                                                              • Opcode Fuzzy Hash: 42ea8ddbda2b7e0b12b5802c67e6a5f09428df7f782a6b2438fae6bd72fb2b67
                                                                              • Instruction Fuzzy Hash: C7318D70A047188BCF30DF59C8887ABF7B4EB49310F14429EE45997391DB395E85CA84
                                                                              Function 004868B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegGetValueA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,ProductName,00000002,00000000,?,?), ref: 00486916
                                                                              Strings
                                                                              • ProductName, xrefs: 00486900
                                                                              • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00486905
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Value
                                                                              • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                              • API String ID: 3702945584-1787575317
                                                                              • Opcode ID: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                                                              • Instruction ID: c2d08890748770af0873008191db5a05c2fa34d27609d4939fc155a72502f57e
                                                                              • Opcode Fuzzy Hash: b1b14b774ef6c570b057e3b558ffe0deac3071ed0933685e6c950abb9736e9bf
                                                                              • Instruction Fuzzy Hash: 95218EB09003599BDB20DF54C805BEABBF8FF04704F10465EE845A7681DBB86A44CB95
                                                                              Function 00487290 Relevance: 4.7, APIs: 3, Instructions: 178registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32(80000001,0047F265,00000000,00020019,00000000,A3776857,?,0051C288), ref: 0048735B
                                                                              • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00487397
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0048751D
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseEnumOpen
                                                                              • String ID:
                                                                              • API String ID: 1332880857-0
                                                                              • Opcode ID: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                                                              • Instruction ID: e90b3dd054a924dd9803ab5f17a38fc1c4cefb0d6438d00707aa441ccba3a8d8
                                                                              • Opcode Fuzzy Hash: 583436978cce415da765378ea93a3ed95bf41f57cd7b16fc1002d349e714ed29
                                                                              • Instruction Fuzzy Hash: E3717FF0D012189FDB20DF24CD94B9DB7B4EB54304F1082DAEA19A7281D774AE88CF99
                                                                              Function 004870B0 Relevance: 4.6, APIs: 3, Instructions: 115registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,A3776857,0051C570,0051C2A0), ref: 00487182
                                                                              • RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00487260
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpenQueryValue
                                                                              • String ID:
                                                                              • API String ID: 3677997916-0
                                                                              • Opcode ID: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                                                              • Instruction ID: b9c4edd99e38da91ddb4c738108b0054469e00b62f6e0a688ac56e9026d709b2
                                                                              • Opcode Fuzzy Hash: 57d060fa11377f52f079fc837384727404e649e1529402bdcb096a3e64267e6d
                                                                              • Instruction Fuzzy Hash: 905130B0D042189BDB20DF15CD54B9AB7F8FF45708F5042DEE609A7281DB74AA88CF99
                                                                              Function 004855F0 Relevance: 4.6, APIs: 3, Instructions: 99networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • recv.WS2_32(?,00000001,00000000), ref: 004857E2
                                                                              • closesocket.WS2_32(0000025C), ref: 004857EE
                                                                              • WSACleanup.WS2_32 ref: 004857F4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Cleanupclosesocketrecv
                                                                              • String ID:
                                                                              • API String ID: 3447645871-0
                                                                              • Opcode ID: a55422f294b4942afa1ff90dfbe741e21dd202ebe771de9cafeea328bec9a277
                                                                              • Instruction ID: c065b03366e761df0b34e2ad76ec595a4b6e3bb6db0e63c2aea2bbb819f94b56
                                                                              • Opcode Fuzzy Hash: a55422f294b4942afa1ff90dfbe741e21dd202ebe771de9cafeea328bec9a277
                                                                              • Instruction Fuzzy Hash: 6C415830D11398CEEB14EB65CC59BDEBB71AF10308F1081DAE449672A2DB741E88DFA5
                                                                              Function 00485E30 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetUserGeoID.KERNEL32(00000010), ref: 00485E6C
                                                                              • GetGeoInfoA.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00485E7E
                                                                              • GetGeoInfoA.KERNEL32(0000000F,00000004,?,00000000,00000000), ref: 00485ED6
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Info$User
                                                                              • String ID:
                                                                              • API String ID: 2017065092-0
                                                                              • Opcode ID: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                                                              • Instruction ID: dee3d2b381a88aa75edb4726eebd2668ef991be1adfc48943d59dd3409b8a73b
                                                                              • Opcode Fuzzy Hash: 76db3dc4c87bbc6f384a5473c1c7e0f0467f6834ab8a05054a61e1c1351183cd
                                                                              • Instruction Fuzzy Hash: 60219D70A40305ABE730DF65DD09B5BBBF8EB44B14F104A1EF545AB6C0D7B9AA048BE4
                                                                              Function 004A2897 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(?,?,004A2891,00000016,0049036B,?,?,A3776857,0049036B,?), ref: 004A28A8
                                                                              • TerminateProcess.KERNEL32(00000000,?,004A2891,00000016,0049036B,?,?,A3776857,0049036B,?), ref: 004A28AF
                                                                              • ExitProcess.KERNEL32 ref: 004A28C1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Process$CurrentExitTerminate
                                                                              • String ID:
                                                                              • API String ID: 1703294689-0
                                                                              • Opcode ID: c52b8aea0878e361db6f998eabd52a91712daacfbdb63a7d2bb12d779e64a9bf
                                                                              • Instruction ID: 5f52cdf8944b70cf92df4f225d6e01553ce615c3954620652ef0a1f31c52b3c3
                                                                              • Opcode Fuzzy Hash: c52b8aea0878e361db6f998eabd52a91712daacfbdb63a7d2bb12d779e64a9bf
                                                                              • Instruction Fuzzy Hash: ACD09E71001108BBDF423F65ED0DB8E3F2AEF55745F044026B9095A131DB799995EB98
                                                                              Function 0047EE90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0047F1C0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,A3776857), ref: 0047F211
                                                                                • Part of subcall function 0047F1C0: RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047F194
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseIos_base_dtorOpenstd::ios_base::_
                                                                              • String ID: 0hC
                                                                              • API String ID: 1131316584-2581318919
                                                                              • Opcode ID: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                                                              • Instruction ID: cfb713b882ce29762410958d43b6c09695d359a02ab63b143eff75d03a191730
                                                                              • Opcode Fuzzy Hash: 7cba46937cda891c258594ace6fbaf3fef31f328805038bc20a4f0a0119cf12a
                                                                              • Instruction Fuzzy Hash: 59911674C00298CBDB20DF68C845BDDBBB0AB19314F1086EAD45977282DB746E88CF95
                                                                              Function 00486F20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentHwProfileW.ADVAPI32(?), ref: 00486F86
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CurrentProfile
                                                                              • String ID: Unknown
                                                                              • API String ID: 2104809126-1654365787
                                                                              • Opcode ID: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                                                              • Instruction ID: 4cfd0b05124d6ad0cc2ed0fe670d1554fe3cca3eb32f1e14fa8b394e0e179909
                                                                              • Opcode Fuzzy Hash: d6032fd6981b0caf5e4c49708838f9cebd9397818ef9a0e4cf965eded2abff42
                                                                              • Instruction Fuzzy Hash: 74418B71D00258CBDB20DF69C8407DEFBF4EF49704F1082AAD899A7281D774AA88CF91
                                                                              Function 004ABC08 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_copy
                                                                              • String ID: MC
                                                                              • API String ID: 2659868963-1829682832
                                                                              • Opcode ID: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                                                              • Instruction ID: 040724f085c67d798f1d490f9b73413860191a50a7d7deb79defe6124e27c29a
                                                                              • Opcode Fuzzy Hash: a7a485d9c83800eb579eb1fbe217d44add95b41717c89af58e444174cff24a24
                                                                              • Instruction Fuzzy Hash: 3611EB71800308ABCB10DF58DC01B9AB7ACEB15724F10466FF81597780EB79A940CBD8
                                                                              Function 00447920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0044799C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Ios_base_dtorstd::ios_base::_
                                                                              • String ID: 0hC
                                                                              • API String ID: 323602529-2581318919
                                                                              • Opcode ID: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                                                              • Instruction ID: 8ca8b340eaa0dfe9bad33bee777e0704730a4b63aab2394a13b70ad755bbc225
                                                                              • Opcode Fuzzy Hash: 5129ab555f51bed53336c49a6076550c51d3d5e874f0d443237048deba2c8ea9
                                                                              • Instruction Fuzzy Hash: CD11ADB0840609DFDB10DF59C840A9DFBF8FB05328F208A6EE85197390EB74AA05CB80
                                                                              Function 00460310 Relevance: 3.3, APIs: 2, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 004604B4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: 8b13a2037e7e0b03ddde8346a73a64acbab074baffae8b20c15079bbed3282a0
                                                                              • Instruction ID: 66707b960993136107624c9d81ef05c918eca4bbb2b21c6d520a63eb0cd0cd41
                                                                              • Opcode Fuzzy Hash: 8b13a2037e7e0b03ddde8346a73a64acbab074baffae8b20c15079bbed3282a0
                                                                              • Instruction Fuzzy Hash: 04A191B1E002159FDB14DF68C981AAFBBB4EB49314F24422FE815E7385E738AD05CB95
                                                                              Function 00437CB0 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00437D64
                                                                              • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00437D92
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                                                              • String ID:
                                                                              • API String ID: 3016148460-0
                                                                              • Opcode ID: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                                                              • Instruction ID: c774fac7b26238caf8a18ea1cc9dfb162d547f418ec2e445b27f5ef4f4107e88
                                                                              • Opcode Fuzzy Hash: 73963d7e42f46bada0bb91468d8e6c86860c6526e71e689b58131c2916953d37
                                                                              • Instruction Fuzzy Hash: E841A0B1D04218DBCB34DF64C480AEEB7B4EF19324F00516BE851AB381EB789D44CB94
                                                                              Function 00480F90 Relevance: 3.1, APIs: 2, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SHGetKnownFolderPath.SHELL32(004E05C0,00000000,00000000,?,A3776857,?,?), ref: 0048101E
                                                                              • CoTaskMemFree.OLE32(?), ref: 004810DC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FolderFreeKnownPathTask
                                                                              • String ID:
                                                                              • API String ID: 969438705-0
                                                                              • Opcode ID: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                                                              • Instruction ID: 3e538bd659216d3e4857fbb8bc962106784e19cd0647cea7878622876b38b54a
                                                                              • Opcode Fuzzy Hash: 72aa8b02f906d3fbe3ba85b36074818c76339de4eced8fbcc3b8c7e13541c268
                                                                              • Instruction Fuzzy Hash: 4241ACB0D01748DBDB10CFA5C9457AEFBF4EF58314F20421EE811A7280EBB86A44CB94
                                                                              Function 0047F1C0 Relevance: 3.1, APIs: 2, Instructions: 82registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,A3776857), ref: 0047F211
                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0047F221
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseOpen
                                                                              • String ID:
                                                                              • API String ID: 47109696-0
                                                                              • Opcode ID: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                                                              • Instruction ID: 54b3090d3cf4edc9b1beeea5084ab922e7ff7cf66e968ba670c482e571a875e7
                                                                              • Opcode Fuzzy Hash: 53310d44514645ec7d69775a39ecbdcf721de23dfed265a4b960d742e8fdaebb
                                                                              • Instruction Fuzzy Hash: 1021F675E002199BDB10EF95DC81BEFB7B4EB48714F14827EE819B7382EB399D048694
                                                                              Function 0049F3BE Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000), ref: 0049F3FA
                                                                              • GetLastError.KERNEL32(00000000,?,0049F4F8,00000000,00000000,00000000,00000002,00000000,?,0049BE05,00000000,00000000,00000000,00000002,00000000,00000000), ref: 0049F407
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorFileLastPointer
                                                                              • String ID:
                                                                              • API String ID: 2976181284-0
                                                                              • Opcode ID: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                                                              • Instruction ID: e391caa542caa0dd86735aa216be2178a54a5bfb1c46ce41420e93566301b438
                                                                              • Opcode Fuzzy Hash: 80260035985e1c693c2aa0c1ce2b926f9b01d7339fcba6fc68b9113c9f56a2d4
                                                                              • Instruction Fuzzy Hash: 57012232614215AFCF058F69DC49D9E3F2AEF95324F24422AF811DB290E775EE41CB94
                                                                              Function 0047E47D Relevance: 3.1, APIs: 2, Instructions: 51synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004473D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,A3776857), ref: 0044741C
                                                                                • Part of subcall function 004473D0: Process32FirstW.KERNEL32(00000000,?), ref: 00447468
                                                                                • Part of subcall function 00445950: CredEnumerateA.ADVAPI32(00000000,00000000,?,?,A3776857,00000000,?), ref: 004459B2
                                                                                • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                              • String ID:
                                                                              • API String ID: 420082584-0
                                                                              • Opcode ID: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                                                              • Instruction ID: 21d12501465ffecb104f3396b5f4d487cf58cbb0265569f00e2db2d4d6eee1e0
                                                                              • Opcode Fuzzy Hash: 43ab8f6d0282bbd386fa8db408f8dbade1bdb5759a0961783a362487319a2d08
                                                                              • Instruction Fuzzy Hash: D9114C71806548EAEB00FBF7950639DB7A0AF0431CF10C59FE90623182DF7D1A0596AF
                                                                              Function 0047E4C8 Relevance: 3.0, APIs: 2, Instructions: 40synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00485350: recv.WS2_32(?,00002000,00000000), ref: 004854A4
                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 0047E525
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0047E52C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandleMutexReleaserecv
                                                                              • String ID:
                                                                              • API String ID: 2659716615-0
                                                                              • Opcode ID: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                                                              • Instruction ID: d8074609c4b6b56a118d8c4864159468ec2ce210cc92c7876c64f9fcb1cee0d4
                                                                              • Opcode Fuzzy Hash: 0316209b74f7a510048f6aca9fcb45fc03c3e98c7b54836586b8f6f774e638a0
                                                                              • Instruction Fuzzy Hash: CD017171806518DAE710FBE2D50679DB7A0AF0931CF50869FE90623282DF791A0187AE
                                                                              Function 0049C0BD Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0D3
                                                                              • GetLastError.KERNEL32(?,?,004A4A11,?,00000000,?,?,004A4CB2,?,00000007,?,?,004A3378,?,?), ref: 0049C0DE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorFreeHeapLast
                                                                              • String ID:
                                                                              • API String ID: 485612231-0
                                                                              • Opcode ID: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                                                              • Instruction ID: 589170845ab709ad3b3b60fb6adb52998bb4654d1de7eee66c817f55301082a8
                                                                              • Opcode Fuzzy Hash: 2c7be629525b77807a060ce78cd6937da288636f168411113672e5418cb75576
                                                                              • Instruction Fuzzy Hash: 9BE08631500614A7CF222BA1EC0D7893F58DB40355F104036F60897160DF398940CB88
                                                                              Function 0048FAB0 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0048FCEA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                                                              • Instruction ID: 258a51d4530bdfdbcfb978a880514f411ab203130510da66870d02f2c2448e76
                                                                              • Opcode Fuzzy Hash: 54dc556bc546888474d3f19e34a31102f3849cfd2e1ddc240e0765d6926b334a
                                                                              • Instruction Fuzzy Hash: DB71F671A002088FCB24EF28C490B6E77A5BF15314F244A7FE865CB791D739EA49CB95
                                                                              Function 0044AF90 Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                                                              • Instruction ID: 5047db877c7d9ae38b531aa0dda64427d2377832e7d6361d0852b000475400c5
                                                                              • Opcode Fuzzy Hash: 9135f7d9b5d1880a46c4ac02def5f1366672d51aadf79d8842421bd6ac20231f
                                                                              • Instruction Fuzzy Hash: F45180B5A0060ADFDB18CF28D480999FBB4FF4A320B5082AAE819C7B51D735ED55CBD4
