Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zmpZMfK1b4.exe

Overview

General Information

Sample name:zmpZMfK1b4.exe
renamed because original name is a hash value
Original sample name:74609d22f478a3df31034c9f29892da3.exe
Analysis ID:1589224
MD5:74609d22f478a3df31034c9f29892da3
SHA1:d9256eaf50802e49114540f9ee7a7306173c9db8
SHA256:208afccc1297879ecafd8cc97589c65d5463abb1710c43e81c8df08a4ac8d61a
Tags:exeMeduzaStealeruser-abuse_ch
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • zmpZMfK1b4.exe (PID: 5796 cmdline: "C:\Users\user\Desktop\zmpZMfK1b4.exe" MD5: 74609D22F478A3DF31034C9F29892DA3)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "62.60.226.62", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "@bebanrti", "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "links": "", "grabber_max_size": 2097152}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
zmpZMfK1b4.exeJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    zmpZMfK1b4.exeinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
    • 0x1c3d08:$str01: emoji
    • 0x1c65d0:$str02: %d-%m-%Y, %H:%M:%S
    • 0x1c6640:$str03: [UTC
    • 0x1c65b8:$str07: current_path()
    • 0x1c3ce8:$str08: [json.exception.
    • 0x1e2162:$str09: GDI32.dll
    • 0x1e23d4:$str10: GdipGetImageEncoders
    • 0x1e244c:$str10: GdipGetImageEncoders
    • 0x1e19ca:$str11: GetGeoInfoA

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: zmpZMfK1b4.exe PID: 5796JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: zmpZMfK1b4.exe PID: 5796JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.zmpZMfK1b4.exe.7ff7590f0000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
          0.2.zmpZMfK1b4.exe.7ff7590f0000.0.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
          • 0x1c3d08:$str01: emoji
          • 0x1c65d0:$str02: %d-%m-%Y, %H:%M:%S
          • 0x1c6640:$str03: [UTC
          • 0x1c65b8:$str07: current_path()
          • 0x1c3ce8:$str08: [json.exception.
          • 0x1e2162:$str09: GDI32.dll
          • 0x1e23d4:$str10: GdipGetImageEncoders
          • 0x1e244c:$str10: GdipGetImageEncoders
          • 0x1e19ca:$str11: GetGeoInfoA
          0.0.zmpZMfK1b4.exe.7ff7590f0000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.0.zmpZMfK1b4.exe.7ff7590f0000.0.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
            • 0x1c3d08:$str01: emoji
            • 0x1c65d0:$str02: %d-%m-%Y, %H:%M:%S
            • 0x1c6640:$str03: [UTC
            • 0x1c65b8:$str07: current_path()
            • 0x1c3ce8:$str08: [json.exception.
            • 0x1e2162:$str09: GDI32.dll
            • 0x1e23d4:$str10: GdipGetImageEncoders
            • 0x1e244c:$str10: GdipGetImageEncoders
            • 0x1e19ca:$str11: GetGeoInfoA

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-11T21:32:03.395669+010020494411A Network Trojan was detected192.168.2.44973062.60.226.6215666TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-11T21:32:03.395669+010020508061A Network Trojan was detected192.168.2.44973062.60.226.6215666TCP
            2025-01-11T21:32:03.401020+010020508061A Network Trojan was detected192.168.2.44973062.60.226.6215666TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-11T21:32:03.395669+010020508071A Network Trojan was detected192.168.2.44973062.60.226.6215666TCP
            2025-01-11T21:32:03.401020+010020508071A Network Trojan was detected192.168.2.44973062.60.226.6215666TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: zmpZMfK1b4.exeMalware Configuration Extractor: Meduza Stealer {"C2 url": "62.60.226.62", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "@bebanrti", "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "links": "", "grabber_max_size": 2097152}
            Multi AV Scanner detection for submitted file
            Source: zmpZMfK1b4.exeVirustotal: Detection: 56%Perma Link
            Source: zmpZMfK1b4.exeReversingLabs: Detection: 71%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
            Machine Learning detection for sample
            Source: zmpZMfK1b4.exeJoe Sandbox ML: detected
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759164DB0 CryptUnprotectData,LocalFree,0_2_00007FF759164DB0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591650D0 CryptProtectData,LocalFree,0_2_00007FF7591650D0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759128910 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,0_2_00007FF759128910
            Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: zmpZMfK1b4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759127AA0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF759127AA0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DB530 FindClose,FindFirstFileExW,GetLastError,0_2_00007FF7591DB530
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DB5E0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF7591DB5E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759174A60 GetLogicalDriveStringsW,0_2_00007FF759174A60
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\migration\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\migration\wtr\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 62.60.226.62:15666
            Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 62.60.226.62:15666
            Source: global trafficTCP traffic: 192.168.2.4:49730 -> 62.60.226.62:15666
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
            Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
            Source: Joe Sandbox ViewASN Name: ASLINE-AS-APASLINELIMITEDHK ASLINE-AS-APASLINELIMITEDHK
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 62.60.226.62:15666
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: unknownTCP traffic detected without corresponding DNS query: 62.60.226.62
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759172890 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,0_2_00007FF759172890
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
            Source: global trafficDNS traffic detected: DNS query: api.ipify.org
            Source: zmpZMfK1b4.exe, 00000000.00000003.1882479435.000001D41C430000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1882525851.000001D41C430000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1882630353.000001D41C434000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
            Source: zmpZMfK1b4.exe, 00000000.00000003.1682771511.000001D41C421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi9
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883423684.000001D41A71B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/K
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883423684.000001D41A71B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/w
            Source: zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
            Source: zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
            Source: zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
            Source: zmpZMfK1b4.exe, 00000000.00000003.1691508674.000001D41C818000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1697278880.000001D41D7E8000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1689893137.000001D41C810000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6F4000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1691302517.000001D41C6EC000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
            Source: zmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: zmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C658000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684907468.000001D41A7ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684561739.000001D41C5AB000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C60E000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684746997.000001D41D249000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684770228.000001D41C634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C658000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684907468.000001D41A7ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684561739.000001D41C5AB000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C60E000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684746997.000001D41D249000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684770228.000001D41C634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
            Source: zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: zmpZMfK1b4.exe, 00000000.00000003.1691508674.000001D41C818000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1697278880.000001D41D7E8000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1689893137.000001D41C810000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6F4000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1691302517.000001D41C6EC000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
            Source: zmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: zmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: zmpZMfK1b4.exe, 00000000.00000003.1689893137.000001D41C81F000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6FB000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: zmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: zmpZMfK1b4.exe, 00000000.00000003.1689893137.000001D41C81F000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6FB000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591731C0 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,0_2_00007FF7591731C0