                                                                              Function 0049E314 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                                                              • Instruction ID: 7d9f16a24b0820fe6bfe4efb506255557b861a5981f24711c09fdeca13a2084c
                                                                              • Opcode Fuzzy Hash: f4d1b25cda05e585bd14aeef0c776674eabbc591f49ad1024f01acac1088cae4
                                                                              • Instruction Fuzzy Hash: 8751C470A00104EFDF14CF5ACC85AAE7FA5AF99324F28816AE8095B352D379DE41CB95
                                                                              Function 00458550 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 004586AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                                                              • Instruction ID: 39eac46aceff4f274d7df031c3ad8bb7d561d247c585fc64f7f09dd83a036c2e
                                                                              • Opcode Fuzzy Hash: 9d0e38e8a100f06b44e5b2c958822f107f66b3500270d3682d1b991c4f050d55
                                                                              • Instruction Fuzzy Hash: E941A4B1E001159FDB04DFA8C841AAEBBB5EF48315F10422EE815F7386DB34AE09CB95
                                                                              Function 004520F0 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0045223D
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                                                              • Instruction ID: 543f2dd5f5f38f41d79c3b3e326d175c20dbca08f8aec97f7e4552ad9d8ce088
                                                                              • Opcode Fuzzy Hash: 8aafa409fbbe6252fd8d16ac1cef4b76429e1a26ed72850fe408f5c857c7a805
                                                                              • Instruction Fuzzy Hash: E1411272E001149BCB05EF68CD806AFB7A5EF56311F1402AFFC15EB302D6789E158B99
                                                                              Function 00451F90 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 004520DE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                                                              • Instruction ID: 53fc907bca80d66a09b4c03435f3e8acb878ccb904669eb33cf36a05cbe64725
                                                                              • Opcode Fuzzy Hash: a14de396b08b32659630435c90f611bc18073001c29953638865ceda2285425b
                                                                              • Instruction Fuzzy Hash: E7414272D001049BCB15AF68CD806AEBBA5AF4A305F1002ABED15EB342D7749E158BD9
                                                                              Function 0048F890 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0048F9FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                                                              • Instruction ID: 91311e753e2fbbf9cdae31aef67f458025fa5287f257254b7d49e4ed808e7769
                                                                              • Opcode Fuzzy Hash: d2fccf6f5b3df297b65b13170b90e5c1872a490292f016b70dee3939b6e05f49
                                                                              • Instruction Fuzzy Hash: 4F41B3B2E005049FDB14EF68C985A6EBBA9EB49320F24473EE815D7385DB349D04CB95
                                                                              Function 00451E50 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00451F7F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                                                              • Instruction ID: dbfd0375bb16cbcb281b8a1501cab73851c3df864c0bb83deedb38d5f1c134ec
                                                                              • Opcode Fuzzy Hash: bceca21abfd596b49baddf9976fd8ae7e3bbe9a292c563c34926c129456dd860
                                                                              • Instruction Fuzzy Hash: 72312572A001049BCB14DF688881B9FBBA5AB59315B24426FEC15CB303DB34DE5987D9
                                                                              Function 004516D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 004517DF
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                                                              • Instruction ID: 65e916faade23ef3c336758c75d3ad3b55c144e32e026a5ec30b5c92d10e86c8
                                                                              • Opcode Fuzzy Hash: 4beab17cec18f8408a3d260484db6fe46066ad92ba7b493454d35fe0c2aa28c2
                                                                              • Instruction Fuzzy Hash: BB316772E001105BCB18EE6D9880A6FB7E9EB88312B24427FEC15D7352DA38DD0987D9
                                                                              Function 0044D7D0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0044D8F9
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID:
                                                                              • API String ID: 118556049-0
                                                                              • Opcode ID: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                                                              • Instruction ID: 6687ec20b77dec97c90771c2cbe71989815263d1b8fcacfb2e06f2ee49a1853a
                                                                              • Opcode Fuzzy Hash: 4a7e0aa971e9c18d460f3d63606fed0fdd4bc56cc13da704aad23d70c2080c39
                                                                              • Instruction Fuzzy Hash: C3310A71E002045BE714AE6DD880A7EB7A4EF55324F24477FF865C7382D67899408759
                                                                              Function 0044BAD0 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0044BBB3
                                                                                • Part of subcall function 00434F80: ___std_exception_copy.LIBVCRUNTIME ref: 00434FF1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task___std_exception_copy
                                                                              • String ID:
                                                                              • API String ID: 1979911387-0
                                                                              • Opcode ID: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                                                              • Instruction ID: f8cf7cd3dcf405c094d14d4edd2427269fc308b55f739c6c677f8adad7f52d2f
                                                                              • Opcode Fuzzy Hash: 14553861a0e6d344c6703ce135879dfe8084568f0dbccc5b703b736294f01183
                                                                              • Instruction Fuzzy Hash: 902126B1E006059BE7149F25D48166AB7A4EF15324F20036FE8258BB91E739FE90C7D6
                                                                              Function 004BB697 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __wsopen_s
                                                                              • String ID:
                                                                              • API String ID: 3347428461-0
                                                                              • Opcode ID: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                                                              • Instruction ID: 7232828ef0ab4ea1277fc9c55e8108ad49929c9e06a984f5114aae078e858d40
                                                                              • Opcode Fuzzy Hash: c0068bc3e55a3d1622d6bbbbb6d136ac2493d2630b2467d4896e3e7752e83962
                                                                              • Instruction Fuzzy Hash: B9113671A0010AAFCB05DF58E9819CF7BF4EF88304F00405AF808AB311D770D9118BA4
                                                                              Function 00482930 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • send.WS2_32(?,?,00000000), ref: 00482968
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: send
                                                                              • String ID:
                                                                              • API String ID: 2809346765-0
                                                                              • Opcode ID: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                                                              • Instruction ID: 15365ef676efcd120e403479619ae1d38f6ec3fc5171ce29fb9a7f72e5811cf6
                                                                              • Opcode Fuzzy Hash: 2e230c4dbecb0c91bd7935fcc59657d459b7808623847299c78205d0fd7c7ba6
                                                                              • Instruction Fuzzy Hash: 93F0B472302115AB83109A5DAD4096BF7DEDBCA7B0B2003A7FC2CC33E0E9618C0153D4
                                                                              Function 004406AD Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindNextFileW.KERNELBASE(00000000,?), ref: 004406F2
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileFindNext
                                                                              • String ID:
                                                                              • API String ID: 2029273394-0
                                                                              • Opcode ID: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                                                              • Instruction ID: a1ffe5c8ce5f1f1a4397a2b9345f76ae3c812c30bf0ac5870f9d4861cf5b4c4e
                                                                              • Opcode Fuzzy Hash: df8edaa59d5e1f82e8cad7747c6b34272b3092e2e70faf3eef711e3f2ee9bc11
                                                                              • Instruction Fuzzy Hash: 95015631A0625DDFEB20DFA4D988BAEBBB4EF14314F2040DAD909A7282C7346E04DF55
                                                                              Function 0049D15A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(00000000,00000001,0043FE44,?,004AD408,0043FE4A,0043FE44,?,?,?,00434C2F,0043FE48,0043FE48), ref: 0049D18C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                                                              • Instruction ID: de2ad87b2feeaf860c8dfd974d012cc9eb33a1afe18dd843800594eb24cb3dbb
                                                                              • Opcode Fuzzy Hash: 7ee9b205990c537f360d36ea94f63206e53d45b0dbf15067b0b63116574bd50f
                                                                              • Instruction Fuzzy Hash: 08E0E533A0132166EF212BA6AD02B5B3E48CB513A0F190137EC18962C4CB28DC0082ED
                                                                              Function 004A8D62 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: H_prolog3
                                                                              • String ID:
                                                                              • API String ID: 431132790-0
                                                                              • Opcode ID: 3aba680758f6379cc1f0e69a772bc6cab6bd8c88bcc4b04971677c60b68784ff
                                                                              • Instruction ID: f589969de9c028132caa70972cc51c37c6bf7195d426b38a2c2fae52dece88af
                                                                              • Opcode Fuzzy Hash: 3aba680758f6379cc1f0e69a772bc6cab6bd8c88bcc4b04971677c60b68784ff
                                                                              • Instruction Fuzzy Hash: 71E09A76C4020D9ADB40DFD5C486BEFB7BCAB14304F50406BA205E6181EB7857448BE5
                                                                              Function 004BC233 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateFileW.KERNEL32(?,00000000,?,004BC623,?,?,00000000,?,004BC623,?,0000000C), ref: 004BC250
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                                                              • Instruction ID: c65ff2ef24fd0563ec255788cd93a1d7270b85fbbbb51eec7110af243f851585
                                                                              • Opcode Fuzzy Hash: dd275b77e4c8549b8163696f0af87788398892aa77d507c51891a1137c56f0af
                                                                              • Instruction Fuzzy Hash: 05D06C3200010DBBDF028F84EC06FDA3BAAFB48714F018010BA1866020C732E821ABA4
                                                                              Function 004B9AE2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?,00486DD6,?,?,?,A3776857,?,?), ref: 004B9AEC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoNativeSystem
                                                                              • String ID:
                                                                              • API String ID: 1721193555-0
                                                                              • Opcode ID: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                                                              • Instruction ID: f88b8e15ca571a688dc5d535dfb7cb0f1e1a76fd2fb5174ce8f8aecae7ce3306
                                                                              • Opcode Fuzzy Hash: 19af6f8f66515c3ad7801cfde8998948d5a7d817498514074e40bdf49eb42b08
                                                                              • Instruction Fuzzy Hash: 0EC09B7490610E97CF00E7E5D94D88E77FCA608204F4004A1D551E3140E770FD45C795

                                                                              Non-executed Functions

                                                                              Function 0048A0A0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 325nativelibraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,NtDuplicateObject,A3776857,?,?), ref: 0048A0F7
                                                                              • GetProcAddress.KERNEL32(00000000), ref: 0048A0FE
                                                                              • OpenProcess.KERNEL32(00000040,00000000,00000000), ref: 0048A12A
                                                                              • NtQuerySystemInformation.NTDLL ref: 0048A153
                                                                              • NtQuerySystemInformation.NTDLL ref: 0048A178
                                                                              • GetCurrentProcess.KERNEL32 ref: 0048A1FD
                                                                              • NtQueryObject.NTDLL ref: 0048A22B
                                                                              • GetFinalPathNameByHandleA.KERNEL32(00000000,00000000,00000104,00000000,00000104,?,00000104,00000000), ref: 0048A315
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0048A3E6
                                                                              • CloseHandle.KERNEL32(00000000), ref: 0048A441
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                                              • String ID: File$NtDuplicateObject$ntdll.dll
                                                                              • API String ID: 2729825427-3955674919
                                                                              • Opcode ID: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                                                              • Instruction ID: 0800680efb81c18e2f896ca5fb1c4f1751909ec1a20682d0b449f1ef79601e33
                                                                              • Opcode Fuzzy Hash: 8320b73641bfe2fd6a36d39389df1be313783445bc61d84dd6fe8aca722285e2
                                                                              • Instruction Fuzzy Hash: C3C1DE71D00218AFEF10EFA4DC45BAEBBB5FF44704F14452AE801A7281E7B9AD45CB96
                                                                              Function 00477EE0 Relevance: 18.3, APIs: 12, Instructions: 289COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CoInitializeEx.OLE32(00000000,00000000,A3776857,?,?), ref: 00477F5C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Initialize
                                                                              • String ID:
                                                                              • API String ID: 2538663250-0
                                                                              • Opcode ID: eec43777c261d8a2dab22aea29dbdf31e886a527831d6dfb0425ac795999018e
                                                                              • Instruction ID: d5989f67fd172e1006781f95ff6e7d6cbd1369fc69074948a5cb2319df95c689
                                                                              • Opcode Fuzzy Hash: eec43777c261d8a2dab22aea29dbdf31e886a527831d6dfb0425ac795999018e
                                                                              • Instruction Fuzzy Hash: 12D1F170D04288DBDB11CFA8D848BEDBBB0FF15314F14824AE508BB291DB796AC9DB55
                                                                              Function 0047D2F0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 410COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004517F0: Concurrency::cancel_current_task.LIBCPMT ref: 004518C2
                                                                                • Part of subcall function 0044DCC0: std::ios_base::_Addstd.LIBCPMT ref: 0044DDEF
                                                                                • Part of subcall function 00436640: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047D95A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: std::ios_base::_$Ios_base_dtor$AddstdConcurrency::cancel_current_task
                                                                              • String ID: .cmd$.exe$.ps1$.vbs$.G$0hC$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$open$runas
                                                                              • API String ID: 2154145882-3307477358
                                                                              • Opcode ID: 272a3eff05d2f0994a98a4670cb8ea359793a3df70236ba5e5f34b7e97b052ef
                                                                              • Instruction ID: f5ba6b163c3a98fee3f853caf05b9595179ad2eb3f8f0c36a39513699dfd7300
                                                                              • Opcode Fuzzy Hash: 272a3eff05d2f0994a98a4670cb8ea359793a3df70236ba5e5f34b7e97b052ef
                                                                              • Instruction Fuzzy Hash: 6A122770D00268DFDB20DF64CD85BDEBBB4AF19304F1481EAE849A7282DB755A84CF95
                                                                              Function 0048A710 Relevance: 15.2, APIs: 10, Instructions: 215stringmemorynativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAcquirePebLock.NTDLL(A3776857,00000000,00000000), ref: 0048A766
                                                                              • NtAllocateVirtualMemory.NTDLL ref: 0048A78F
                                                                              • lstrcpyW.KERNEL32(?), ref: 0048A7C6
                                                                              • lstrcatW.KERNEL32(?), ref: 0048A8CD
                                                                              • NtAllocateVirtualMemory.NTDLL ref: 0048A904
                                                                              • lstrcpyW.KERNEL32(?), ref: 0048AA0F
                                                                              • RtlInitUnicodeString.NTDLL(-00000037), ref: 0048AA28
                                                                              • RtlInitUnicodeString.NTDLL(-0000003F), ref: 0048AA37
                                                                              • LdrEnumerateLoadedModules.NTDLL(00000000,Function_0008A6B0,00000000), ref: 0048AA44
                                                                              • RtlReleasePebLock.NTDLL ref: 0048AA4A
                                                                                • Part of subcall function 00480F90: SHGetKnownFolderPath.SHELL32(004E05C0,00000000,00000000,?,A3776857,?,?), ref: 0048101E
                                                                                • Part of subcall function 00480F90: CoTaskMemFree.OLE32(?), ref: 004810DC
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateInitLockMemoryStringUnicodeVirtuallstrcpy$AcquireEnumerateFolderFreeKnownLoadedModulesPathReleaseTasklstrcat
                                                                              • String ID:
                                                                              • API String ID: 573923072-0
                                                                              • Opcode ID: 9f0bc586ea1a7da28060736a8c13b163a192ecd6657979f9a74a2ad2d362be03
                                                                              • Instruction ID: 1d72f842e61e5ce7feef92d17fc1071c4f69874d6174494518bfda03acdacd70
                                                                              • Opcode Fuzzy Hash: 9f0bc586ea1a7da28060736a8c13b163a192ecd6657979f9a74a2ad2d362be03
                                                                              • Instruction Fuzzy Hash: D6B190B4D05268EFDB14CFA9D885A9DBBB5FF08314F10822AE825A7361DB346946CF44
                                                                              Function 0047AE80 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • BCryptOpenAlgorithmProvider.BCRYPT(?,AES,00000000,00000000,00000001,?,0047AF9D,?,?,A3776857), ref: 0047AE91
                                                                              • BCryptSetProperty.BCRYPT(?,ChainingMode,ChainingModeGCM,00000020,00000000), ref: 0047AEAB
                                                                              • BCryptGenerateSymmetricKey.BCRYPT(?,?,00000000,00000000,?,?,00000000), ref: 0047AECF
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Crypt$AlgorithmGenerateOpenPropertyProviderSymmetric
                                                                              • String ID: AES$ChainingMode$ChainingModeGCM
                                                                              • API String ID: 1692524283-1213888626
                                                                              • Opcode ID: b81ac72cefcce56172d4d4bf7609f9087b605a60a83836cd33b6e41b4b4cf51e
                                                                              • Instruction ID: 8d127e15825cd86a398cba4dadb085fb92217d3de15f733cf2195ed64ba2db48
                                                                              • Opcode Fuzzy Hash: b81ac72cefcce56172d4d4bf7609f9087b605a60a83836cd33b6e41b4b4cf51e
                                                                              • Instruction Fuzzy Hash: 1CF03031381710BBE7309E65AC4AFDB7BA8FB44F10F10492AFA41DA1D0D7A0F8559B5A
                                                                              Function 0046B620 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 331COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B7DA
                                                                              • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B81E
                                                                              • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B924
                                                                              • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 0046B970
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_fs_directory_iterator_advance@8
                                                                              • String ID: .
                                                                              • API String ID: 2610647541-248832578
                                                                              • Opcode ID: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                                                              • Instruction ID: 99e23c5b304899c8ab8714ce46d423df57297e0934c6bc539a0dfe6d7ec6f1b4
                                                                              • Opcode Fuzzy Hash: 2e775b534ccb48514fa1d19158a196e6f147d360d3fd40777325cb8899fa8bdc
                                                                              • Instruction Fuzzy Hash: 77C1BF75A016269FCB20DF18C8847AAB3B5FF44314F14829AD915D7390EB39AD85CFC6
                                                                              Function 004A6109 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 004A61A2
                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 004A61CB
                                                                              • GetACP.KERNEL32 ref: 004A61E0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID: ACP$OCP
                                                                              • API String ID: 2299586839-711371036
                                                                              • Opcode ID: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                                                              • Instruction ID: 02a1f9ff6d074017cf30d732e6d651dacf3b6180dce544ba7b26bbdffeda2481
                                                                              • Opcode Fuzzy Hash: 83dfd683b9c94d176d38183288480b868ca78ec3c44069a2c66a1e4373e54840
                                                                              • Instruction Fuzzy Hash: 14217731B00101A6DB348F54C901A9BBBA7EB76B54B5F8466E909D7302EB36DE41C358
                                                                              Function 004A62E5 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • GetUserDefaultLCID.KERNEL32 ref: 004A63ED
                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 004A642B
                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 004A643E
                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 004A6486
                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 004A64A1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                              • String ID:
                                                                              • API String ID: 415426439-0
                                                                              • Opcode ID: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                                                              • Instruction ID: c25bf07a23f3a9ec008bfe0b344d9b34e57977eb2ee5f51d57588e3c0d66081e
                                                                              • Opcode Fuzzy Hash: 478fc60fa90a9ec9e197162e05efa7e840982a7b058c794a341e424fb9183a7c
                                                                              • Instruction Fuzzy Hash: B351C031A00205ABDF10DFA5CC41AAF77B8BF2A700F09446BF905EB2C0D778D9058B68
                                                                              Function 00497B2D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 00497C25
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00497C2F
                                                                              • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000001), ref: 00497C3C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                              • String ID: /LC
                                                                              • API String ID: 3906539128-2135541996
                                                                              • Opcode ID: ba9b98a76fbca1403476e1f0242b14846ec85a4183b9da3279bb0f6910b30b28
                                                                              • Instruction ID: bfbf58602b6ed5b9f74246d621f9e13e9ead8f3e4535d75d7aa199c35e3273ea
                                                                              • Opcode Fuzzy Hash: ba9b98a76fbca1403476e1f0242b14846ec85a4183b9da3279bb0f6910b30b28
                                                                              • Instruction Fuzzy Hash: 3231D274901229ABCB21DF65DC8878DBBB8BF18710F5041EAE40CA7250E7349F858F48
                                                                              Function 00493800 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4ea11f6e400efd71b53824ee55fa65b6dac5785e4ad25e6ab9d2c54b6af7400f
                                                                              • Instruction ID: d1eb0eda3f30262f0aa428ac7e9151949e9d9ef7bd25f7153de96db8ebdefec9
                                                                              • Opcode Fuzzy Hash: 4ea11f6e400efd71b53824ee55fa65b6dac5785e4ad25e6ab9d2c54b6af7400f
                                                                              • Instruction Fuzzy Hash: DB023C71E002199BDF14CFA9C9806AEFBF1FF89315F24826AE519E7341D735AE018B94
                                                                              Function 00498574 Relevance: 6.1, APIs: 4, Instructions: 82memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0049859D
                                                                              • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 004985B1
                                                                              • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 00498602
                                                                              • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00498617
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                              • String ID:
                                                                              • API String ID: 3562403962-0
                                                                              • Opcode ID: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                                                              • Instruction ID: 57c86550534b148c15952eeeaf39776b02a492ab104de77fe61266457f658886
                                                                              • Opcode Fuzzy Hash: 4e29c64980591c23c9d6474b97963c5f1eeeaad4aec7d0b9861b07a888b65890
                                                                              • Instruction Fuzzy Hash: 91217C72E00119ABCF20DFA9DD85AEFBBB8EF45754F05017AE905E7140EA349D04C794
                                                                              Function 009A5027 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009A5033
                                                                              • IsDebuggerPresent.KERNEL32 ref: 009A50FF
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009A5118
                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 009A5122
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                              • String ID:
                                                                              • API String ID: 254469556-0
                                                                              • Opcode ID: d6b97f7b4cd2f8b46333d7f35612c9fd8b04a717fbe73125f88c229f4a7ae2d2
                                                                              • Instruction ID: 322b30c106090feb4ba349b24dafb1523542fb2f956019d2a8b9c0bc2d5c8015
                                                                              • Opcode Fuzzy Hash: d6b97f7b4cd2f8b46333d7f35612c9fd8b04a717fbe73125f88c229f4a7ae2d2
                                                                              • Instruction Fuzzy Hash: 38312975D05218DBDF20EFA4D9497CDBBB8BF08300F1041AAE40CAB250EB709A84CF85
                                                                              Function 004AC6BF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 004AC6CB
                                                                              • IsDebuggerPresent.KERNEL32 ref: 004AC797
                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004AC7B0
                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 004AC7BA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                              • String ID:
                                                                              • API String ID: 254469556-0
                                                                              • Opcode ID: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                                                              • Instruction ID: 70dc3419eb2b6db1900c7bd06373213fcab329736da06f39ceabfcfe7a7444e5
                                                                              • Opcode Fuzzy Hash: 1a5f2cb74b25642d18f707c0b6da8939d9b46288bf323feffe580c9d32bdbba1
                                                                              • Instruction Fuzzy Hash: E1314A75C012189BDF21DF61DC897CEBBB8BF18700F1041AAE40DAB250E7759A84CF48
                                                                              Function 0043D4A0 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 725COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: content$filename
                                                                              • API String ID: 0-474635906
                                                                              • Opcode ID: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                                                              • Instruction ID: d087ffba84baf14db51f89a037efaf3a0efd4671473d6540ebf1f333b1c0f3d3
                                                                              • Opcode Fuzzy Hash: b66f7423e610c841824d5b72251d930196416b83facb86d1c8f8609f3cb58a8b
                                                                              • Instruction Fuzzy Hash: 5392EEB0C052AC9BDB66DF68D9857DDBBB4AF18308F1441DAE80CA7252EB741B84CF45
                                                                              Function 004B824D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00435B2A,?,?), ref: 004B8261
                                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000,?,?,00435B2A,?,?), ref: 004B8288
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FormatInfoLocaleMessage
                                                                              • String ID: !x-sys-default-locale
                                                                              • API String ID: 4235545615-2729719199
                                                                              • Opcode ID: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                                                              • Instruction ID: 4f66f40a8a4f046c7b0032d4e1a4b833dd41128cf422eed9181fa496fdef01a0
                                                                              • Opcode Fuzzy Hash: 84205eb8d4b061531bed3096fe064d3d6fd842fcad4d2f7a7c64ada32d2dc388
                                                                              • Instruction Fuzzy Hash: 1AF030B5511108FFEF089BD5DC0EEEB77ACEB09394F10416AB501D6150E6B0AE00D778
                                                                              Function 004A5D8D Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5DE1
                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5E2B
                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A5EF1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoLocale$ErrorLast
                                                                              • String ID:
                                                                              • API String ID: 661929714-0
                                                                              • Opcode ID: 66ffe828941743625ba3b2f2e75b323c17a954a9466d11b4e4a0e42b75f50976
                                                                              • Instruction ID: 962ae09c726557bba2a742099c161f9beda31160a96e42ffbc7faebc0f235ca1
                                                                              • Opcode Fuzzy Hash: 66ffe828941743625ba3b2f2e75b323c17a954a9466d11b4e4a0e42b75f50976
                                                                              • Instruction Fuzzy Hash: D86190715416079FDB28DF28CE82BABB7A8EF25305F1440BBE905C6285E738DE41CB58
                                                                              Function 0047AAE0 Relevance: 3.2, APIs: 2, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7a5cc1d22bd71ddba461825bf1e5a719f52907f0f441b03632678b65b188f3f2
                                                                              • Instruction ID: 33f7787d24f7b6ada88b2ec4e837cc4b10ca5ac34968b166931d9a07c874724e
                                                                              • Opcode Fuzzy Hash: 7a5cc1d22bd71ddba461825bf1e5a719f52907f0f441b03632678b65b188f3f2
                                                                              • Instruction Fuzzy Hash: 21B1A170D04249DFDB10CFA4C884BEEBBB5FF89304F20825AD505AB381D778A984CB96
                                                                              Function 00440B60 Relevance: 3.1, APIs: 2, Instructions: 137encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,00000001,?), ref: 00440BFA
                                                                              • LocalFree.KERNEL32(?,00000000), ref: 00440C8E
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CryptDataFreeLocalUnprotect
                                                                              • String ID:
                                                                              • API String ID: 1561624719-0
                                                                              • Opcode ID: 691253dd090d0692abb79b75d9c07df8674f2c8687ba40f9476d8420fea36caa
                                                                              • Instruction ID: f58a043fe36a424058588bce6ee5e9d112fd586f94ce921f9f6943f9dc7e0036
                                                                              • Opcode Fuzzy Hash: 691253dd090d0692abb79b75d9c07df8674f2c8687ba40f9476d8420fea36caa
                                                                              • Instruction Fuzzy Hash: 68517E70D00249DBEB00CFA9C8457DEFBB4FF14308F14821AE8547B281D7B96A48CBA5
                                                                              Function 0047A950 Relevance: 3.1, APIs: 2, Instructions: 119encryptionCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CryptProtectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A9B8
                                                                              • LocalFree.KERNEL32(?,00000000), ref: 0047AA4F
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CryptDataFreeLocalProtect
                                                                              • String ID:
                                                                              • API String ID: 2714945720-0
                                                                              • Opcode ID: 1650d13529f5b5e644ab9d1fc943a2e59ee628ce821009b7a4047a2a1a045cf0
                                                                              • Instruction ID: 6fc12887242d51354b1d4be44c56afc8010d77d5c64fcd5971483ececb25fb38
                                                                              • Opcode Fuzzy Hash: 1650d13529f5b5e644ab9d1fc943a2e59ee628ce821009b7a4047a2a1a045cf0
                                                                              • Instruction Fuzzy Hash: 7351BF70D00249EBEB00CFA5D945BDEFBB4FF54308F10821AE81077281D7B96A58CBA5
                                                                              Function 004A5FE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004A6034
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 3736152602-0
                                                                              • Opcode ID: 0cc7574bf4926a40e967ac0568a5283aef49bd869a92054f23648a73363eb538
                                                                              • Instruction ID: 4410453ce78f061189afbc458556258a4ff070a6a13362461f6e96f76a4d0aba
                                                                              • Opcode Fuzzy Hash: 0cc7574bf4926a40e967ac0568a5283aef49bd869a92054f23648a73363eb538
                                                                              • Instruction Fuzzy Hash: A121B232655206ABDF28DF25DC41A7B77ACEF61314B1500BFFA01C6281EB38ED408A58
                                                                              Function 004A5C67 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • EnumSystemLocalesW.KERNEL32(004A5D8D,00000001), ref: 004A5CD9
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                              • String ID:
                                                                              • API String ID: 2417226690-0
                                                                              • Opcode ID: 2975694ee7023931f0e948769ccc6b12fa9635212241985c4e92d9e5cce4a94c
                                                                              • Instruction ID: 1406c895032231e24aa0afc96b0d01b76351fdf719fc880d52765eb770635e76
                                                                              • Opcode Fuzzy Hash: 2975694ee7023931f0e948769ccc6b12fa9635212241985c4e92d9e5cce4a94c
                                                                              • Instruction Fuzzy Hash: 1711E537600B015FDB18AF79C9916BABB92FF91368B18842EE94787B40E375A942C744
                                                                              Function 004A620F Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004A5FA9,00000000,00000000,?), ref: 004A623B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 3736152602-0
                                                                              • Opcode ID: 8b81b91eadfdb3b62c299d10167f1a9c9d1e1bff8d4bf303c7f3fb8fddf9b379
                                                                              • Instruction ID: 9487850153f17b5aff8b54b84101990ee62d9d6b8c11e223cf6e38bc87e8a6da
                                                                              • Opcode Fuzzy Hash: 8b81b91eadfdb3b62c299d10167f1a9c9d1e1bff8d4bf303c7f3fb8fddf9b379
                                                                              • Instruction Fuzzy Hash: 3C01DB33A10112ABDF286A658D06BBB7768DB51754F1A446FEC06A3680DA38ED41C698
                                                                              Function 004A5D02 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • EnumSystemLocalesW.KERNEL32(004A5FE0,00000001), ref: 004A5D4C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                              • String ID:
                                                                              • API String ID: 2417226690-0
                                                                              • Opcode ID: 093b6fcee7793df0be6cbe5c3ac0d1e9e692bbf20fd6f6c44b0fdc924b83ac49
                                                                              • Instruction ID: c98a1cf7b30e52ba405588815af828edc546cc3ef2e56581ce593e44f0a9addd
                                                                              • Opcode Fuzzy Hash: 093b6fcee7793df0be6cbe5c3ac0d1e9e692bbf20fd6f6c44b0fdc924b83ac49
                                                                              • Instruction Fuzzy Hash: 2AF022362007041FCB246F799885A6A7BA5EB81368F14842EF9054B690C2759C02C658
                                                                              Function 0049C70E Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 0049B2E1: EnterCriticalSection.KERNEL32(-0051B45F,?,004A6D40,00000000,005137C8,0000000C,004A6D08,0043FE48,?,0049C6D7,0043FE48,?,00499445,00000001,00000364,00000001), ref: 0049B2F0