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: zmpZMfK1b4.exe, type: SAMPLEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
            Source: 0.2.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
            Source: 0.0.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759177C90 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF759177C90
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759178390 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00007FF759178390
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759124A500_2_00007FF759124A50
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759127AA00_2_00007FF759127AA0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75917C9C00_2_00007FF75917C9C0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759174D100_2_00007FF759174D10
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759121B700_2_00007FF759121B70
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591BDBC00_2_00007FF7591BDBC0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759173EC00_2_00007FF759173EC0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591B20000_2_00007FF7591B2000
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912E2400_2_00007FF75912E240
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591222600_2_00007FF759122260
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591E22680_2_00007FF7591E2268
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75914D2B00_2_00007FF75914D2B0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912F2E00_2_00007FF75912F2E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591B31800_2_00007FF7591B3180
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591731C00_2_00007FF7591731C0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591542000_2_00007FF759154200
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591354300_2_00007FF759135430
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591696D00_2_00007FF7591696D0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591756A00_2_00007FF7591756A0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912D6E00_2_00007FF75912D6E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75919A5880_2_00007FF75919A588
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DB5E00_2_00007FF7591DB5E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75916C5E00_2_00007FF75916C5E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591B48900_2_00007FF7591B4890
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912F8900_2_00007FF75912F890
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591728900_2_00007FF759172890
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759188ABC0_2_00007FF759188ABC
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759198B080_2_00007FF759198B08
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591699C30_2_00007FF7591699C3
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591849B40_2_00007FF7591849B4
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591B89E00_2_00007FF7591B89E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591BBC800_2_00007FF7591BBC80
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759122C900_2_00007FF759122C90
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759188CC00_2_00007FF759188CC0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759191CB80_2_00007FF759191CB8
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759162CB00_2_00007FF759162CB0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75915FB500_2_00007FF75915FB50
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591BFB200_2_00007FF7591BFB20
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759128B600_2_00007FF759128B60
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591BAB700_2_00007FF7591BAB70
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591B1BC00_2_00007FF7591B1BC0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591E1BCC0_2_00007FF7591E1BCC
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759173BA00_2_00007FF759173BA0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591B6C000_2_00007FF7591B6C00
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75919BE300_2_00007FF75919BE30
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759140E800_2_00007FF759140E80
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75915FE700_2_00007FF75915FE70
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759188EC40_2_00007FF759188EC4
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759184EC00_2_00007FF759184EC0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759169F000_2_00007FF759169F00
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75913DDA00_2_00007FF75913DDA0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7590F5DC00_2_00007FF7590F5DC0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75919ADF40_2_00007FF75919ADF4
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759186DF00_2_00007FF759186DF0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75917C0900_2_00007FF75917C090
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591410700_2_00007FF759141070
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591630F00_2_00007FF7591630F0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759161F400_2_00007FF759161F40
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759142F800_2_00007FF759142F80
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7590F80000_2_00007FF7590F8000
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75918F2680_2_00007FF75918F268
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591492D00_2_00007FF7591492D0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591682D00_2_00007FF7591682D0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591A32E00_2_00007FF7591A32E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591481500_2_00007FF759148150
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591601A00_2_00007FF7591601A0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75915F2000_2_00007FF75915F200
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7590F74600_2_00007FF7590F7460
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DE4B00_2_00007FF7591DE4B0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591BE5000_2_00007FF7591BE500
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75915F5000_2_00007FF75915F500
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75918F3840_2_00007FF75918F384
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591783900_2_00007FF759178390
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591196B00_2_00007FF7591196B0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75914C6B00_2_00007FF75914C6B0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591786E00_2_00007FF7591786E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591CB5400_2_00007FF7591CB540
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591B45300_2_00007FF7591B4530
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75913F5700_2_00007FF75913F570
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591575D00_2_00007FF7591575D0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591635A60_2_00007FF7591635A6
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912A5AD0_2_00007FF75912A5AD
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591CA8400_2_00007FF7591CA840
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591CA8200_2_00007FF7591CA820
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75915F8300_2_00007FF75915F830
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591228900_2_00007FF759122890
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75916B8B00_2_00007FF75916B8B0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7590F78F00_2_00007FF7590F78F0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591657600_2_00007FF759165760
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75919A8040_2_00007FF75919A804
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591168000_2_00007FF759116800
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75918B8100_2_00007FF75918B810
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75915B8100_2_00007FF75915B810
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75918D7E00_2_00007FF75918D7E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591177F00_2_00007FF7591177F0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: String function: 00007FF75911E1B0 appears 32 times
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: String function: 00007FF759120910 appears 31 times
            Source: zmpZMfK1b4.exe, type: SAMPLEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
            Source: 0.2.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
            Source: 0.0.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
            Source: classification engineClassification label: mal100.troj.spyw.winEXE@1/0@1/2
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759179910 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_00007FF759179910
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912F2E0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF75912F2E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591620BE CoCreateInstance,0_2_00007FF7591620BE
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963DEFD3355
            Source: zmpZMfK1b4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: zmpZMfK1b4.exe, 00000000.00000003.1685399100.000001D41C5AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: zmpZMfK1b4.exeVirustotal: Detection: 56%
            Source: zmpZMfK1b4.exeReversingLabs: Detection: 71%
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: zmpZMfK1b4.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: zmpZMfK1b4.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: zmpZMfK1b4.exeStatic file information: File size 2045440 > 1048576
            Source: zmpZMfK1b4.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x110c00
            Source: zmpZMfK1b4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: zmpZMfK1b4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: zmpZMfK1b4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: zmpZMfK1b4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: zmpZMfK1b4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: zmpZMfK1b4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: zmpZMfK1b4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: zmpZMfK1b4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: zmpZMfK1b4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: zmpZMfK1b4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: zmpZMfK1b4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: zmpZMfK1b4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: zmpZMfK1b4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912E240 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF75912E240
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75915B0F9 push rcx; iretd 0_2_00007FF75915B0FC
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591696D0 ExitProcess,OpenMutexA,ExitProcess,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7591696D0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-54146
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759127AA0 FindFirstFileW,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF759127AA0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DB530 FindClose,FindFirstFileExW,GetLastError,0_2_00007FF7591DB530
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DB5E0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF7591DB5E0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759174A60 GetLogicalDriveStringsW,0_2_00007FF759174A60
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591CC4B0 GetSystemInfo,0_2_00007FF7591CC4B0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\migration\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\migration\wtr\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883493274.000001D41A760000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000002.1883423684.000001D41A71B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1683366707.000001D41A779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeAPI call chain: ExitProcess graph end nodegraph_0-53987
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759178390 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00007FF759178390
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DDBBC GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF7591DDBBC
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591DDBBC GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF7591DDBBC
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75912E240 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF75912E240
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591A6360 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7591A6360
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591838D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7591838D8
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591682D0 ShellExecuteW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF7591682D0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF7591A0BB4
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: EnumSystemLocalesW,0_2_00007FF759194ED8
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF7591A0D98
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00007FF7591DB1A0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: GetLocaleInfoW,0_2_00007FF759195418
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF7591A0350
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: EnumSystemLocalesW,0_2_00007FF7591A06AC
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: EnumSystemLocalesW,0_2_00007FF7591A077C
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF75918AC90 GetSystemTimeAsFileTime,0_2_00007FF75918AC90
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF7591737A0 GetUserNameW,0_2_00007FF7591737A0
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeCode function: 0_2_00007FF759174D10 GetTimeZoneInformation,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GlobalMemoryStatusEx,wcsftime,GetModuleFileNameA,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF759174D10

            Stealing of Sensitive Information

            barindex
            Yara detected CredGrabber
            Source: Yara matchFile source: Process Memory Space: zmpZMfK1b4.exe PID: 5796, type: MEMORYSTR
            Yara detected Meduza Stealer
            Source: Yara matchFile source: zmpZMfK1b4.exe, type: SAMPLE
            Source: Yara matchFile source: 0.2.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.0.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: Process Memory Space: zmpZMfK1b4.exe PID: 5796, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883381321.000001D41A71A000.00000040.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum\wallets
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883381321.000001D41A71A000.00000040.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\wallets
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883493274.000001D41A760000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: KHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883381321.000001D41A71A000.00000040.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883381321.000001D41A71A000.00000040.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
            Source: zmpZMfK1b4.exe, 00000000.00000002.1883381321.000001D41A71A000.00000040.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
            Tries to harvest and steal Bitcoin Wallet information
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\zmpZMfK1b4.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected CredGrabber
            Source: Yara matchFile source: Process Memory Space: zmpZMfK1b4.exe PID: 5796, type: MEMORYSTR
            Yara detected Meduza Stealer
            Source: Yara matchFile source: zmpZMfK1b4.exe, type: SAMPLE
            Source: Yara matchFile source: 0.2.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.0.zmpZMfK1b4.exe.7ff7590f0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: Process Memory Space: zmpZMfK1b4.exe PID: 5796, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Access Token Manipulation            		1
            OS Credential Dumping            		12
            System Time Discovery            		Remote Services1
            Screen Capture            		21
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Access Token Manipulation            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory1
            Query Registry            		Remote Desktop Protocol1
            Email Collection            		1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		2
            Obfuscated Files or Information            		Security Account Manager21
            Security Software Discovery            		SMB/Windows Admin Shares1
            Archive Collected Data            		2
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS2
            Process Discovery            		Distributed Component Object Model2
            Data from Local System            		2
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
            Account Discovery            		SSHKeylogging3
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
            System Owner/User Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
            System Network Configuration Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem3
            File and Directory Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow24
            System Information Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            zmpZMfK1b4.exe57%VirustotalBrowse
            zmpZMfK1b4.exe71%ReversingLabsWin64.Trojan.MeduzaStealer
            zmpZMfK1b4.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://ns.microsoft.t/Regi90%Avira URL Cloudsafe
            http://ns.microsoft.t/Regi0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            api.ipify.org
            		172.67.74.152
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://api.ipify.org/false
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://duckduckgo.com/chrome_newtabzmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFzmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://duckduckgo.com/ac/?q=zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgzmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.google.com/images/branding/product/ico/googleg_lodp.icozmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://api.ipify.org/wzmpZMfK1b4.exe, 00000000.00000002.1883423684.000001D41A71B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctazmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C658000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684907468.000001D41A7ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://ns.microsoft.t/Regi9zmpZMfK1b4.exe, 00000000.00000003.1682771511.000001D41C421000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C658000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684907468.000001D41A7ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ecosia.org/newtab/zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brzmpZMfK1b4.exe, 00000000.00000003.1696398524.000001D41D564000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://ac.ecosia.org/autocomplete?q=zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgzmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYizmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallzmpZMfK1b4.exe, 00000000.00000003.1684561739.000001D41C5AB000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C60E000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684746997.000001D41D249000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684770228.000001D41C634000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchzmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://support.mozilla.orgzmpZMfK1b4.exe, 00000000.00000003.1691508674.000001D41C818000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1697278880.000001D41D7E8000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1689893137.000001D41C810000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6F4000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1691302517.000001D41C6EC000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1690089255.000001D41C6B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExampleszmpZMfK1b4.exe, 00000000.00000003.1684561739.000001D41C5AB000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C60E000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684746997.000001D41D249000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1684770228.000001D41C634000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://ns.microsoft.t/RegizmpZMfK1b4.exe, 00000000.00000003.1882479435.000001D41C430000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1882525851.000001D41C430000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1882630353.000001D41C434000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=zmpZMfK1b4.exe, 00000000.00000003.1684264113.000001D41C5FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94zmpZMfK1b4.exe, 00000000.00000003.1700079196.000001D41D24B000.00000004.00000020.00020000.00000000.sdmp, zmpZMfK1b4.exe, 00000000.00000003.1700056024.000001D41A794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.ipify.org/KzmpZMfK1b4.exe, 00000000.00000002.1883423684.000001D41A71B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                62.60.226.62
                                                                		unknownIran (ISLAMIC Republic Of)
                                                                		18013ASLINE-AS-APASLINELIMITEDHKtrue
                                                                172.67.74.152
                                                                		api.ipify.orgUnited States
                                                                		13335CLOUDFLARENETUSfalse