                                                                              • EnumSystemLocalesW.KERNEL32(Function_0009C701,00000001,00513580,0000000C,0049CB55,?), ref: 0049C746
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                              • String ID:
                                                                              • API String ID: 1272433827-0
                                                                              • Opcode ID: 69dda01542ccd3eab63414d956f3fcf1c5f44d3c23f22103bfe59f95768ac423
                                                                              • Instruction ID: a78643f9f3df08ccc8addbe33751412e33acbb4152fc9e9c363d2dc9b4240f3c
                                                                              • Opcode Fuzzy Hash: 69dda01542ccd3eab63414d956f3fcf1c5f44d3c23f22103bfe59f95768ac423
                                                                              • Instruction Fuzzy Hash: A0F04972A40205EFEB00DFA9E882B9C7BF0FB55725F10816BF415EB2A0D77959049F44
                                                                              Function 0047AE10 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • BCryptCloseAlgorithmProvider.BCRYPT(?,00000000,A3776857,?,?,?,004CB69D,000000FF), ref: 0047AE4A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AlgorithmCloseCryptProvider
                                                                              • String ID:
                                                                              • API String ID: 3378198380-0
                                                                              • Opcode ID: ba7b4d00b8746e9ab6913010367bb35a0b16d4da032a75110d36ee2580577608
                                                                              • Instruction ID: 7a92f9e53ad6301b38de286dc83f6de03fbb372fed7888f050c821ed69dc0e63
                                                                              • Opcode Fuzzy Hash: ba7b4d00b8746e9ab6913010367bb35a0b16d4da032a75110d36ee2580577608
                                                                              • Instruction Fuzzy Hash: B1F06D71A44618ABD720CF58DC05B9AB7F8EB04B20F10476FE821A37C0D779A9008B94
                                                                              Function 004A5C1A Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • EnumSystemLocalesW.KERNEL32(004A5B75,00000001), ref: 004A5C53
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                              • String ID:
                                                                              • API String ID: 2417226690-0
                                                                              • Opcode ID: a3e75a2ec426ab75d7b21eebf5cb3b3ab74813262ff42ffe7f20d7c1e2059a89
                                                                              • Instruction ID: c0579aaabcbeb9c43bbdfe6f16a8b7cdcbe96988e240a135a2bfe90bd87a4c91
                                                                              • Opcode Fuzzy Hash: a3e75a2ec426ab75d7b21eebf5cb3b3ab74813262ff42ffe7f20d7c1e2059a89
                                                                              • Instruction Fuzzy Hash: A8F05C3630030557CB049F35D88576B7F54EFD2724F06005EEA058B690C6769843C794
                                                                              Function 004A5C1C Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004992A7: GetLastError.KERNEL32(00000000,?,004A2D01), ref: 004992AB
                                                                                • Part of subcall function 004992A7: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 0049934D
                                                                              • EnumSystemLocalesW.KERNEL32(004A5B75,00000001), ref: 004A5C53
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                              • String ID:
                                                                              • API String ID: 2417226690-0
                                                                              • Opcode ID: f5bcbf328ab98889824a8f4a2aca38cb232a0aaea5e92dc81316268b5f07e0b0
                                                                              • Instruction ID: 8029f739405c8b6d15305cd3561d0adeac93de3ed34cfe121213407b3ae16d1c
                                                                              • Opcode Fuzzy Hash: f5bcbf328ab98889824a8f4a2aca38cb232a0aaea5e92dc81316268b5f07e0b0
                                                                              • Instruction Fuzzy Hash: B1F05C3630030557CB049F35D84576A7F54EFD2724F06005EEA058B690C6769842C754
                                                                              Function 0049CCB0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0049A8AF,?,20001004,00000000,00000002,?,?,00499EA1), ref: 0049CCE4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InfoLocale
                                                                              • String ID:
                                                                              • API String ID: 2299586839-0
                                                                              • Opcode ID: f7abdc218717ea54d8d13a8a84f23afce84eed1fa1e88fe8fac7f9052fbf838e
                                                                              • Instruction ID: eb41334156ced680ef33706ab3692b9e9ee117c5b5a07fe61c85a323d836a744
                                                                              • Opcode Fuzzy Hash: f7abdc218717ea54d8d13a8a84f23afce84eed1fa1e88fe8fac7f9052fbf838e
                                                                              • Instruction Fuzzy Hash: BDE04F35501228BBCF122F61DC04EAE7F16EF84761F004036FC0A66261CB368D21AAD9
                                                                              Function 00477B00 Relevance: 31.7, APIs: 21, Instructions: 230processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,A3776857,?,?), ref: 00477B54
                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00477BB9
                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 00477BE0
                                                                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 00477BFD
                                                                              • OpenProcessToken.ADVAPI32(00000000,0000000E,?), ref: 00477C2A
                                                                              • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00477C4D
                                                                              • GetLastError.KERNEL32 ref: 00477C5B
                                                                              • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00477C9C
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00477CA7
                                                                              • CloseHandle.KERNEL32(?), ref: 00477CAF
                                                                              • CloseHandle.KERNEL32(?), ref: 00477E29
                                                                              • Process32NextW.KERNEL32(?,0000022C), ref: 00477E39
                                                                              • CloseHandle.KERNEL32(?), ref: 00477E62
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00477E65
                                                                              • CloseHandle.KERNEL32(00000000), ref: 00477E84
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$CreateErrorFirstLastSnapshotToolhelp32
                                                                              • String ID:
                                                                              • API String ID: 1236848392-0
                                                                              • Opcode ID: 8196f859269c8a2d89c48d56fc566d1cdbd904d5535603d3da99df98a23cf43e
                                                                              • Instruction ID: 454ab3ae29a80d327a78c61064fadb2005c2365cc5293efb4604dbbba27fe465
                                                                              • Opcode Fuzzy Hash: 8196f859269c8a2d89c48d56fc566d1cdbd904d5535603d3da99df98a23cf43e
                                                                              • Instruction Fuzzy Hash: F6A15B709052189FDF219F24DC89BAEBBB8EF44700F5441EAE90CA2250EB359E84DF59
                                                                              Function 0044E020 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0044E070
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0044E092
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E0BA
                                                                              • std::_Facet_Register.LIBCPMT ref: 0044E1D0
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0044E1FA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                              • String ID: cC$`aC$p]C
                                                                              • API String ID: 459529453-2177106863
                                                                              • Opcode ID: a449d14724036c8b5d7dcc6e3f8f606a5f6c47b464cfe817b38abf7381c673d4
                                                                              • Instruction ID: 1ff138599dd9b712ad814e44402e9ca08be03e0a2a2e3ebe43d51928b08ed38c
                                                                              • Opcode Fuzzy Hash: a449d14724036c8b5d7dcc6e3f8f606a5f6c47b464cfe817b38abf7381c673d4
                                                                              • Instruction Fuzzy Hash: 99518BB0D00259DBEB10CF99C8457AEBBB4FB18314F24815ED811AB381DB79AA44CBA5
                                                                              Function 004AAEF3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,004AA85F), ref: 004AAF0C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DecodePointer
                                                                              • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                              • API String ID: 3527080286-3064271455
                                                                              • Opcode ID: 74ba9069d7c1eb0fdfb04e1fac74ca4f81e2e7f03cc06b4bb9d653b05ebe1574
                                                                              • Instruction ID: 58aec3622616389bffb488f30e5ac45d5b57ecd31d6a71103e59991c775c814d
                                                                              • Opcode Fuzzy Hash: 74ba9069d7c1eb0fdfb04e1fac74ca4f81e2e7f03cc06b4bb9d653b05ebe1574
                                                                              • Instruction Fuzzy Hash: BE516C7090860ACFCF148F58D9481AFBFB0FB66300F558187E4A1A6355C7BD8966CB9A
                                                                              Function 00452250 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0045228D
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 004522AF
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 004522D7
                                                                              • __Getcoll.LIBCPMT ref: 0045239F
                                                                              • std::_Facet_Register.LIBCPMT ref: 004523EB
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00452415
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                              • String ID: `aC$p]C
                                                                              • API String ID: 1184649410-1363152631
                                                                              • Opcode ID: bcac19400a142c5d17f9bc7acd982912d16d1a9c65db466b0de63643df1b93e3
                                                                              • Instruction ID: 568a7e1164ae6cef3cf0599e82aad122ccc02b6897634e5ab4797aad8f19cd87
                                                                              • Opcode Fuzzy Hash: bcac19400a142c5d17f9bc7acd982912d16d1a9c65db466b0de63643df1b93e3
                                                                              • Instruction Fuzzy Hash: 49518B70800208DFDB01DF95C9457DEBBB4FF55318F24815ED805AB282DBB9AE49CBA9
                                                                              Function 00450EF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00450F2D
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00450F4F
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00450F77
                                                                              • std::_Facet_Register.LIBCPMT ref: 00451071
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0045109B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                              • String ID: PbC$`aC$p]C
                                                                              • API String ID: 459529453-2418293346
                                                                              • Opcode ID: c487c9fa1e9afb87366c1b148d14351f87e6f3e89ddbdc8a1e0c3778002b8b72
                                                                              • Instruction ID: e392c769357d74c7cb0e8da2cb70d10442ea48cde3856dc7faeb71697ce32a0a
                                                                              • Opcode Fuzzy Hash: c487c9fa1e9afb87366c1b148d14351f87e6f3e89ddbdc8a1e0c3778002b8b72
                                                                              • Instruction Fuzzy Hash: 9A519E71900249DFDF20CF99C5417AEBBB0FB14318F24845ED805AB382D7B9AE49CB95
                                                                              Function 004AFE4C Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator==.LIBVCRUNTIME ref: 004AFF6B
                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 004B0079
                                                                              • CallUnexpected.LIBVCRUNTIME ref: 004B01E6
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CallMatchTypeUnexpectedtype_info::operator==
                                                                              • String ID: <fM$csm$csm$csm
                                                                              • API String ID: 1206542248-3599101812
                                                                              • Opcode ID: aaac5c7749a7aa866996bcb2d51d73d9b1fe5293335fd4c63eebf0a3ecf9d180
                                                                              • Instruction ID: 5ce913a956d0af8773c3ee17d9b542f15401108c10c26080aa375b564815456b
                                                                              • Opcode Fuzzy Hash: aaac5c7749a7aa866996bcb2d51d73d9b1fe5293335fd4c63eebf0a3ecf9d180
                                                                              • Instruction Fuzzy Hash: DBB19B71800209EFCF18DFA5C8809EFB7B5FF25315B10816BE8056B212D779DA15CBA9
                                                                              Function 0047CF70 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0047D113
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0047D118
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0047D11D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID: `aC$false$p]C$true
                                                                              • API String ID: 118556049-4224333681
                                                                              • Opcode ID: 226f2742ad4bb82513da97dc0ea37b247d6440e1a842af39628b989b3fbf377a
                                                                              • Instruction ID: 10a02a47a4876ff195f080d04569540bf2a908c30d6efafbe52ebceab6b25fd0
                                                                              • Opcode Fuzzy Hash: 226f2742ad4bb82513da97dc0ea37b247d6440e1a842af39628b989b3fbf377a
                                                                              • Instruction Fuzzy Hash: 73510871910745DBDB20DF65C801B9EBBF4EF04718F20862FE815A7781E7BAAA04CB95
                                                                              Function 0047C6C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0047C6FD
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0047C71F
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C747
                                                                              • std::_Facet_Register.LIBCPMT ref: 0047C834
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0047C85E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                              • String ID: `aC$p]C
                                                                              • API String ID: 459529453-1363152631
                                                                              • Opcode ID: e866effaa90865aaaa30be5826de822518346297a390443dd29a39b403041da2
                                                                              • Instruction ID: 399bbb442a0c6c40ac274560e971594f6ebfe9651e6100c107b7a0aaef0602e2
                                                                              • Opcode Fuzzy Hash: e866effaa90865aaaa30be5826de822518346297a390443dd29a39b403041da2
                                                                              • Instruction Fuzzy Hash: 2C517A71900249DFDB15CF99C580BEEBBB4EB15318F24805ED409AB381DB79AE09CF95
                                                                              Function 0047D190 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99networkfileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • InternetOpenW.WININET(File Downloader,00000001,00000000,00000000,00000000), ref: 0047D22D
                                                                              • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,80000000,00000000), ref: 0047D256
                                                                              • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D27C
                                                                              • InternetReadFile.WININET(00000000,?,00001000,00000000), ref: 0047D2B2
                                                                              • InternetCloseHandle.WININET(00000000), ref: 0047D2B9
                                                                              • InternetCloseHandle.WININET(?), ref: 0047D2C5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Internet$CloseFileHandleOpenRead
                                                                              • String ID: File Downloader
                                                                              • API String ID: 4038090926-3631955488
                                                                              • Opcode ID: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                                                              • Instruction ID: 638e9360adee8abd238f5bb9f06079602c51a7af3a4d5d450420b7b82b1eb562
                                                                              • Opcode Fuzzy Hash: 811208fdf33a36e9be3e42b468326af56e319a1deb0617af28b90d4cff8a8570
                                                                              • Instruction Fuzzy Hash: 5B318370A01655ABD730CF55CC45BEAB7B8EF44700F1041AAF549E7290DBB8AE84DFA8
                                                                              Function 009AF878 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: __freea$__alloca_probe_16$Info
                                                                              • String ID:
                                                                              • API String ID: 127012223-0
                                                                              • Opcode ID: 66c2045ab667004fc2a2b3dbb927fae724643db204ecb98fddca6388b50e31b3
                                                                              • Instruction ID: 30098e30e494c8bad2174f3113632eeb4d6fe41f97203ac291abca1d767197d7
                                                                              • Opcode Fuzzy Hash: 66c2045ab667004fc2a2b3dbb927fae724643db204ecb98fddca6388b50e31b3
                                                                              • Instruction Fuzzy Hash: B871A372A002066BDF209BD4CC71BEF77BD9F8B314F294465E959A7282E7359C0087E0
                                                                              Function 004B9D99 Relevance: 12.2, APIs: 8, Instructions: 225COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCPInfo.KERNEL32(?,?), ref: 004B9E24
                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B9EB0
                                                                              • __alloca_probe_16.LIBCMT ref: 004B9EDA
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B9F1B
                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 004B9F37
                                                                              • __alloca_probe_16.LIBCMT ref: 004B9F5D
                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004B9F9A
                                                                              • CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 004B9FB7
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                              • String ID:
                                                                              • API String ID: 3603178046-0
                                                                              • Opcode ID: 3ce074e6bcc7f87e0e4de1f7dc2ca851322fbe0f14b3b5897e042b4e817243f3
                                                                              • Instruction ID: 05f54580d30f9e3720c8b3961695daa3f0f937b9c5610d8c2bd80885558d9d7b
                                                                              • Opcode Fuzzy Hash: 3ce074e6bcc7f87e0e4de1f7dc2ca851322fbe0f14b3b5897e042b4e817243f3
                                                                              • Instruction Fuzzy Hash: 7871AE3290021AABDF219F65CC85BFF7BB9AF05724F18405BEA04E6291D7398C40C7B9
                                                                              Function 004B9AF7 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 004B9B40
                                                                              • __alloca_probe_16.LIBCMT ref: 004B9B6C
                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 004B9BAB
                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B9BC8
                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004B9C07
                                                                              • __alloca_probe_16.LIBCMT ref: 004B9C24
                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004B9C66
                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004B9C89
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                              • String ID:
                                                                              • API String ID: 2040435927-0
                                                                              • Opcode ID: 127654da753590042b08ac6595405d01716cfec311436dda6d72091204f46cc9
                                                                              • Instruction ID: 0cb7a2a667138b596a59e049b57baa22d652deda395932da07ab0cb8239329c9
                                                                              • Opcode Fuzzy Hash: 127654da753590042b08ac6595405d01716cfec311436dda6d72091204f46cc9
                                                                              • Instruction Fuzzy Hash: A151BF7250020AABEF219F65CC44FEB7FB9EF50740F24412AFA05A6260D7399C11CB68
                                                                              Function 00489F30 Relevance: 12.1, APIs: 8, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 00489F4B
                                                                              • GetProcessId.KERNEL32(00000000), ref: 00489F52
                                                                              • RmStartSession.RSTRTMGR(?,00000041,?), ref: 00489F76
                                                                              • RmRegisterResources.RSTRTMGR(?,00000001,?,00000000,00000000,00000000,00000000), ref: 00489F91
                                                                              • RmGetList.RSTRTMGR(?,?,?,00000003,?), ref: 00489FD4
                                                                              • RmGetList.RSTRTMGR(?,?,?,00000000,?), ref: 0048A020
                                                                              • RmEndSession.RSTRTMGR(?), ref: 0048A04A
                                                                              • RmEndSession.RSTRTMGR(?), ref: 0048A07A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                              • String ID:
                                                                              • API String ID: 3299295986-0
                                                                              • Opcode ID: c8fc720c6df2cefa911e5ab8bfb66f499295b1f9aa4f52cb019436ebaefd8700
                                                                              • Instruction ID: 0c548674b0cea8079c7009f79d794e669f8d4684f59b10cf2f6688a8c9d6d6ed
                                                                              • Opcode Fuzzy Hash: c8fc720c6df2cefa911e5ab8bfb66f499295b1f9aa4f52cb019436ebaefd8700
                                                                              • Instruction Fuzzy Hash: A7417971E011589BEF10AFE4DC44AEEBBBCEB45300F14412BE902EB254EB7A9C058B95
                                                                              Function 00473B90 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 333COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00473D56
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00473D73
                                                                                • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,A3776857), ref: 004AFA6C
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00473FC0
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00473FDD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_destroy$ExceptionRaise
                                                                              • String ID: MC$value
                                                                              • API String ID: 299339551-3840657116
                                                                              • Opcode ID: fad894e6791b73173a90b46eb5f7d570fcfb30b2d17f717ef1dd9171332bf87e
                                                                              • Instruction ID: 838f8dd16b3ea7f4eeb45613560c02c2ef3b01355b1a5592379bf0a45a67ceab
                                                                              • Opcode Fuzzy Hash: fad894e6791b73173a90b46eb5f7d570fcfb30b2d17f717ef1dd9171332bf87e
                                                                              • Instruction Fuzzy Hash: 31F15A70C05298DEEB20DB65C954BDEFBB4AF19304F1482DAD44963282E7746B88CF96
                                                                              Function 004AD600 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • _ValidateLocalCookies.LIBCMT ref: 004AD637
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 004AD63F
                                                                              • _ValidateLocalCookies.LIBCMT ref: 004AD6C8
                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 004AD6F3
                                                                              • _ValidateLocalCookies.LIBCMT ref: 004AD748
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                              • String ID: csm
                                                                              • API String ID: 1170836740-1018135373
                                                                              • Opcode ID: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                                                              • Instruction ID: fca86a332ffc7d642b39a5fdc798139505592cae81a3a9a41e25a428a24f43dc
                                                                              • Opcode Fuzzy Hash: 255d3a1bd88e468a9ea08ee1f7f85cdc8f29e10e22a0162dea8eb7e65443c785
                                                                              • Instruction Fuzzy Hash: 2741D834E002089BCF10DF69C880A9E7BB5BF66318F14815BE81A5B752D739EA01CF95
                                                                              Function 009A94CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,009A95DD,009A2442,?,00000000,?), ref: 009A958F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID: api-ms-$ext-ms-
                                                                              • API String ID: 3664257935-537541572
                                                                              • Opcode ID: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                                              • Instruction ID: a85474ac283111abf3178413e80806fcab9311c6e02d78736d2aacf71f32731b
                                                                              • Opcode Fuzzy Hash: 0e99e8badce70df9c4b67e051f210c43ced481fe4fdfe5e71ade84ba4e377cb8
                                                                              • Instruction Fuzzy Hash: 1A215035E05211A7C7229B64DC41A6E77ACFB8B7B1F140610FD06A72D1DB70EE01D6D0
                                                                              Function 0049C8FA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNEL32(00000000,?,0049CA09,0043FE48,00434C2F,00000000,00000001,0043FE4A,?,0049CC33,00000022,FlsSetValue,004D294C,FlsSetValue,00000001), ref: 0049C9BB
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID: api-ms-$ext-ms-
                                                                              • API String ID: 3664257935-537541572
                                                                              • Opcode ID: 7c1f6f25a6eeb0dcc1b48f853c441653626ec7c6eb0710202be6e4b6adacda37
                                                                              • Instruction ID: 9ca0f964f7470424b5d3057a4191f763ac6aa624da693043a33dcdca32e519f2
                                                                              • Opcode Fuzzy Hash: 7c1f6f25a6eeb0dcc1b48f853c441653626ec7c6eb0710202be6e4b6adacda37
                                                                              • Instruction Fuzzy Hash: A621E7B2A01211ABDF219B25ECC0B5F3B69AB527A4F250237E905A7390D738ED01C6DD
                                                                              Function 00436640 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004366E9
                                                                                • Part of subcall function 004AFA0C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0043FE44,?,?,?,004B9080,0043FE44,00513AB0,?,0043FE44,?,?,0000000C,A3776857), ref: 004AFA6C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                              • String ID: (>Q$0hC$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                              • API String ID: 1903096808-798308736
                                                                              • Opcode ID: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                                                              • Instruction ID: 0e9c3b5a5aba75944b05d252eccadd5948fd44e578ec9c0118fa22ff265feac2
                                                                              • Opcode Fuzzy Hash: 0ed2678322210cc8cc3a07b91dadb1e30d188d3d66194e55af3b44069607d8cc
                                                                              • Instruction Fuzzy Hash: 4E1122B29046487BD710DB59DC02FAA7398EB09754F04862FFD58872C1EB3DA90487AA
                                                                              Function 009A489F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 009A48A5
                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 009A48B3
                                                                              • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 009A48C4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AddressProc$HandleModule
                                                                              • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                              • API String ID: 667068680-1047828073
                                                                              • Opcode ID: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                                              • Instruction ID: b34c87e8097b9f3c3ee6df09a95954731a0815f6fec601da13503c03224605d2
                                                                              • Opcode Fuzzy Hash: 6366e455a1c2425314bd5bf836dc33e732c56d134ae75d47ce7b7e389994a890
                                                                              • Instruction Fuzzy Hash: 80D09E316AA620AF8350AF747F0D8DB7EA9EB496B53064216F511E2261DBB44504DB90
                                                                              Function 0049D57F Relevance: 9.3, APIs: 6, Instructions: 329COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                                                              • Instruction ID: c45b587b2b6024bbc8d631f61cfde13028adc071dc65d72902c8bf59655bd6a7
                                                                              • Opcode Fuzzy Hash: 8a850e4bd8366f6602f7f439948ddd996ec0ba155590deffeea4e3919eff859f
                                                                              • Instruction Fuzzy Hash: 64B13572D00255AFDF11DF64CC81BAA7FA5EF55310F1441BBE454AB382D2789D01C7A9
                                                                              Function 004A2113 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __freea$__alloca_probe_16
                                                                              • String ID: a/p$am/pm
                                                                              • API String ID: 3509577899-3206640213
                                                                              • Opcode ID: 35938f08404c0012c28b8581547da92bcaa7faac22c368983132e0e6ea66d68e
                                                                              • Instruction ID: 1d0f90a389a6ddb01c6eee3cfed114d4cdbff39c5c4e16d1e763b1923b69fac5
                                                                              • Opcode Fuzzy Hash: 35938f08404c0012c28b8581547da92bcaa7faac22c368983132e0e6ea66d68e
                                                                              • Instruction Fuzzy Hash: 32C1BF35904212AADB298F6CCA947BB77B0FF2B300F14405BE905AB750D3BD9D42EB59
                                                                              Function 0047CCA0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0047CCD6
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0047CCF9
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0047CD21
                                                                              • std::_Facet_Register.LIBCPMT ref: 0047CD9A
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0047CDC4
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0047CDE7
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                              • String ID:
                                                                              • API String ID: 2081738530-0
                                                                              • Opcode ID: 28da64327ea27554a00a06c9e40525b24cdd21d51c36f3309ffdeb549bf855e5
                                                                              • Instruction ID: 5e0d328f53af4ec2248f8036dfe48c657d56e4526373956cc4eb9e978e4c29ea
                                                                              • Opcode Fuzzy Hash: 28da64327ea27554a00a06c9e40525b24cdd21d51c36f3309ffdeb549bf855e5
                                                                              • Instruction Fuzzy Hash: FE419A71800219CFCB21CF98C980BEFBBB4EB15714F14856ED80A67381D738AE04CBA5
                                                                              Function 009A7F49 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,009A7F40,009A5A6B,009A5180), ref: 009A7F57
                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009A7F65
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009A7F7E
                                                                              • SetLastError.KERNEL32(00000000,009A7F40,009A5A6B,009A5180), ref: 009A7FD0
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLastValue___vcrt_
                                                                              • String ID:
                                                                              • API String ID: 3852720340-0
                                                                              • Opcode ID: 281f552aa3e2bba910b2761de8ffc0b960c37172d35ba76c85da1259be1d8516
                                                                              • Instruction ID: 0347aee122adfd4ccf86276ea0daabdae4a8c1a56758d8923d5243ba4a158e74
                                                                              • Opcode Fuzzy Hash: 281f552aa3e2bba910b2761de8ffc0b960c37172d35ba76c85da1259be1d8516
                                                                              • Instruction Fuzzy Hash: D701F77251D2127EE61527F4ADCBA67BBACDB877B47200339F410450F0EF114C02A1D0
                                                                              Function 004AFADE Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetLastError.KERNEL32(?,?,004AFAD5,004AF923,004AC85A), ref: 004AFAEC
                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004AFAFA
                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004AFB13
                                                                              • SetLastError.KERNEL32(00000000,004AFAD5,004AF923,004AC85A), ref: 004AFB65
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLastValue___vcrt_
                                                                              • String ID:
                                                                              • API String ID: 3852720340-0
                                                                              • Opcode ID: 0a9cead03a1cbea0f2d00e28f649f33043dad87cbbba68afa2d7a2a72df1b0e0
                                                                              • Instruction ID: 5c97271c99781371f32c50c56a2d0a191a69233ae1c55058bab721689d3f3b0d
                                                                              • Opcode Fuzzy Hash: 0a9cead03a1cbea0f2d00e28f649f33043dad87cbbba68afa2d7a2a72df1b0e0
                                                                              • Instruction Fuzzy Hash: 9001F9321093119E9A2417F5AC559972A65EB23379B24463FF514951E0FB1A5C0CA16C
                                                                              Function 00480AC0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteObject.GDI32(?), ref: 00480B31
                                                                              • EnterCriticalSection.KERNEL32(00000004,A3776857,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B42
                                                                              • EnterCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B4F
                                                                              • GdiplusShutdown.GDIPLUS(00000000,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B5C