                                                                General Information

                                                                Joe Sandbox version:42.0.0 Malachite
                                                                Analysis ID:1589224
                                                                Start date and time:2025-01-11 21:31:06 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 4m 21s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:4
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:zmpZMfK1b4.exe
                                                                renamed because original name is a hash value
                                                                Original Sample Name:74609d22f478a3df31034c9f29892da3.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.winEXE@1/0@1/2
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HCA Information:
                                                                • Successful, ratio: 86%
                                                                • Number of executed functions: 94
                                                                • Number of non-executed functions: 90
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Stop behavior analysis, all processes terminated

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                • Report size exceeded maximum capacity and may have missing network information.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                Simulations

                                                                Behavior and APIs

                                                                No simulations

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                172.67.74.152jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/?format=text
                                                                malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                                • api.ipify.org/
                                                                Simple1.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                Simple2.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                • api.ipify.org/
                                                                Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                api.ipify.orgkAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • 104.26.13.205
                                                                dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.13.205
                                                                JuIZye2xKX.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.74.152
                                                                ZeAX5i7cGB.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • 104.26.13.205
                                                                jKqPSehspS.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.12.205
                                                                A6AHI7Uk18.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.74.152
                                                                Wru9ycO2MJ.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.13.205
                                                                iNFGd6bDZX.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.12.205
                                                                MyzWeEOlqb.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.12.205
                                                                5hD3Yjf7xD.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 172.67.74.152

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                ASLINE-AS-APASLINELIMITEDHKrEzX7eqgfo.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                • 62.60.226.26
                                                                6.elfGet hashmaliciousUnknownBrowse
                                                                • 62.60.239.47
                                                                fYT3jJZgOX.exeGet hashmaliciousNjratBrowse
                                                                • 154.197.69.14
                                                                la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                • 180.223.114.199
                                                                pTvHtQDXio.exeGet hashmaliciousAmadeyBrowse
                                                                • 62.60.226.15
                                                                IGz.arm7.elfGet hashmaliciousMiraiBrowse
                                                                • 213.176.118.46
                                                                sh4.xxx.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 185.177.25.107
                                                                i586.xxx.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 185.177.25.107
                                                                x86.xxx.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 185.177.25.107
                                                                x32.xxx.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                • 185.177.25.107
                                                                CLOUDFLARENETUShttps://url.us.m.mimecastprotect.com/s/si15COYvJJSRLD3svhDSGbOPs?domain=ejfv5thbb.cc.rs6.netGet hashmaliciousUnknownBrowse
                                                                • 172.66.0.227
                                                                https://url.us.m.mimecastprotect.com/s/si15COYvJJSRLD3svhDSGbOPs?domain=ejfv5thbb.cc.rs6.netGet hashmaliciousUnknownBrowse
                                                                • 104.18.95.41
                                                                https://docs.zoom.us/doc/NGIyJXAkRDK0sAtAUh4DFw?from=emailGet hashmaliciousUnknownBrowse
                                                                • 1.1.1.1
                                                                https://ezdrivema.com-payowa.top/iGet hashmaliciousUnknownBrowse
                                                                • 104.21.1.179
                                                                https://app.heractivatie-portal.net/Get hashmaliciousUnknownBrowse
                                                                • 104.21.9.2
                                                                https://ville-tonnerre.com/CR_CM/config/information.php?access.x61307366953&&data.x=en_3abae6f9aa37b42f5c9bf622cGet hashmaliciousUnknownBrowse
                                                                • 104.16.225.240
                                                                Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                • 104.21.38.84
                                                                SDIO_R773.exeGet hashmaliciousLummaCBrowse
                                                                • 104.21.64.1
                                                                QsBdpe1gK5.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                • 104.21.80.1
                                                                HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                • 104.21.41.74

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                37f463bf4616ecd445d4a1937da06e19ix8kxoBHDb.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                • 172.67.74.152
                                                                b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                • 172.67.74.152
                                                                c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                • 172.67.74.152
                                                                ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                • 172.67.74.152
                                                                grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                • 172.67.74.152
                                                                14lVOjBoI2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                • 172.67.74.152
                                                                Qg79mitNvD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                • 172.67.74.152
                                                                lkETeneRL3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                • 172.67.74.152
                                                                AM983ebb5F.exeGet hashmaliciousGuLoaderBrowse
                                                                • 172.67.74.152
                                                                av8XPPpdBc.exeGet hashmaliciousGuLoaderBrowse
                                                                • 172.67.74.152

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                No created / dropped files found

                                                                Static File Info

                                                                General

                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                Entropy (8bit):6.306439673470683
                                                                TrID:
                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:zmpZMfK1b4.exe
                                                                File size:2'045'440 bytes
                                                                MD5:74609d22f478a3df31034c9f29892da3
                                                                SHA1:d9256eaf50802e49114540f9ee7a7306173c9db8
                                                                SHA256:208afccc1297879ecafd8cc97589c65d5463abb1710c43e81c8df08a4ac8d61a
                                                                SHA512:30f3a93f68a2d4e8a8ba0cb3a90abe174860dbd1dc01f42fdd6708f46b94e1394ba0803b1e1478cbcd887e4d09ca15da1706d31fe6227b75cb06cb3b72d464cb
                                                                SSDEEP:49152:kqKuOKE3tn7J8ZsN0zZQQI0qnX9eztpls0uNee:k3nX4lnuF
                                                                TLSH:5B956B66984C12EAD87D9038CE9B4B13F276744443B1D7EB1A9026961FA37E02F3FB54
                                                                File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........az.N...N...N....x..O....x..O.......W...v...`...v...B...^...F...^...^...^...-....x.......x..D....x..X...N...m....x..S.......Q..

                                                                File Icon

                                                                Icon Hash:90cececece8e8eb0

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x1400b6978
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x140000000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x67310ED5 [Sun Nov 10 19:51:49 2024 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:6
                                                                OS Version Minor:0
                                                                File Version Major:6
                                                                File Version Minor:0
                                                                Subsystem Version Major:6
                                                                Subsystem Version Minor:0
                                                                Import Hash:d18aa68269a30cd13693bec0b3505c6a

                                                                Entrypoint Preview

                                                                Instruction
                                                                dec eax
                                                                sub esp, 28h
                                                                call 00007F1E7080C83Ch
                                                                dec eax
                                                                add esp, 28h
                                                                jmp 00007F1E7080BFDFh
                                                                int3
                                                                int3
                                                                and dword ptr [0013458Dh], 00000000h
                                                                ret
                                                                dec eax
                                                                mov dword ptr [esp+08h], ebx
                                                                push ebp
                                                                dec eax
                                                                lea ebp, dword ptr [esp-000004C0h]
                                                                dec eax
                                                                sub esp, 000005C0h
                                                                mov ebx, ecx
                                                                mov ecx, 00000017h
                                                                call dword ptr [0005B962h]
                                                                test eax, eax
                                                                je 00007F1E7080C166h
                                                                mov ecx, ebx
                                                                int 29h
                                                                mov ecx, 00000003h
                                                                call 00007F1E7080C129h
                                                                xor edx, edx
                                                                dec eax
                                                                lea ecx, dword ptr [ebp-10h]
                                                                inc ecx
                                                                mov eax, 000004D0h
                                                                call 00007F1E7085329Ch
                                                                dec eax
                                                                lea ecx, dword ptr [ebp-10h]
                                                                call dword ptr [0005B905h]
                                                                dec eax
                                                                mov ebx, dword ptr [ebp+000000E8h]
                                                                dec eax
                                                                lea edx, dword ptr [ebp+000004D8h]
                                                                dec eax
                                                                mov ecx, ebx
                                                                inc ebp
                                                                xor eax, eax
                                                                call dword ptr [0005B8F3h]
                                                                dec eax
                                                                test eax, eax
                                                                je 00007F1E7080C19Eh
                                                                dec eax
                                                                and dword ptr [esp+38h], 00000000h
                                                                dec eax
                                                                lea ecx, dword ptr [ebp+000004E0h]
                                                                dec eax
                                                                mov edx, dword ptr [ebp+000004D8h]
                                                                dec esp
                                                                mov ecx, eax
                                                                dec eax
                                                                mov dword ptr [esp+30h], ecx
                                                                dec esp
                                                                mov eax, ebx
                                                                dec eax
                                                                lea ecx, dword ptr [ebp+000004E8h]
                                                                dec eax
                                                                mov dword ptr [esp+28h], ecx
                                                                dec eax
                                                                lea ecx, dword ptr [ebp-10h]
                                                                dec eax
                                                                mov dword ptr [esp+20h], ecx
                                                                xor ecx, ecx
                                                                call dword ptr [0005B8BAh]
                                                                dec eax