                                                                              • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B69
                                                                              • LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,004C21C0,000000FF,?,00480A9B), ref: 00480B70
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                              • String ID:
                                                                              • API String ID: 4268643673-0
                                                                              • Opcode ID: ab380d08308f5f7294dc0c8834127c13781bff22419dd726a23e31aeb0b35f9a
                                                                              • Instruction ID: a49544f5ea7446c9cfb95f09875386710a40740b290a3353e41ff902735902d1
                                                                              • Opcode Fuzzy Hash: ab380d08308f5f7294dc0c8834127c13781bff22419dd726a23e31aeb0b35f9a
                                                                              • Instruction Fuzzy Hash: 8B117FB15002009FD3209F58D848B1A7BF8FF05728F20475EE4258B2D1C77AD806CB94
                                                                              Function 009A87D9 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • type_info::operator==.LIBVCRUNTIME ref: 009A88F8
                                                                              • CallUnexpected.LIBVCRUNTIME ref: 009A8B71
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CallUnexpectedtype_info::operator==
                                                                              • String ID: csm$csm$csm
                                                                              • API String ID: 2673424686-393685449
                                                                              • Opcode ID: 87f1fc4f14b7b672f31a012a42c7667304171c4bef2b4a6e03036138273d3faf
                                                                              • Instruction ID: 40b251a1df3fc350a080cf0c510fc48fb691ece20f5d9b8013d5b25cd9ef1f62
                                                                              • Opcode Fuzzy Hash: 87f1fc4f14b7b672f31a012a42c7667304171c4bef2b4a6e03036138273d3faf
                                                                              • Instruction Fuzzy Hash: F4B16B71800209EFCF18DFA4C881AAFBBB9FF86310F55455AE8116B212DB35DA51CBE1
                                                                              Function 009A6A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,009B1B77,000000FF,?,009A6B21,?,?,009A6BBD,00000000), ref: 009A6A95
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009A6AA7
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,009B1B77,000000FF,?,009A6B21,?,?,009A6BBD,00000000), ref: 009A6AC9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                                              • Instruction ID: c90c5b911599311d384dfbf4fb694a9f234e078919072ae645309173d3991b86
                                                                              • Opcode Fuzzy Hash: 7d63168e1692feb74dcc8dbb6cd0dcf457e2405ba8de0dedf1f7960ac364a64b
                                                                              • Instruction Fuzzy Hash: B3018431958519EBCB119F80CD05FBEB7BCFB48B64F084625A811A2290DB749804CA84
                                                                              Function 004A2923 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,A3776857,00000001,?,00000000,004CEBA0,000000FF,?,004A28BD,?,?,004A2891,00000016), ref: 004A2958
                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004A296A
                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,004CEBA0,000000FF,?,004A28BD,?,?,004A2891,00000016), ref: 004A298C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                              • API String ID: 4061214504-1276376045
                                                                              • Opcode ID: bb5db20903b210e56e17606efd33f47167f5dac7559f5cad6f576f47fa7b3a02
                                                                              • Instruction ID: 4a39d6f0df0723e62e133a2fe4a12dc63d6bfdc81165c834358a2709fa0273f6
                                                                              • Opcode Fuzzy Hash: bb5db20903b210e56e17606efd33f47167f5dac7559f5cad6f576f47fa7b3a02
                                                                              • Instruction Fuzzy Hash: DA01A271A10625AFCB118F54DC05FAFBBBCFB04B10F044627E812A2790DBB89900DA98
                                                                              Function 004B82A1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,A3776857,?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3), ref: 004B82C9
                                                                              • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004B82D5
                                                                              • GetTempPathW.KERNEL32(?,?,004CEC14,000000FF,?,004B87C4,00000105,?,00000000,?,?,?,0047FCE3,?,00000105,?), ref: 004B82F5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AddressHandleModulePathProcTemp
                                                                              • String ID: GetTempPath2W$kernel32.dll
                                                                              • API String ID: 775647363-1846531799
                                                                              • Opcode ID: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                                                              • Instruction ID: 490c9918516094a75be01d3e1b1e27de5ce3fa518d230e70400d3a931493a6c9
                                                                              • Opcode Fuzzy Hash: f1cf7476179f5a48e5f157bd4a6fca76b08ed530dfc52bf4d8c2badd71eabe8a
                                                                              • Instruction Fuzzy Hash: C2F03A36A44654EFCB159F54EC05F9A7BA8FB09B60F008127EC16937A0DB79A800CB98
                                                                              Function 009AD525 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __alloca_probe_16.LIBCMT ref: 009AD5AA
                                                                              • __alloca_probe_16.LIBCMT ref: 009AD673
                                                                              • __freea.LIBCMT ref: 009AD6DA
                                                                                • Part of subcall function 009AB3B5: HeapAlloc.KERNEL32(00000000,?,00000000,?,009A3C34,?,?,009A2442,00001000,?,009A23AA), ref: 009AB3E7
                                                                              • __freea.LIBCMT ref: 009AD6ED
                                                                              • __freea.LIBCMT ref: 009AD6FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                              • String ID:
                                                                              • API String ID: 1096550386-0
                                                                              • Opcode ID: fb6ccc1f44cfa263671bc2f080c10c131e6f44dde1aa271b8fccc8823994c60b
                                                                              • Instruction ID: 274e42a4a04f457c7af23c7a05c44a0231417b70685d8ef8d5a8b197426a4369
                                                                              • Opcode Fuzzy Hash: fb6ccc1f44cfa263671bc2f080c10c131e6f44dde1aa271b8fccc8823994c60b
                                                                              • Instruction Fuzzy Hash: 0951C372602246AFEF205F64CC81EBB37ADEF8A714B190529FD0AD6551EB75CC10C6E0
                                                                              Function 0049AEB4 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __alloca_probe_16.LIBCMT ref: 0049AF39
                                                                              • __alloca_probe_16.LIBCMT ref: 0049B002
                                                                              • __freea.LIBCMT ref: 0049B069
                                                                                • Part of subcall function 0049D15A: RtlAllocateHeap.NTDLL(00000000,00000001,0043FE44,?,004AD408,0043FE4A,0043FE44,?,?,?,00434C2F,0043FE48,0043FE48), ref: 0049D18C
                                                                              • __freea.LIBCMT ref: 0049B07C
                                                                              • __freea.LIBCMT ref: 0049B089
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1423051803-0
                                                                              • Opcode ID: 1cf292f1027faf516ea3b58fb1ffeacfcc17b82ad5c767b33ec64858519d3555
                                                                              • Instruction ID: c461f83b43c969d084823d86eb7d78e4c690f12dee5ba4d22df99f96e1ee22eb
                                                                              • Opcode Fuzzy Hash: 1cf292f1027faf516ea3b58fb1ffeacfcc17b82ad5c767b33ec64858519d3555
                                                                              • Instruction Fuzzy Hash: 4C510072600206AFEF209F65AD81EBB7EA9EF84314F15013EFC54D6241EB39DC5086E8
                                                                              Function 009A1930 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CloseFileHandleSize
                                                                              • String ID:
                                                                              • API String ID: 3849164406-0
                                                                              • Opcode ID: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                                              • Instruction ID: 01dbf0d9918108c55e6b4145a7798ef981f9bb530ca0a367eb947cb308af8286
                                                                              • Opcode Fuzzy Hash: e7a0f46eda6453ebd68a833ffb67dbd4de7585f44c9e0d5de09304607996d4a6
                                                                              • Instruction Fuzzy Hash: F481F0B4D0A258DFCB00DFA8D584BAEBBF0BF4A314F104929E455A7381D7789948CF96
                                                                              Function 009A46F6 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 009A470A
                                                                              • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4729
                                                                              • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A4757
                                                                              • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47B2
                                                                              • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,009B1B20,000000FF,?,009A3552), ref: 009A47C9
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 66001078-0
                                                                              • Opcode ID: 53051a53eabd8cee83fbd22a4ece7b05ce4620da44ef1abb01ea11faf3ccf3a5
                                                                              • Instruction ID: 3ca6a88fedcde88c12fcad319cb7f3d8516d2de825da09f77564b99f192a8789
                                                                              • Opcode Fuzzy Hash: 53051a53eabd8cee83fbd22a4ece7b05ce4620da44ef1abb01ea11faf3ccf3a5
                                                                              • Instruction Fuzzy Hash: 51414A30910686DFCB20DF69D984AAAB3F9FF87310B504A2AD45697A40D7B4F944CFD1
                                                                              Function 004B9258 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __EH_prolog3.LIBCMT ref: 004B925F
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 004B926A
                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 004B92D8
                                                                                • Part of subcall function 004B93BB: std::locale::_Locimp::_Locimp.LIBCPMT ref: 004B93D3
                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 004B9285
                                                                              • _Yarn.LIBCPMT ref: 004B929B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                              • String ID:
                                                                              • API String ID: 1088826258-0
                                                                              • Opcode ID: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                                                              • Instruction ID: d57bef6452a6d9f87b7c1f6c81a415e25ff1084f0ba862d3ffc406506ccaed08
                                                                              • Opcode Fuzzy Hash: 9529708b05f48a18c841b776fc683316fa11b0247fd455af3d56381143c4ee67
                                                                              • Instruction Fuzzy Hash: 2101BC75A002149BDB09EF21E881ABE3BA5BF95714B18400EE90157381CF78AE42DBE9
                                                                              Function 009AD200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748), ref: 009AD20D
                                                                              • GetLastError.KERNEL32(?,009AD29C,00000000,?,009BB728,?,?,?,009AD1D3,00000004,InitializeCriticalSectionEx,009B3740,009B3748,00000000,?,009A8E2C), ref: 009AD217
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 009AD23F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad$ErrorLast
                                                                              • String ID: api-ms-
                                                                              • API String ID: 3177248105-2084034818
                                                                              • Opcode ID: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                                              • Instruction ID: d79eb59beefabec8c9a5e5fc1b309fdebffbf904ceb2f1ce7c05f0f86d008f97
                                                                              • Opcode Fuzzy Hash: c13a7fbc7559e75b812d1a5d439fddb9235507ff01fa104e143ad029c76890b1
                                                                              • Instruction Fuzzy Hash: 75E0D870298204B7DF112F50DC06FA93F6C9B85BA0F140020FD0DE44E1DB71E995D5C0
                                                                              Function 004B0B2E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,004B0ADF,00000000,?,0051BBA8,?,?,?,004B0C82,00000004,InitializeCriticalSectionEx,004D70E4,004D70EC), ref: 004B0B3B
                                                                              • GetLastError.KERNEL32(?,004B0ADF,00000000,?,0051BBA8,?,?,?,004B0C82,00000004,InitializeCriticalSectionEx,004D70E4,004D70EC,00000000,?,004B0A39), ref: 004B0B45
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 004B0B6D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: LibraryLoad$ErrorLast
                                                                              • String ID: api-ms-
                                                                              • API String ID: 3177248105-2084034818
                                                                              • Opcode ID: e73f2d59ed71ffe050e3980c02a90d09a2b8a6f7f1eeff266cde429a2dd4b4c8
                                                                              • Instruction ID: d85af749d3a2776d246a861fdd0c76bc3b777c55ee5f54f02c25fa514b149693
                                                                              • Opcode Fuzzy Hash: e73f2d59ed71ffe050e3980c02a90d09a2b8a6f7f1eeff266cde429a2dd4b4c8
                                                                              • Instruction Fuzzy Hash: 25E04F30284305B7EF221BA1EC0AF5E3B55AB11B49F144032F90CA91E1EBA6A910859C
                                                                              Function 0047F2C0 Relevance: 6.5, APIs: 4, Instructions: 457registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExA.ADVAPI32(80000001,0051C570,00000000,00020019,00000000,?,?,?,A3776857,?,0051C2A0), ref: 0047F4D0
                                                                              • RegQueryValueExA.ADVAPI32(00000000,0051C2A0,00000000,000F003F,?,00000400,?,?,?,A3776857,?,0051C2A0), ref: 0047F506
                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,?,A3776857,?,0051C2A0), ref: 0047F5A4
                                                                              • SysFreeString.OLEAUT32 ref: 0047FA14
                                                                                • Part of subcall function 0047A610: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 0047A678
                                                                                • Part of subcall function 0047A610: LocalFree.KERNEL32(?,00000000), ref: 0047A70F
                                                                                • Part of subcall function 004870B0: RegOpenKeyExA.KERNEL32(80000001,0051C570,00000000,00020019,00000000,A3776857,0051C570,0051C2A0), ref: 00487182
                                                                                • Part of subcall function 004870B0: RegQueryValueExA.KERNEL32(00000000,?,00000000,000F003F,?,00000400), ref: 004871B6
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeOpenQueryValue$CloseCryptDataLocalStringUnprotect
                                                                              • String ID:
                                                                              • API String ID: 2380017125-0
                                                                              • Opcode ID: a521d0abf644b9380dcd8d70f5715900671aedad0facd1908bb1e921974b8b3c
                                                                              • Instruction ID: 56cbdaf4eb2024de0fd4bd59dbcd72090a4e5b75bdf23aa4f75e7a392944198d
                                                                              • Opcode Fuzzy Hash: a521d0abf644b9380dcd8d70f5715900671aedad0facd1908bb1e921974b8b3c
                                                                              • Instruction Fuzzy Hash: 24122BF0E002689BDB24DF24CC5479DB7B5AF44318F1086EAD64DA7282DB346E88CF59
                                                                              Function 009ADCA8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 009ADD0B
                                                                                • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 009ADF5D
                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009ADFA3
                                                                              • GetLastError.KERNEL32 ref: 009AE046
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                              • String ID:
                                                                              • API String ID: 2112829910-0
                                                                              • Opcode ID: 73e470fc6ae406cb9819989194ef813d03dc4a33c27d07c03cdd2bae79a8cd94
                                                                              • Instruction ID: ab360b0bec38862491303f8b94eb5905db546f83b05f4926d5eec648f4170ce5
                                                                              • Opcode Fuzzy Hash: 73e470fc6ae406cb9819989194ef813d03dc4a33c27d07c03cdd2bae79a8cd94
                                                                              • Instruction Fuzzy Hash: 20D1AF75D042589FCF14CFA8C9809EDBBB9FF4A314F28452AE416EB751D730A942CB90