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1e1ca00x12c.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1f60000x1e0.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1ed0000x8b2c.pdata
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1f70000x20dc.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x1c83700x38.rdata
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x1c85800x28.rdata
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1c82300x140.rdata
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x1120000x788.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x110bbc0x110c0046f80e4298123619c3387dd9117ea7aaFalse0.4357849736480293data6.370311393522564IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x1120000xd15cc0xd1600b7d9e94b988f9eba052be41fd4fc0ce3False0.34898670708955226data5.617187307821686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0x1e40000x842c0x6000cc40341eb624cb50a08908e13935c1a8False0.0880126953125data4.5776677164512645IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .pdata0x1ed0000x8b2c0x8c00105212294ac2dd0f0f191adea0280e9fFalse0.48800223214285715PEX Binary Archive6.071753863991309IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .rsrc0x1f60000x1e00x200c5a6355ed6a0ad9dc6fe20d45426f2b5False0.52734375data4.7137725829467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0x1f70000x20dc0x22003560e510ee971a4fd4cc17d066617008False0.6786534926470589data6.384431292209445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_MANIFEST0x1f60600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                Imports

                                                                DLLImport
                                                                WS2_32.dllWSACleanup, inet_pton, WSAStartup, htons, send, socket, connect, recv, closesocket
                                                                CRYPT32.dllCryptUnprotectData, CryptProtectData
                                                                WININET.dllHttpQueryInfoW, InternetQueryDataAvailable, InternetReadFile, InternetOpenW, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                ntdll.dllNtQueryObject, RtlReleasePebLock, NtQuerySystemInformation, RtlInitUnicodeString, NtAllocateVirtualMemory, LdrEnumerateLoadedModules, RtlAcquirePebLock
                                                                RstrtMgr.DLLRmGetList, RmStartSession, RmEndSession, RmRegisterResources
                                                                KERNEL32.dllGetFileInformationByHandleEx, FindFirstFileW, FindNextFileW, FindClose, OpenProcess, CreateToolhelp32Snapshot, Process32NextW, LoadLibraryA, Process32FirstW, CloseHandle, GetSystemInfo, GetProcAddress, LocalFree, ReadProcessMemory, FreeLibrary, VirtualQueryEx, GetLastError, ExitProcess, MultiByteToWideChar, WideCharToMultiByte, VirtualFree, VirtualAlloc, ReadFile, WriteFile, CreateFileW, UnmapViewOfFile, GetFileSize, CreateFileMappingW, MapViewOfFile, GetCurrentProcess, VirtualQuery, WriteProcessMemory, GetStdHandle, TerminateProcess, CreateMutexA, ReleaseMutex, OpenMutexA, GetModuleFileNameA, GetVolumeInformationW, GetGeoInfoA, HeapFree, EnterCriticalSection, GetModuleFileNameW, GetProcessId, LeaveCriticalSection, SetFilePointer, InitializeCriticalSectionEx, FreeEnvironmentStringsW, GetModuleHandleA, HeapSize, GetLogicalDriveStringsW, GetFinalPathNameByHandleA, GetTimeZoneInformation, lstrcatW, HeapReAlloc, HeapAlloc, GetUserGeoID, DecodePointer, DeleteCriticalSection, GetProcessHeap, GetModuleHandleW, GetEnvironmentStringsW, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualProtect, GetFileSizeEx, SetFilePointerEx, GetCurrentThreadId, GetFileType, GetStartupInfoW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetTempPathW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, LoadLibraryExW, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadConsoleW, RaiseException, SetEndOfFile, GetModuleHandleExW, SetStdHandle, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetStringTypeW, WriteConsoleW, OutputDebugStringW, SetEnvironmentVariableW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, QueryPerformanceCounter, InitializeSListHead, RtlUnwindEx, RtlUnwind, RtlPcToFileHeader, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InitializeCriticalSection, AreFileApisANSI, GetNativeSystemInfo, TryAcquireSRWLockExclusive, LCMapStringEx, CompareStringEx, GlobalMemoryStatusEx, lstrcpyW, GetCommandLineA, GetCommandLineW, GetComputerNameW, GetFileAttributesExW, GetFileAttributesW, FindFirstFileExW, GetCurrentDirectoryW, GetLocaleInfoEx, FormatMessageA
                                                                USER32.dllEnumDisplayDevicesW, GetDesktopWindow, ReleaseDC, GetSystemMetrics, GetDC, GetWindowRect
                                                                GDI32.dllBitBlt, CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, GetDeviceCaps, DeleteDC, GetObjectW, DeleteObject
                                                                ADVAPI32.dllLookupPrivilegeValueW, AdjustTokenPrivileges, GetCurrentHwProfileW, RegCloseKey, RegGetValueA, RegQueryValueExA, RegOpenKeyExA, GetUserNameW, RegEnumKeyExA, RevertToSelf, ConvertSidToStringSidA, ImpersonateLoggedOnUser, OpenProcessToken, DuplicateTokenEx, GetTokenInformation, CredEnumerateA, CredFree
                                                                SHELL32.dllSHGetKnownFolderPath, ShellExecuteW
                                                                ole32.dllCoUninitialize, CoInitializeSecurity, CoSetProxyBlanket, CoInitializeEx, CoTaskMemFree, CoCreateInstance, CoGetObject
                                                                OLEAUT32.dllSysAllocStringByteLen, SysStringByteLen, SysFreeString
                                                                SHLWAPI.dll
                                                                gdiplus.dllGdipFree, GdipDisposeImage, GdipCreateBitmapFromHBITMAP, GdipAlloc, GdipGetImageEncodersSize, GdipCreateBitmapFromScan0, GdipCloneImage, GdipGetImageEncoders, GdiplusShutdown, GdiplusStartup, GdipSaveImageToStream

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2025-01-11T21:32:03.395669+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.44973062.60.226.6215666TCP
                                                                2025-01-11T21:32:03.395669+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973062.60.226.6215666TCP
                                                                2025-01-11T21:32:03.395669+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973062.60.226.6215666TCP
                                                                2025-01-11T21:32:03.401020+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973062.60.226.6215666TCP
                                                                2025-01-11T21:32:03.401020+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973062.60.226.6215666TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 11, 2025 21:31:58.429950953 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:31:58.435098886 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:31:58.435190916 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:31:58.500978947 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:58.501054049 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:58.501537085 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:58.524570942 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:58.524606943 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:59.010615110 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:59.010694981 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:59.059655905 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:59.059698105 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:59.060084105 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:59.060143948 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:59.061165094 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:59.103346109 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:59.191863060 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:59.191935062 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:31:59.191936970 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:59.191993952 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:59.192147017 CET49731443192.168.2.4172.67.74.152
                                                                Jan 11, 2025 21:31:59.192178011 CET44349731172.67.74.152192.168.2.4
                                                                Jan 11, 2025 21:32:03.395668983 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.400903940 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.400944948 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.400981903 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401001930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401020050 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401031971 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401053905 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401060104 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401087999 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401094913 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401117086 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401129961 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401145935 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401161909 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401175022 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401194096 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401211977 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.401261091 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.401294947 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406128883 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406157970 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406210899 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406212091 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406238079 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406271935 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406272888 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406301975 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406322956 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406326056 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406371117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406395912 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406398058 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406439066 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406459093 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406502962 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406506062 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406549931 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406574965 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406579971 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406610012 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406627893 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.406649113 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.406702042 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.411412954 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.411487103 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.411588907 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.411648989 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.411652088 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.411684036 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.411731958 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.411843061 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.411876917 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.411902905 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.411920071 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.411963940 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412003994 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412065029 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412173986 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412201881 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412229061 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412246943 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412256002 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412278891 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412282944 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412301064 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412323952 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412332058 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412359953 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412385941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412400007 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412412882 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412437916 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412441015 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412467003 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412471056 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412497044 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412513971 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412523985 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412542105 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412571907 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412586927 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412599087 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412615061 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412626982 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412652969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412655115 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412679911 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412697077 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412708044 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412723064 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412734985 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.412755966 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.412784100 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416357040 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416424036 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416429996 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416491032 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416584015 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416611910 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416637897 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416640997 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416668892 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416701078 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416749954 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416776896 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416814089 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416847944 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.416909933 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416937113 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.416975021 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417002916 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417002916 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417032003 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417057991 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417059898 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417084932 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417098045 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417135000 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417138100 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417165995 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417191982 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417197943 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417217970 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417236090 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417247057 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417277098 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417277098 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417298079 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417304993 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417324066 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417349100 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417773962 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417803049 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417829037 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417843103 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417856932 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417885065 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417886972 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417912006 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417912960 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417937994 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417939901 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417967081 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.417985916 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.417992115 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418013096 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418040037 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418054104 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418066025 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418112040 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418119907 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418148994 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418174028 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418185949 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418200970 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418242931 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418251991 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418268919 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418281078 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418308020 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418313026 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418332100 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418339968 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418358088 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418386936 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418389082 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418416023 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418443918 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418457031 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418469906 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418489933 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418512106 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418519974 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418548107 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418574095 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418598890 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418618917 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418625116 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418652058 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418654919 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418683052 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418699026 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418709993 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418726921 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418754101 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418765068 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418781042 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418797016 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418807983 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418817997 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418833971 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418860912 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418864965 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418886900 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418891907 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418916941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418925047 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418945074 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.418951988 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418986082 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.418992996 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419022083 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419048071 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419063091 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.419075012 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419091940 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.419102907 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419131041 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419137001 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.419157028 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419178963 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.419183969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419205904 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.419210911 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419239044 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.419244051 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.419270039 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.419295073 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421250105 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421319008 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421396017 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421423912 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421466112 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421555996 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421582937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421608925 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421622038 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421641111 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421649933 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421686888 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421752930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421780109 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421806097 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421813965 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421832085 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421853065 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421864033 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.421879053 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.421911955 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422211885 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422239065 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422280073 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422287941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422317028 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422343016 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422358036 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422390938 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422390938 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422420025 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422447920 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422451973 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422481060 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422503948 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422543049 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422574043 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422616005 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422621012 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422650099 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422679901 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422679901 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422708035 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422729969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422733068 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422759056 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422785997 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422808886 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422836065 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422836065 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422864914 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422908068 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422913074 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422940016 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422966003 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422966957 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.422992945 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.422992945 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.423018932 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.423041105 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.423043966 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.423069000 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.423094988 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.423098087 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.423125029 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.423150063 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424036980 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424103022 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424186945 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424246073 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424252987 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424318075 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424392939 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424421072 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424458027 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424472094 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424485922 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424499989 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424534082 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424561977 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424688101 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424715996 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424770117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424774885 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424797058 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424823999 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424841881 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424851894 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424874067 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424896002 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424901009 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424927950 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424953938 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424954891 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.424981117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.424983025 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425007105 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425029039 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425029039 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425057888 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425107002 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425123930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425153017 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425182104 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425200939 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425210953 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425228119 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425247908 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425271988 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425276995 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425304890 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425332069 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425335884 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425359011 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425376892 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425386906 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425410032 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425431013 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425436020 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425463915 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425489902 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425494909 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425517082 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425529957 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425544977 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425563097 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425574064 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425587893 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425601959 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425627947 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425628901 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425657034 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425661087 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425684929 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425704956 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425710917 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425734043 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425760984 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425765038 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425786972 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425791025 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425815105 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425817013 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425843000 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425843000 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425868988 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425868988 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425894976 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425900936 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425920963 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425930023 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425949097 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425951004 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.425976038 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.425977945 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426002979 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426018953 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426031113 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426058054 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426074028 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426084042 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426105022 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426116943 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426132917 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426157951 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426165104 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426177025 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426188946 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426199913 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426211119 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426212072 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426223040 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426234961 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426246881 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426246881 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426259041 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426271915 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426280975 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426285982 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426291943 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426296949 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426301956 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426312923 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426320076 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426323891 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426337004 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426350117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426372051 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426384926 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426393986 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426394939 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426405907 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426419020 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426429987 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426435947 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426448107 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426455975 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426459074 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426482916 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426495075 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426506996 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426512003 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426512957 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426517010 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426537037 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426546097 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426548958 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426561117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426585913 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426605940 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426608086 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426620007 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426651001 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426651001 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426662922 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426675081 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426692963 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426696062 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426708937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426721096 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426737070 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426742077 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426754951 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426765919 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426765919 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426779985 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.426805019 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.426834106 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427042007 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427053928 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427107096 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427117109 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427150011 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427169085 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427170038 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427212000 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427218914 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427263021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427268028 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427275896 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427319050 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427333117 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427344084 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427390099 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427561998 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427575111 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427596092 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427608013 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427619934 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427624941 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427630901 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427643061 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427649021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427654028 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427659035 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427665949 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427669048 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427692890 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427704096 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427716970 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427735090 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427738905 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427752018 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427803040 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.427917004 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427973032 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.427974939 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428025961 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428062916 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428075075 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428122997 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428212881 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428225994 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428246975 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428258896 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428277969 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428281069 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428293943 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428311110 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428333044 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428347111 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428349018 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428359032 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428371906 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428392887 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428405046 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428410053 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428416014 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428453922 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428827047 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428839922 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428888083 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428900957 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.428903103 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428934097 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428953886 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.428975105 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429013968 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429040909 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429069042 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429069996 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429095030 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429117918 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429153919 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429157019 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429171085 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429220915 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429229021 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429233074 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429255009 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429260015 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429266930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429284096 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429305077 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429311037 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429316998 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429347992 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429359913 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429373026 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429375887 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429415941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429419041 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429429054 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429475069 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429568052 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429579973 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429590940 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429601908 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429613113 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429624081 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429636955 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429639101 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429649115 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429673910 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429686069 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429697037 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429697990 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429708004 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429729939 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429742098 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429745913 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429754019 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429766893 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429775953 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429789066 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429801941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429822922 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429853916 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429866076 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429878950 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429892063 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.429919004 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.429944038 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.431438923 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.431493998 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.431658030 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.431699038 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.431711912 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.431755066 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.431822062 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.431834936 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.431879044 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.431973934 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.431987047 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432039022 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432043076 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432060957 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432097912 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432125092 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432188988 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432200909 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432246923 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432255030 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432298899 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432300091 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432346106 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432351112 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432364941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432411909 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432502031 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432514906 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432526112 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432537079 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432548046 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432565928 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432569981 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432583094 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432596922 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432610035 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432646036 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432667017 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432678938 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432715893 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432784081 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432796001 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432826042 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432871103 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432885885 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432898998 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.432948112 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.432992935 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433005095 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433034897 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433073044 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433113098 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433135986 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433147907 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433159113 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433203936 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433263063 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433274984 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433310032 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433341980 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433360100 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433372021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433414936 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433465958 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433487892 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433511972 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433553934 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433583021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433594942 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433621883 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433625937 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433650970 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433650970 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433676004 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433712006 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433760881 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433815956 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433820963 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433866978 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433938980 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.433985949 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.433989048 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.434032917 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.434103966 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.434115887 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.434154987 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.434156895 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.434168100 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.434199095 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.434225082 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475178957 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.475457907 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475542068 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475610971 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475670099 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475735903 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475809097 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475864887 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475928068 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.475980043 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.476049900 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.476104021 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.476172924 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.476214886 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.490891933 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.491048098 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.491133928 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.491193056 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.491266012 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.491296053 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.496187925 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.496398926 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.496481895 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.496527910 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.542988062 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.543046951 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.590171099 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.590341091 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.590749025 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.590862989 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.590935946 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.591020107 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.591094017 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.591186047 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.591254950 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.591351986 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.591398954 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.595453978 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.595671892 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.595777035 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.595827103 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.639111042 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.639287949 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.667236090 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.667644978 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.667862892 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.667984009 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.668107033 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.673463106 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.673696041 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.673868895 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.673949957 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.720050097 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.720237017 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.730339050 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.730473995 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.730592012 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.730772972 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.730865955 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.731014967 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.731127024 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.731236935 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.731345892 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.731456995 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.731492996 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.735627890 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.735805035 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.778959990 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.779134989 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.807205915 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.807238102 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.807421923 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.807446003 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.807626009 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.807727098 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.807853937 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.807950974 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808145046 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808260918 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808377028 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808479071 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808598042 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808700085 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808844090 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.808950901 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.809082985 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.809144020 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.855019093 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.855319023 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.855521917 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.855700970 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.855818987 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.870028019 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.870273113 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.870421886 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.870522976 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.870659113 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.870759964 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.870898008 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.870996952 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871114016 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871215105 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871332884 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871454954 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871608019 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871704102 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871829987 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.871908903 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875335932 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875366926 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875396013 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875415087 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875447035 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875452995 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875474930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875502110 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875507116 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875529051 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875538111 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875571966 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875580072 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875607967 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875637054 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875643969 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875664949 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875680923 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875711918 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875714064 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875741959 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875767946 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875786066 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875796080 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875816107 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875823021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875840902 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875849962 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875873089 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875876904 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875900984 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875904083 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875927925 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875956059 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.875957966 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.875983000 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876008987 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876028061 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876035929 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876069069 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876070976 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876096010 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876101017 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876121044 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876143932 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876171112 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876199007 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876233101 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876260996 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876290083 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876317978 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876346111 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876374960 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876379013 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876403093 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876427889 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876430035 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876457930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876456976 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876487017 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876487017 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876498938 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876512051 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876522064 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876523972 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876535892 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876548052 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876555920 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876559973 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876571894 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876584053 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876595020 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876602888 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876606941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876619101 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876631021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876642942 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876658916 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876668930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876682997 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876694918 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876705885 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876710892 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876718044 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876730919 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876741886 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876745939 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876754045 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876766920 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876779079 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876790047 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876791000 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876801014 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876812935 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876825094 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876840115 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876846075 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876858950 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876871109 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876883030 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876888990 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876893997 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876907110 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876919031 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876930952 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876940966 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876954079 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876966953 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876977921 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.876986027 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.876991034 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877022982 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877027035 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877036095 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877065897 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877088070 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877100945 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877145052 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877162933 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877176046 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877226114 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877226114 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877239943 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877254963 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877289057 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877291918 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877322912 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877330065 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877343893 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877353907 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877366066 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877378941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877382040 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877403021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877414942 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877463102 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877480030 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877491951 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877504110 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877516985 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877533913 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877537012 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877549887 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877564907 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877573013 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877585888 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877597094 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877634048 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877638102 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877645969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877675056 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877675056 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877688885 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877710104 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877727032 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877732992 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877738953 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877760887 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877770901 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877774954 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877806902 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877820969 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877831936 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877852917 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877877951 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.877948999 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877962112 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.877993107 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878001928 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878005028 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878036022 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878040075 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878057003 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878067017 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878083944 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878094912 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878096104 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878118992 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878129959 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878134966 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878153086 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878165007 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878165960 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878186941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878200054 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878211975 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878232002 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878243923 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878253937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878278971 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878304958 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878309965 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878324986 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878357887 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878360033 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878396034 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878405094 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878420115 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878432989 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878439903 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878474951 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878492117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878504992 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878516912 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878537893 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878549099 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878555059 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878561020 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878582954 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878595114 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878596067 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878616095 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878629923 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878633022 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878652096 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878667116 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878678083 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878679991 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878703117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878705978 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878731012 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878736019 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878770113 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878772974 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878813028 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878854990 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878866911 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878899097 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878906965 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878912926 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878936052 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878947973 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.878948927 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.878988981 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879003048 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879015923 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879049063 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879054070 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879061937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879084110 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879095078 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879098892 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879138947 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879225969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879240036 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879278898 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879297972 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879359007 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879359007 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879371881 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879393101 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879399061 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879407883 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879419088 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879440069 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879445076 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879487991 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879488945 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879501104 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879523993 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879530907 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879535913 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879559040 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879568100 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879570961 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879594088 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879606009 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879610062 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879620075 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879647970 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879653931 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879673004 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879702091 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879746914 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879760027 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879795074 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879808903 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879822016 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879833937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879846096 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879863977 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879868031 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879880905 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879892111 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879906893 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879935980 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.879978895 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.879991055 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880014896 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880027056 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880028009 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880038977 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880059958 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880064964 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880072117 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880095005 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880105972 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880115986 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880121946 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880127907 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880148888 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880161047 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880183935 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880217075 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880235910 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880248070 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880261898 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880284071 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880294085 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880297899 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880310059 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880326986 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880336046 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880348921 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880388021 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880395889 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880409956 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880431890 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880434036 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880444050 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880465984 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880470037 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880479097 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880498886 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880527020 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880546093 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880559921 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880594015 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880601883 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880605936 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880630016 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880641937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880664110 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880666018 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880676031 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880688906 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880695105 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880700111 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880723000 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880733013 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880734921 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880745888 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880758047 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880776882 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880779982 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880793095 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880805969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880811930 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880817890 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880841017 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880848885 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880852938 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880875111 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880878925 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880887985 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880903959 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880916119 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880928993 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880963087 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880964041 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.880975962 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.880996943 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881010056 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881015062 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881047010 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881091118 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881103039 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881150961 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881153107 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881164074 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881186008 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881196976 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881205082 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881218910 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881231070 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881242037 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881269932 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881275892 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881288052 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881319046 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881330013 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881330967 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881360054 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881369114 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881381989 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881386042 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881402969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881413937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881423950 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881453991 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881477118 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881489992 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881510019 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881520987 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881535053 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881567955 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881609917 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881622076 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881647110 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881659031 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881659031 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881680965 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881692886 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881695986 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881704092 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881716967 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881731987 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881738901 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881752014 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881763935 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881778955 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881779909 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881793976 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881814957 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881827116 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881830931 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881838083 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881860971 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881872892 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881876945 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881913900 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.881922960 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881936073 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.881984949 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882014990 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882026911 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882049084 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882060051 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882061958 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882081032 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882088900 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882093906 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882108927 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882129908 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882158995 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882164001 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882177114 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882188082 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882203102 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882208109 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882220984 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882231951 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882232904 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882246017 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882277966 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882292986 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882306099 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882307053 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882335901 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882340908 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882350922 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882374048 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882380009 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882391930 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882396936 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882426977 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882437944 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882452965 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882484913 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882496119 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882498026 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882523060 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882540941 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882546902 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882555008 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882576942 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882582903 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882589102 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882612944 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882642031 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882678986 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882692099 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882713079 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882724047 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.882733107 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.882780075 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.895236969 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.895256042 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.895270109 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.895488024 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.895673990 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.895803928 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.895889997 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896035910 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896055937 CET156664973062.60.226.62192.168.2.4
                                                                Jan 11, 2025 21:32:03.896233082 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896306038 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896354914 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896513939 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896667004 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896760941 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896879911 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.896966934 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897077084 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897167921 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897305012 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897408009 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897542000 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897644997 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897772074 CET4973015666192.168.2.462.60.226.62
                                                                Jan 11, 2025 21:32:03.897845030 CET4973015666192.168.2.462.60.226.62