                                                                              Function 0049B476 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetConsoleOutputCP.KERNEL32(A3776857,00000000,00000000,00000000), ref: 0049B4D9
                                                                                • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0049B72B
                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0049B771
                                                                              • GetLastError.KERNEL32 ref: 0049B814
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                              • String ID:
                                                                              • API String ID: 2112829910-0
                                                                              • Opcode ID: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                                                              • Instruction ID: 17746d06032e39ca1db24970b21defb679d9c3d722e4804f7fdb3bafa319cb4d
                                                                              • Opcode Fuzzy Hash: aef57a059a08420b8d5dfae5096d35553b8056bffb0ce8bb8e63412c3f54050f
                                                                              • Instruction Fuzzy Hash: 15D17A75D002489FCF05CFE9E980AEDBBB5EF49314F18816AE425EB351D734A906CB94
                                                                              Function 00478300 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 00477B00: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,A3776857,?,?), ref: 00477B54
                                                                                • Part of subcall function 00477B00: Process32FirstW.KERNEL32(00000000,?), ref: 00477BB9
                                                                                • Part of subcall function 00477B00: CloseHandle.KERNEL32(00000000), ref: 00477E84
                                                                              • ImpersonateLoggedOnUser.ADVAPI32(00000000,A3776857,?,00000000), ref: 00478391
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CloseCreateFirstHandleImpersonateLoggedProcess32SnapshotToolhelp32User
                                                                              • String ID:
                                                                              • API String ID: 1507787261-0
                                                                              • Opcode ID: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                                                              • Instruction ID: e502c6a69380433c55fd31efa36561dbf437e01bd72b95285a5588c942f2c0dc
                                                                              • Opcode Fuzzy Hash: ebec02cd2df44e7bd4fb65aecaaffec3bb885a70c3ad5895e8640ffefb46c4a4
                                                                              • Instruction Fuzzy Hash: F5F17070C0428DDEEB15DBA4C8587DDBBB0AF15308F24819ED04977292DB785F88DBA6
                                                                              Function 0048A490 Relevance: 6.2, APIs: 4, Instructions: 195COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32(A3776857), ref: 0048A4E4
                                                                              • FreeEnvironmentStringsW.KERNEL32(?), ref: 0048A685
                                                                              • RtlInitUnicodeString.NTDLL(?), ref: 0048A6D9
                                                                              • RtlInitUnicodeString.NTDLL(?,00000000), ref: 0048A6E4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                              • String ID:
                                                                              • API String ID: 2488768755-0
                                                                              • Opcode ID: 0d066fd5a037e956643cd3d92a9a96980abf0cb91633621b3d58d647d7d5a7ef
                                                                              • Instruction ID: 1a99e4392def1b605416f46e3147960cb17592dd8275db88d5f878599104deaf
                                                                              • Opcode Fuzzy Hash: 0d066fd5a037e956643cd3d92a9a96980abf0cb91633621b3d58d647d7d5a7ef
                                                                              • Instruction Fuzzy Hash: 6471AAB1C10219EBDB00DF98C884B9EFBF8FF18304F14461BE815A3250E7B8A995CB95
                                                                              Function 009A8500 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: AdjustPointer
                                                                              • String ID:
                                                                              • API String ID: 1740715915-0
                                                                              • Opcode ID: 0608e06d263ec731d7ffd192b23052bf33a42abc4f5907356db316f8c3da7dec
                                                                              • Instruction ID: 64eb0d958b18bc1c6ef1e9a5ab8750c24b95537435cdfc67330fac35c1d6284f
                                                                              • Opcode Fuzzy Hash: 0608e06d263ec731d7ffd192b23052bf33a42abc4f5907356db316f8c3da7dec
                                                                              • Instruction Fuzzy Hash: AB51E272A05606AFEB298F54D941BBB77A8FF46310F15456DEC02972A1EB31EC50CBD0
                                                                              Function 004AFBF5 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AdjustPointer
                                                                              • String ID:
                                                                              • API String ID: 1740715915-0
                                                                              • Opcode ID: e71c71c21820e5819a4508bd04d803321a7ecaf8570da358721e6539f5a36dac
                                                                              • Instruction ID: 33b3d652e50ecda4e79a0ecf225597f03c3ffd3297545ef1ce997a4b46d38663
                                                                              • Opcode Fuzzy Hash: e71c71c21820e5819a4508bd04d803321a7ecaf8570da358721e6539f5a36dac
                                                                              • Instruction Fuzzy Hash: AF51D0B150020A9FEB269FD1D881BAA77A4FF62718F10003EEC434B291D739E849C798
                                                                              Function 004A077A Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                                                              • Instruction ID: 6bad779769d7c9384c33fcc5b288381071ef860472916b423066c301ca7f7ee1
                                                                              • Opcode Fuzzy Hash: 00fa7b59af023eaaf071b224feea6c80f4edf5776798c8ca34953c892f2afd27
                                                                              • Instruction Fuzzy Hash: D141E675A00704AFDB24AF39CC41B6BBBA9EB99714F20452FF101DB781D77DA9418B88
                                                                              Function 009ABD28 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                                              • GetLastError.KERNEL32 ref: 009ABD8C
                                                                              • __dosmaperr.LIBCMT ref: 009ABD93
                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 009ABDCD
                                                                              • __dosmaperr.LIBCMT ref: 009ABDD4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 1913693674-0
                                                                              • Opcode ID: 5fda42d8140670587ea3416d774c610875c0cdd6baed5a2579ed69048ad89bad
                                                                              • Instruction ID: eccb56bab440cbaf77b51c30396320524af657333288217487c52a5cea59894d
                                                                              • Opcode Fuzzy Hash: 5fda42d8140670587ea3416d774c610875c0cdd6baed5a2579ed69048ad89bad
                                                                              • Instruction Fuzzy Hash: AF21A4B1600206BFDB20AF66C881E6BB7ADFF463687118919F81997192D734EC40DBD1
                                                                              Function 004BA942 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                                              • GetLastError.KERNEL32 ref: 004BA9A6
                                                                              • __dosmaperr.LIBCMT ref: 004BA9AD
                                                                              • GetLastError.KERNEL32(?,?,?,?), ref: 004BA9E7
                                                                              • __dosmaperr.LIBCMT ref: 004BA9EE
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 1913693674-0
                                                                              • Opcode ID: 51edd5c4e5c25a430a3840a704f497c195c233776ddb3170bc40658ab91a4e1f
                                                                              • Instruction ID: cdbbd9429668cd5750c88df838a7d8834fbfbf28e86e5927cf8d45539b4e27df
                                                                              • Opcode Fuzzy Hash: 51edd5c4e5c25a430a3840a704f497c195c233776ddb3170bc40658ab91a4e1f
                                                                              • Instruction Fuzzy Hash: 7A21C871600605AF8F21AF66CC809ABBBADFF44368711492FF91597210D739EC60D7BA
                                                                              Function 009AC2C4 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1b36e937bdd9776a463f892bead2d884e1ea2d5982c9dc011e0f8e74fc37fdd2
                                                                              • Instruction ID: 05507d55ab378ad77012b7e0a0c70fbd9d7593f76e689c04475c192514aa4026
                                                                              • Opcode Fuzzy Hash: 1b36e937bdd9776a463f892bead2d884e1ea2d5982c9dc011e0f8e74fc37fdd2
                                                                              • Instruction Fuzzy Hash: 8C216DB1604205AFDF20AFB5C881A6B77ADAF463687108A15F929EB151DB35EC40CBE1
                                                                              Function 004989A8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 29faf50d70bb4521c0c7912d0192e47e6614307814943c5259d0fead7ff358f5
                                                                              • Instruction ID: 5e5224636d54f024fd63f309ffc809bb58d9736df3a284f1f4315f29edb86acb
                                                                              • Opcode Fuzzy Hash: 29faf50d70bb4521c0c7912d0192e47e6614307814943c5259d0fead7ff358f5
                                                                              • Instruction Fuzzy Hash: F321A171600205AFCF21EF6ADC4496B7FA9AF42368720453FF91597251EF38ED008799
                                                                              Function 009AC99D Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 009AC9A5
                                                                                • Part of subcall function 009AC8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009AD6D0,?,00000000,-00000008), ref: 009AC902
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9DD
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009AC9FD
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 158306478-0
                                                                              • Opcode ID: 8098251112c1c5f0566b1b0367e24e7eebd626d49e3c06392a087f3dff8de54c
                                                                              • Instruction ID: 349e1d20f2aeed0942e84ce737000675205ba597ec21927584cdadd0c8e2ab8b
                                                                              • Opcode Fuzzy Hash: 8098251112c1c5f0566b1b0367e24e7eebd626d49e3c06392a087f3dff8de54c
                                                                              • Instruction Fuzzy Hash: F31104F5915219BF6611A7B59C8DCBF695CDEDB3A43110124F401E9200EA28CD0291F1
                                                                              Function 004AB379 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 004AB381
                                                                                • Part of subcall function 004A1489: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0049B05F,?,00000000,-00000008), ref: 004A14EA
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3B9
                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AB3D9
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                              • String ID:
                                                                              • API String ID: 158306478-0
                                                                              • Opcode ID: 69a85f7ed18cd74047bb984129651c996d53830a83c410699db2c70aab7f3113
                                                                              • Instruction ID: 352b9fd8ff6adfd48aa864b65f723ba5a946c2f7c3dd1541d1c3166fed4ac287
                                                                              • Opcode Fuzzy Hash: 69a85f7ed18cd74047bb984129651c996d53830a83c410699db2c70aab7f3113
                                                                              • Instruction Fuzzy Hash: B21156B19015157E7A1167B65C8AD6F6A5CDE5A398B10403BF801D1203EB7D9D0245BA
                                                                              Function 009A1E00 Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E2D
                                                                              • GetCurrentThreadId.KERNEL32 ref: 009A1E3B
                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E54
                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 009A1E93
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 2261580123-0
                                                                              • Opcode ID: cc8fa3324f5e6e9cf97eafe75bd973bf7bfbd8721fdcb9206dbbfcb1e8563e0c
                                                                              • Instruction ID: e28c2aeaaf5c3a040c85ecc6c965378effdf32fa309211f74cfd85a1637c5f8b
                                                                              • Opcode Fuzzy Hash: cc8fa3324f5e6e9cf97eafe75bd973bf7bfbd8721fdcb9206dbbfcb1e8563e0c
                                                                              • Instruction Fuzzy Hash: 3121E4B0E042098FCB04EFA8C5857AEBBF5EF89300F11845DE849AB351D7389A41CF91
                                                                              Function 004B8430 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000400,A3776857,00000000,00000000,00000000,00000000,00000000,00000001,?,?,0044E5F3,?,?,00000000,00000000), ref: 004B844D
                                                                              • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,A3776857,00000001), ref: 004B8459
                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,A3776857,00000000,00000000,00000000,00000000,00000000,?,?,0044E5F3,?,?,00000000,00000000,00000000), ref: 004B847F
                                                                              • GetLastError.KERNEL32(?,?,0044E5F3,?,?,00000000,00000000,00000000,A3776857,00000001), ref: 004B848B
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ByteCharErrorLastMultiWide
                                                                              • String ID:
                                                                              • API String ID: 203985260-0
                                                                              • Opcode ID: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                                                              • Instruction ID: 6b90caf3a67b14ffb57c64759c70b961d31bb881305e702148557666a2de5e43
                                                                              • Opcode Fuzzy Hash: b17853a5fac4461212df69502fdb333749a3d57a63655a8d7d2491092ae6608b
                                                                              • Instruction Fuzzy Hash: FB01BF36601156BFCF224F95DC08E9F3F7AEBD9791F118029FA0556220DA31C922EBA5
                                                                              Function 009AFD00 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000), ref: 009AFD17
                                                                              • GetLastError.KERNEL32(?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?,?,009AD9E0,00000000), ref: 009AFD23
                                                                                • Part of subcall function 009AFD74: CloseHandle.KERNEL32(FFFFFFFE,009AFD33,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?,?), ref: 009AFD84
                                                                              • ___initconout.LIBCMT ref: 009AFD33
                                                                                • Part of subcall function 009AFD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009AFCF1,009AF48E,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD68
                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,009AF4A1,00000000,00000001,00000000,?,?,009AE09A,?,00000000,00000000,?), ref: 009AFD48
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                              • String ID:
                                                                              • API String ID: 2744216297-0
                                                                              • Opcode ID: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                                              • Instruction ID: d5653beaa3dc4be1b3262693e083b589b4e8550667f4f386525d479a7ba7cda1
                                                                              • Opcode Fuzzy Hash: d6f1525b94508d24b2a45aa02a8c9516825b96381f8c342c01f81905a513bb93
                                                                              • Instruction Fuzzy Hash: C0F01C36414116BBCF232FD1DD08A8A3F6AFB493B1B004220FA0985570DB32C860EBD1
                                                                              Function 004A95E5 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000), ref: 004A95FC
                                                                              • GetLastError.KERNEL32(?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000,?,0049BE42,?), ref: 004A9608
                                                                                • Part of subcall function 004A95CE: CloseHandle.KERNEL32(FFFFFFFE,004A9618,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000,00000000), ref: 004A95DE
                                                                              • ___initconout.LIBCMT ref: 004A9618
                                                                                • Part of subcall function 004A9590: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004A95BF,004A6707,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A95A3
                                                                              • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,004A671A,00000000,00000001,0000000C,00000000,?,0049B868,00000000,00000000,00000000,00000000), ref: 004A962D
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                              • String ID:
                                                                              • API String ID: 2744216297-0
                                                                              • Opcode ID: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                                                              • Instruction ID: 8abc0c58445a332f8c6052495b9482a66327941653e6e46fd38a52645a0d97bb