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Jan 11, 2025 21:31:58.489387989 CET192.168.2.41.1.1.10x9d60Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Jan 11, 2025 21:31:58.496197939 CET1.1.1.1192.168.2.40x9d60No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 21:31:58.496197939 CET1.1.1.1192.168.2.40x9d60No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                Jan 11, 2025 21:31:58.496197939 CET1.1.1.1192.168.2.40x9d60No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                                                HTTPS Proxied Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.449731172.67.74.1524435796C:\Users\user\Desktop\zmpZMfK1b4.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-11 20:31:59 UTC100OUTGET / HTTP/1.1
                                                                Accept: text/html; text/plain; */*
                                                                Host: api.ipify.org
                                                                Cache-Control: no-cache
                                                                2025-01-11 20:31:59 UTC424INHTTP/1.1 200 OK
                                                                Date: Sat, 11 Jan 2025 20:31:59 GMT
                                                                Content-Type: text/plain
                                                                Content-Length: 12
                                                                Connection: close
                                                                Vary: Origin
                                                                CF-Cache-Status: DYNAMIC
                                                                Server: cloudflare
                                                                CF-RAY: 9007ac6a7bdd42f2-EWR
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1719&min_rtt=1701&rtt_var=674&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1580942&cwnd=222&unsent_bytes=0&cid=9a5b1aeae546b69f&ts=195&x=0"
                                                                2025-01-11 20:31:59 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                Data Ascii: 8.46.123.189


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:15:31:57
                                                                Start date:11/01/2025
                                                                Path:C:\Users\user\Desktop\zmpZMfK1b4.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\user\Desktop\zmpZMfK1b4.exe"
                                                                Imagebase:0x7ff7590f0000
                                                                File size:2'045'440 bytes
                                                                MD5 hash:74609D22F478A3DF31034C9F29892DA3
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:11.4%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:39.1%
                                                                  Total number of Nodes:2000
                                                                  Total number of Limit Nodes:67
                                                                  execution_graph 50111 7ff75915137b 50112 7ff7591513c8 ISource 50111->50112 50113 7ff759151393 50111->50113 50114 7ff759151421 ISource 50112->50114 50119 7ff759151835 50112->50119 50113->50112 50116 7ff759151830 50113->50116 50115 7ff759151475 ISource 50114->50115 50120 7ff75915183b 50114->50120 50216 7ff7591a5fb0 50115->50216 50117 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50116->50117 50117->50119 50122 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50119->50122 50211 7ff759183bc4 50120->50211 50122->50120 50225 7ff759183a3c 83 API calls 2 library calls 50211->50225 50213 7ff759183bdd 50226 7ff759183bf4 IsProcessorFeaturePresent 50213->50226 50217 7ff7591a5fb9 50216->50217 50218 7ff7591514a3 50217->50218 50219 7ff7591a6394 IsProcessorFeaturePresent 50217->50219 50220 7ff7591a63ac 50219->50220 50231 7ff7591a658c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 50220->50231 50222 7ff7591a63bf 50232 7ff7591a6360 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 50222->50232 50225->50213 50227 7ff759183c07 50226->50227 50230 7ff7591838d8 14 API calls 3 library calls 50227->50230 50229 7ff759183c22 GetCurrentProcess TerminateProcess 50230->50229 50231->50222 50233 7ff759190dc4 50244 7ff759190c28 50233->50244 50235 7ff759190e24 50237 7ff759190e65 50235->50237 50238 7ff759190deb 50235->50238 50262 7ff759195b60 83 API calls 2 library calls 50235->50262 50250 7ff759190c50 50237->50250 50242 7ff759190e59 50242->50237 50263 7ff75919624c 11 API calls 2 library calls 50242->50263 50245 7ff759190c31 50244->50245 50246 7ff759190c41 50244->50246 50264 7ff759188590 11 API calls memcpy_s 50245->50264 50246->50235 50246->50238 50261 7ff759190d48 83 API calls _fread_nolock 50246->50261 50248 7ff759190c36 50265 7ff759183ba4 83 API calls _invalid_parameter_noinfo 50248->50265 50251 7ff759190c28 _fread_nolock 83 API calls 50250->50251 50252 7ff759190c75 50251->50252 50253 7ff759190c85 50252->50253 50254 7ff759190d16 50252->50254 50256 7ff759190ca3 50253->50256 50259 7ff759190cc1 50253->50259 50275 7ff759194398 83 API calls 3 library calls 50254->50275 50274 7ff759194398 83 API calls 3 library calls 50256->50274 50258 7ff759190cb1 50258->50238 50259->50258 50266 7ff759196e7c 50259->50266 50261->50235 50262->50242 50263->50237 50264->50248 50265->50246 50267 7ff759196eac 50266->50267 50276 7ff759196cb0 50267->50276 50270 7ff759196eeb 50273 7ff759196f00 50270->50273 50288 7ff7591819b4 83 API calls 2 library calls 50270->50288 50273->50258 50274->50258 50275->50258 50277 7ff759196cd9 50276->50277 50279 7ff759196d07 50276->50279 50277->50270 50287 7ff7591819b4 83 API calls 2 library calls 50277->50287 50278 7ff759196d20 50290 7ff759183ad8 83 API calls 2 library calls 50278->50290 50279->50278 50281 7ff759196d77 50279->50281 50289 7ff75919cca8 EnterCriticalSection 50281->50289 50287->50270 50288->50273 50290->50277 50291 7ff759143ee0 50292 7ff759143ef8 50291->50292 50297 7ff759143f04 memcpy_s 50291->50297 50293 7ff759143f15 memcpy_s 50294 7ff75914404e 50294->50293 50296 7ff7591833b4 _fread_nolock 92 API calls 50294->50296 50296->50293 50297->50293 50297->50294 50298 7ff7591833b4 50297->50298 50301 7ff7591833d4 50298->50301 50302 7ff7591833fe 50301->50302 50303 7ff7591833cc 50301->50303 50302->50303 50304 7ff75918340d memcpy_s 50302->50304 50305 7ff75918344a 50302->50305 50303->50297 50315 7ff759188590 11 API calls memcpy_s 50304->50315 50314 7ff7591828b8 EnterCriticalSection 50305->50314 50309 7ff759183422 50316 7ff759183ba4 83 API calls _invalid_parameter_noinfo 50309->50316 50315->50309 50316->50303 50317 7ff7591699c3 50318 7ff7591699c8 50317->50318 50445 7ff75912f2e0 CreateToolhelp32Snapshot 50318->50445 50326 7ff7591699dc memcpy_s 50618 7ff7591af940 50326->50618 50446 7ff75912f347 memcpy_s 50445->50446 50942 7ff7591312b0 50446->50942 50449 7ff75912f35e Process32FirstW 50450 7ff75912f571 50449->50450 50483 7ff75912f37a ISource 50449->50483 50989 7ff7591311e0 50450->50989 50454 7ff75912f7d7 CloseHandle 50456 7ff75912f7ee 50454->50456 50458 7ff75912f819 ISource 50454->50458 50456->50458 50461 7ff75912f873 50456->50461 50998 7ff759121740 50458->50998 50463 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50461->50463 50462 7ff75912f843 50464 7ff7591a5fb0 _Strcoll 8 API calls 50462->50464 50467 7ff75912f878 50463->50467 50466 7ff75912f852 50464->50466 50465 7ff7591350c0 85 API calls 50465->50483 50485 7ff75912f890 50466->50485 50468 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50467->50468 50470 7ff75912f87e 50468->50470 50469 7ff75912f5d8 51007 7ff759131650 50469->51007 50472 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50470->50472 50474 7ff75912f884 50472->50474 50473 7ff75913b4f0 85 API calls 50473->50483 50475 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50474->50475 50477 7ff75912f88a 50475->50477 50476 7ff75912f6ab 50479 7ff759131650 85 API calls 50476->50479 50482 7ff75912f761 ISource 50479->50482 50482->50454 50482->50467 50483->50465 50483->50470 50483->50473 50483->50474 50484 7ff75912f543 Process32NextW 50483->50484 50947 7ff759164b00 50483->50947 50959 7ff759134ae0 50483->50959 50963 7ff759139d50 50483->50963 50975 7ff7591342e0 50483->50975 50484->50450 50484->50483 50486 7ff75912f8e4 memcpy_s 50485->50486 50487 7ff7591312b0 125 API calls 50486->50487 50488 7ff75912f8f0 50487->50488 51337 7ff759174740 50488->51337 50490 7ff75912ffd5 50491 7ff759174740 88 API calls 50490->50491 50501 7ff75912fff6 ISource 50491->50501 50492 7ff759130185 51353 7ff759131400 50492->51353 50494 7ff75913b4f0 85 API calls 50502 7ff75912fe4d ISource 50494->50502 50495 7ff75913018e 50496 7ff7591311e0 85 API calls 50495->50496 50497 7ff75913019e 50496->50497 50499 7ff759130336 ISource 50497->50499 50503 7ff759135430 85 API calls 50497->50503 50498 7ff75913b4f0 85 API calls 50498->50501 50505 7ff759131400 83 API calls 50499->50505 50514 7ff7591305a4 50499->50514 50539 7ff759130586 50499->50539 50500 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50504 7ff759130598 50500->50504 50501->50492 50501->50498 50501->50504 50513 7ff75913059e 50501->50513 50516 7ff759134ae0 124 API calls 50501->50516 50518 7ff7591350c0 85 API calls 50501->50518 50522 7ff759139d50 85 API calls 50501->50522 50530 7ff7591342e0 85 API calls 50501->50530 50502->50490 50502->50494 50506 7ff7591350c0 85 API calls 50502->50506 50508 7ff759134ae0 124 API calls 50502->50508 50512 7ff759139d50 85 API calls 50502->50512 50519 7ff7591342e0 85 API calls 50502->50519 50537 7ff75913058c 50502->50537 50541 7ff759130592 50502->50541 50507 7ff7591301ce 50503->50507 50509 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50504->50509 50527 7ff759130406 ISource 50505->50527 50506->50502 50511 7ff759135700 85 API calls 50507->50511 50508->50502 50509->50513 50510 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50510->50514 50521 7ff7591301e5 50511->50521 50512->50502 50513->50510 50515 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50514->50515 50517 7ff7591305aa 50515->50517 50516->50501 50524 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50517->50524 50518->50501 50519->50502 50520 7ff7591305b0 50528 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50520->50528 50529 7ff759131650 85 API calls 50521->50529 50522->50501 50523 7ff759130529 ISource 50525 7ff759121740 83 API calls 50523->50525 50524->50520 50533 7ff759130551 50525->50533 50526 7ff7591305b6 50532 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50526->50532 50527->50517 50527->50520 50527->50523 