                                                                              • Opcode Fuzzy Hash: 798d55b3f7968c96ef430ebc1f18d2e2465c9867b2c7648d7be43d295ef59026
                                                                              • Instruction Fuzzy Hash: DCF01237441215BBCF521F91DC09ACE3F66EF19364F024426FA2C86120C6368D60DB94
                                                                              Function 009A4F01 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 009A4F13
                                                                              • GetCurrentThreadId.KERNEL32 ref: 009A4F22
                                                                              • GetCurrentProcessId.KERNEL32 ref: 009A4F2B
                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 009A4F38
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                              • String ID:
                                                                              • API String ID: 2933794660-0
                                                                              • Opcode ID: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                                              • Instruction ID: 249e697ac7c80175cdc73755d8fdc4735cdd91e78fe27fa41fa217d7d6f19e67
                                                                              • Opcode Fuzzy Hash: c43107a0de4d10705e95ba942a31e8dc3266f3e6c49f136c7866392ff9c7a23f
                                                                              • Instruction Fuzzy Hash: 9CF06774D1420DEBCB00EBB4DA49ADFB7F8FF1D254B514A95A412E7110EB30A748EB51
                                                                              Function 009A8BFD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,009A8AFE,?,?,00000000,00000000,00000000,?), ref: 009A8C22
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: EncodePointer
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 2118026453-2084237596
                                                                              • Opcode ID: 80a7fc5bd5597a9261ff03ebcc6357136f0c861b9187391962db0f0d0d0e8e72
                                                                              • Instruction ID: 390a7c09216b659692ea9dda0a0bb16a51e3ea6b253e92099ff5ed3820b8f932
                                                                              • Opcode Fuzzy Hash: 80a7fc5bd5597a9261ff03ebcc6357136f0c861b9187391962db0f0d0d0e8e72
                                                                              • Instruction Fuzzy Hash: 8A41AB71900209AFCF15CF94CD81AEEBBBAFF49310F144168F90467291D7359A50CFA0
                                                                              Function 00453E10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00453EF4
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Concurrency::cancel_current_task
                                                                              • String ID: `aC$p]C
                                                                              • API String ID: 118556049-1363152631
                                                                              • Opcode ID: 15b0531adf7878dcd052dc043384283fbe7e7e749bd6b518c848f3481f58b70e
                                                                              • Instruction ID: 7ffd0bf130dfa3baccabcf7c02000b8885a72f27ff8372dee48aba471c76e642
                                                                              • Opcode Fuzzy Hash: 15b0531adf7878dcd052dc043384283fbe7e7e749bd6b518c848f3481f58b70e
                                                                              • Instruction Fuzzy Hash: 2B4114B1D002089BCB24DF58C841BAFBBF4EF45354F10426FEC2597382E7799A148B95
                                                                              Function 004B01F1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • EncodePointer.KERNEL32(00000000,?), ref: 004B0216
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: EncodePointer
                                                                              • String ID: MOC$RCC
                                                                              • API String ID: 2118026453-2084237596
                                                                              • Opcode ID: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                                                              • Instruction ID: 70788f387beb527cb8114cdc5e5f216b8ccff70d73c61da87df7ae4bd57bd2ae
                                                                              • Opcode Fuzzy Hash: f6a5424a3b0add0d67cdb7a4433499b834c2692f3a3c89efa9c8eec31821c917
                                                                              • Instruction Fuzzy Hash: EE415871900209AFCF16CF98CD85AEEBBB5FF48305F18809AFA0567211D3399950DB68
                                                                              Function 009A8469 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 009A86E0
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1893004138.00000000009A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009A0000, based on PE: true
                                                                              • Associated: 00000002.00000002.1892985604.00000000009A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893024106.00000000009B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893041186.00000000009BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893092832.00000000009BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000002.00000002.1893108883.00000000009C0000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_9a0000_drop1.jbxd
                                                                              Similarity
                                                                              • API ID: ___except_validate_context_record
                                                                              • String ID: csm$csm
                                                                              • API String ID: 3493665558-3733052814
                                                                              • Opcode ID: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                                              • Instruction ID: e5eb7fef57c388b1591a1162c3e1c9b1a461c8bec64cc51ab6a3ef1869e36f37
                                                                              • Opcode Fuzzy Hash: 0184664f765ff3d07132a4e256fbcff4f1cf2ed483d85a8d22925c716202b8aa
                                                                              • Instruction Fuzzy Hash: 7831C436400219DFCF268F50CC449ABBBAAFF4A365B38455AF85449221DB36CCA1DFD1
                                                                              Function 00435DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00435DCB
                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00435E2E
                                                                                • Part of subcall function 004B9356: _Yarn.LIBCPMT ref: 004B9375
                                                                                • Part of subcall function 004B9356: _Yarn.LIBCPMT ref: 004B9399
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                              • String ID: bad locale name
                                                                              • API String ID: 1908188788-1405518554
                                                                              • Opcode ID: 4f591d35f3d0401d16c29d601d846a696ee7aa1707a5175f538b14ce155db12b
                                                                              • Instruction ID: 3ec4c6a4a97d0462a05707b65000259191fcf5f6abdba4908dc577763c239046
                                                                              • Opcode Fuzzy Hash: 4f591d35f3d0401d16c29d601d846a696ee7aa1707a5175f538b14ce155db12b
                                                                              • Instruction Fuzzy Hash: 3B210570805784DFD320CF69C90478BBFF4AF15714F14868ED48597781D3B9AA04CBA5
                                                                              Function 0047DD40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047DDD1
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Ios_base_dtorstd::ios_base::_
                                                                              • String ID: .G$0hC
                                                                              • API String ID: 323602529-633007509
                                                                              • Opcode ID: fa7f0577eed2ee249957cc315ff075d2cc7a9cf360a169e300ae923cf5853acc
                                                                              • Instruction ID: def2e33cd38b5e824c816681f9ae39c6530dfa40910c99229239c839cc9e5e1b
                                                                              • Opcode Fuzzy Hash: fa7f0577eed2ee249957cc315ff075d2cc7a9cf360a169e300ae923cf5853acc
                                                                              • Instruction Fuzzy Hash: 9B21AE74940245DFD720CF1AC844B99FBF8FF05324F148A6EE85597391D775A904CB84
                                                                              Function 0044BEB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 0044BEF3
                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 0044BF26
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_copy
                                                                              • String ID: MC
                                                                              • API String ID: 2659868963-1829682832
                                                                              • Opcode ID: ab36d56284830d128f6cf4340ca16e134d89125db0bb4639ace7817866229729
                                                                              • Instruction ID: 159077f32092c3bc03b4ae882dbf743a881f4ebbd8d79b989d6de070d85d5faa
                                                                              • Opcode Fuzzy Hash: ab36d56284830d128f6cf4340ca16e134d89125db0bb4639ace7817866229729
                                                                              • Instruction Fuzzy Hash: 4E112EB5900649EFCB11CF59C980B86FBE8FF19320F10C66BE815A7640E7B4A944CBA4
                                                                              Function 004827A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0048285D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Ios_base_dtorstd::ios_base::_
                                                                              • String ID: 0$0hC
                                                                              • API String ID: 323602529-784950247
                                                                              • Opcode ID: 622b40fb6d894d5aa1115991de8c2c5b589d84d9705eb3b065fc2cec7fc6fad0
                                                                              • Instruction ID: dd26a1c23eadb7639fef0861fdc2b6c05f84c76fd28c7669f454e47aafc92c53
                                                                              • Opcode Fuzzy Hash: 622b40fb6d894d5aa1115991de8c2c5b589d84d9705eb3b065fc2cec7fc6fad0
                                                                              • Instruction Fuzzy Hash: FC21F074905298CFCB10CF98C6887DCBBF0AB09308F2480EAD949A7381D775AE58CF55
                                                                              Function 0047D9C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0047DA4F
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Ios_base_dtorstd::ios_base::_
                                                                              • String ID: .G$0hC
                                                                              • API String ID: 323602529-633007509
                                                                              • Opcode ID: d1051db2cb1cfc94d531bfa9645f70c65f72b0c573f779327227424f90c0fd69
                                                                              • Instruction ID: 8e7f9f1aa37db0bf33048e17fc0a06a73726813013154025c8e8923a4ade326e
                                                                              • Opcode Fuzzy Hash: d1051db2cb1cfc94d531bfa9645f70c65f72b0c573f779327227424f90c0fd69
                                                                              • Instruction Fuzzy Hash: 121149B4940744CFDB21CF49C984A99BBF8FB09324F108A5EE89697391D775AA44CF80
                                                                              Function 00438A00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438A46
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438A5C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_destroy
                                                                              • String ID: MC
                                                                              • API String ID: 4194217158-1829682832
                                                                              • Opcode ID: 36b679e11db0edd653e0a2647b8e85e069932705a2a35767823b219f623ddd02
                                                                              • Instruction ID: 2156576f1eef92af9ffbb3102a1cf8c86cd110feba5e05fe60ab6789c6c907d6
                                                                              • Opcode Fuzzy Hash: 36b679e11db0edd653e0a2647b8e85e069932705a2a35767823b219f623ddd02
                                                                              • Instruction Fuzzy Hash: 5A01B5B1C44318EBC710DF58DD01B8ABBE8EB1A714F10466FE811E3780E779A60487A5
                                                                              Function 00438CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D06
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D1C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_destroy
                                                                              • String ID: MC
                                                                              • API String ID: 4194217158-1829682832
                                                                              • Opcode ID: d7eaf932c4118910232a5250f95a2e385d092f5df7cd9ec96b40b31c7f1f2a93
                                                                              • Instruction ID: 34d925613d03c46ca24c24dcd021453886a1a957fa2bd66f6c30760aa6902abf
                                                                              • Opcode Fuzzy Hash: d7eaf932c4118910232a5250f95a2e385d092f5df7cd9ec96b40b31c7f1f2a93
                                                                              • Instruction Fuzzy Hash: 050192B1C443189BC711DF58DD05B89BBE8EB1A714F14466FE811A3780E7B9A60487A5
                                                                              Function 00438DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438E16
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438E2C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_destroy
                                                                              • String ID: MC
                                                                              • API String ID: 4194217158-1829682832
                                                                              • Opcode ID: dd0c4f4c0c82000e457c7f44c182c4aade15206cd65931e5a6e762cfa9f818e5
                                                                              • Instruction ID: 81858840e3503bfd15470ad0d796ddf3043ff6da9bec83e018f38d9446b02dde
                                                                              • Opcode Fuzzy Hash: dd0c4f4c0c82000e457c7f44c182c4aade15206cd65931e5a6e762cfa9f818e5
                                                                              • Instruction Fuzzy Hash: 4A01D2B1C442089FC710DF58DD01B8ABBE8EB1A714F10426FE811E3780E7B9A60487A5
                                                                              Function 00438A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438AD6
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438AEC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_destroy
                                                                              • String ID: MC
                                                                              • API String ID: 4194217158-1829682832
                                                                              • Opcode ID: 54ef2c628f25b7a2a23f3ae652ac74171c9fd81bd4396ab0a0f6fcd8ada00686
                                                                              • Instruction ID: 14708e90e5e2dd6187806a9d8007313cf644032e1f72ff90a2cf062a52645627
                                                                              • Opcode Fuzzy Hash: 54ef2c628f25b7a2a23f3ae652ac74171c9fd81bd4396ab0a0f6fcd8ada00686
                                                                              • Instruction Fuzzy Hash: AD0131B1C54658DFC710DF98D901B8ABBF8EB09724F10466BE815E3780E779A6048BA5
                                                                              Function 00438D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438D96
                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00438DAC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ___std_exception_destroy
                                                                              • String ID: MC
                                                                              • API String ID: 4194217158-1829682832
                                                                              • Opcode ID: 2a7c72095c6804fc0da1c178a4919001dd8fbeb9815b62e3a8e22e5ece97145b
                                                                              • Instruction ID: 57808b7f7ef1f41f2f9046275374ae6f4c4975ec05ee0e2f2319a2ec8c3047b8
                                                                              • Opcode Fuzzy Hash: 2a7c72095c6804fc0da1c178a4919001dd8fbeb9815b62e3a8e22e5ece97145b
                                                                              • Instruction Fuzzy Hash: BB0136B1C44658DFC710DF98D901B89BBF8EB09714F10466FE815E3780E77566048B65
                                                                              Function 004BA04D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 004805F0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,A3776857,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480617
                                                                                • Part of subcall function 004805F0: GetLastError.KERNEL32(?,00000000,00000000,A3776857,00000000,004BCF70,000000FF,?,?,00513FC8), ref: 00480621
                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,00434B5D), ref: 004BA080
                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00434B5D), ref: 004BA08F
                                                                              Strings
                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 004BA08A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1892909441.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_400000_drop1.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                              • API String ID: 3511171328-631824599
                                                                              • Opcode ID: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                                                              • Instruction ID: d36ccacf6001ae6edc25a42526d65594664b7a1234a3e60676ee06f56b9b42c5
                                                                              • Opcode Fuzzy Hash: c51739a2d2ef137336e9adc3b97a1d747fb81e18f3053d9a6155fde0035c1d30
                                                                              • Instruction Fuzzy Hash: 64E065701007018FD330AF3AD40C3467BE0AB14304F00882FD945C7750E7B9D4088B66