50527->50526 50531 7ff759130581 50527->50531 50528->50526 50542 7ff75913029e 50529->50542 50530->50501 50536 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50531->50536 50534 7ff7591305bc 50532->50534 50535 7ff7591a5fb0 _Strcoll 8 API calls 50533->50535 50538 7ff759130560 50535->50538 50536->50539 50540 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50537->50540 50545 7ff7591305c0 50538->50545 50543 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50539->50543 50540->50541 50541->50500 50544 7ff759131650 85 API calls 50542->50544 50543->50537 50544->50499 51366 7ff7591781c0 GetEnvironmentStringsW 50545->51366 50547 7ff759130616 memcpy_s 50548 7ff7591312b0 125 API calls 50547->50548 50575 7ff759130631 ISource memcpy_s 50548->50575 50549 7ff75913073a 50550 7ff7591311e0 85 API calls 50549->50550 50551 7ff759130747 50550->50551 50554 7ff759135430 85 API calls 50551->50554 50579 7ff759130911 ISource 50551->50579 50553 7ff7591309bb ISource 50555 7ff759121740 83 API calls 50553->50555 50556 7ff759130777 50554->50556 50559 7ff7591309d9 50555->50559 50557 7ff759135700 85 API calls 50556->50557 50569 7ff75913078e 50557->50569 50558 7ff759130a13 50561 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50558->50561 51376 7ff759130fa0 50559->51376 50563 7ff759130a18 50561->50563 50570 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50563->50570 50564 7ff7591309e3 50566 7ff7591a5fb0 _Strcoll 8 API calls 50564->50566 50565 7ff759134ae0 124 API calls 50565->50575 50567 7ff7591309f2 50566->50567 50580 7ff75912d6e0 CredEnumerateA 50567->50580 50568 7ff759139d50 85 API calls 50568->50575 50573 7ff759131650 85 API calls 50569->50573 50571 7ff759130a1e 50570->50571 50574 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50571->50574 50572 7ff7591342e0 85 API calls 50572->50575 50577 7ff75913085b 50573->50577 50576 7ff759130a24 50574->50576 50575->50549 50575->50565 50575->50568 50575->50571 50575->50572 51381 7ff759164c10 10 API calls _Strcoll 50575->51381 51382 7ff75913b4f0 50575->51382 50578 7ff759131650 85 API calls 50577->50578 50578->50579 50579->50553 50579->50558 50579->50563 50581 7ff75912e16c 50580->50581 50607 7ff75912d750 ISource 50580->50607 50583 7ff7591a5fb0 _Strcoll 8 API calls 50581->50583 50582 7ff75912e15f CredFree 50582->50581 50584 7ff75912e17b 50583->50584 50584->50326 50585 7ff759135430 85 API calls 50585->50607 50586 7ff759135700 85 API calls 50586->50607 50587 7ff7591366b0 85 API calls 50587->50607 50588 7ff759131650 85 API calls 50588->50607 50589 7ff7591a5fd8 85 API calls std::_Facet_Register 50589->50607 50590 7ff75912e1f5 50595 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50590->50595 50591 7ff75912e219 50592 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50591->50592 50614 7ff75912e21f ISource 50592->50614 50594 7ff75912e207 50601 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50594->50601 50596 7ff75912e1fb 50595->50596 50598 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50596->50598 50597 7ff75912e19c 50602 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50597->50602 50599 7ff75912e201 50598->50599 50604 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50599->50604 50600 7ff75912e1ef 50608 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50600->50608 50603 7ff75912e20d 50601->50603 50611 7ff75912e1a1 50602->50611 50606 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50603->50606 50604->50594 50605 7ff75912e213 50609 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50605->50609 50606->50605 50607->50582 50607->50585 50607->50586 50607->50587 50607->50588 50607->50589 50607->50590 50607->50591 50607->50594 50607->50596 50607->50597 50607->50599 50607->50600 50607->50603 50607->50605 50610 7ff759133340 85 API calls 50607->50610 50607->50611 51418 7ff75914bd30 85 API calls 2 library calls 50607->51418 50608->50590 50609->50591 50610->50607 51419 7ff759137390 50611->51419 50615 7ff759137460 85 API calls 50616 7ff75912e1dc 50615->50616 50617 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 50616->50617 50617->50600 51427 7ff7591b9260 50618->51427 50620 7ff7591af97b 51439 7ff7591bd7b0 50620->51439 50625 7ff7591b3180 51488 7ff7591aef50 50625->51488 50628 7ff75915c9e0 86 API calls 50630 7ff7591b31e9 memcpy_s 50628->50630 50629 7ff7591389d0 85 API calls 50631 7ff7591b32ea ISource 50629->50631 50630->50629 50630->50631 50634 7ff7591b44b4 50631->50634 50720 7ff7591b44ae 50631->50720 51497 7ff7591b99f0 50631->51497 50633 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50633->50634 50636 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50634->50636 50638 7ff7591b44ba 50636->50638 50640 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50638->50640 50639 7ff7591b34a4 51513 7ff759133850 50639->51513 50642 7ff7591b44c0 50640->50642 50647 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50642->50647 50645 7ff759121740 83 API calls 50648 7ff7591b34c4 50645->50648 50646 7ff759134ae0 124 API calls 50652 7ff7591b3445 50646->50652 50649 7ff7591b44c6 50647->50649 50659 7ff7591b34ef memcpy_s 50648->50659 51517 7ff75915c9e0 50648->51517 50653 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50649->50653 50650 7ff759139d50 85 API calls 50650->50652 50652->50639 50652->50646 50652->50650 50654 7ff7591342e0 85 API calls 50652->50654 51554 7ff7591b07d0 50652->51554 50655 7ff7591b44cc 50653->50655 50654->50652 50657 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50655->50657 50656 7ff7591389d0 85 API calls 50662 7ff7591b35e8 ISource 50656->50662 50658 7ff7591b44d2 50657->50658 50660 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50658->50660 50659->50656 50659->50662 50661 7ff7591b44d8 50660->50661 50668 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50661->50668 50662->50638 50662->50642 50663 7ff7591b3730 50662->50663 50664 7ff7591b37c3 50662->50664 51586 7ff75913a020 85 API calls 5 library calls 50663->51586 51536 7ff7591bc600 50664->51536 50667 7ff7591b37d3 50669 7ff7591b3870 50667->50669 50670 7ff7591b37db 50667->50670 50671 7ff7591b44de 50668->50671 51550 7ff7591b1590 50669->51550 51587 7ff75913a020 85 API calls 5 library calls 50670->51587 50676 7ff7591a5fb0 _Strcoll 8 API calls 50678 7ff759169a1f 50676->50678 50796 7ff75918b598 50678->50796 50695 7ff7591b375d ISource 50695->50676 50720->50633 50797 7ff75918b5c8 50796->50797 51655 7ff7591873cc 50797->51655 50800 7ff75918b61c 50802 7ff759169a2c 50800->50802 51677 7ff7591819b4 83 API calls 2 library calls 50800->51677 50804 7ff7591b81c0 50802->50804 51687 7ff7591bce10 50804->51687 51025 7ff759133280 50942->51025 50948 7ff759164b4e 50947->50948 50955 7ff759164b2f ISource 50947->50955 51140 7ff759127630 50948->51140 50949 7ff7591a5fb0 _Strcoll 8 API calls 50950 7ff759164bee 50949->50950 50950->50483 50952 7ff759164b77 51155 7ff759164c10 10 API calls _Strcoll 50952->51155 50954 7ff759164b85 50954->50955 50956 7ff759164bfc 50954->50956 50955->50949 50957 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 50956->50957 50958 7ff759164c01 50957->50958 50960 7ff759134b04 50959->50960 50961 7ff759134bc0 124 API calls 50960->50961 50962 7ff759134b16 50961->50962 50962->50483 50965 7ff759139d86 50963->50965 50964 7ff759139d9b 50967 7ff759139e6a 50964->50967 50968 7ff759139ea8 50964->50968 50965->50964 50966 7ff7591342e0 85 API calls 50965->50966 50966->50964 50969 7ff759139e7b 50967->50969 51158 7ff759134440 85 API calls Concurrency::cancel_current_task 50967->51158 50971 7ff75911f500 85 API calls 50968->50971 50969->50483 50972 7ff759139eea 50971->50972 50973 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 50972->50973 50974 7ff759139efb 50973->50974 50976 7ff7591343a0 50975->50976 50977 7ff75913431e 50975->50977 50978 7ff7591a5fb0 _Strcoll 8 API calls 50976->50978 51159 7ff759132f40 85 API calls 50977->51159 50980 7ff7591343cd 50978->50980 50980->50483 50981 7ff75913432b 50982 7ff75913438d 50981->50982 50984 7ff7591343e2 50981->50984 50982->50976 51160 7ff759134440 85 API calls Concurrency::cancel_current_task 50982->51160 50985 7ff75911f500 85 API calls 50984->50985 50986 7ff759134424 50985->50986 50987 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 50986->50987 50988 7ff759134435 50987->50988 50990 7ff759131228 50989->50990 50991 7ff75912f584 50990->50991 51161 7ff759133970 85 API calls 6 library calls 50990->51161 50991->50454 50993 7ff759135430 50991->50993 51162 7ff759132610 50993->51162 50995 7ff75913549a 50996 7ff759132610 85 API calls 50995->50996 50997 7ff75912f5c3 50996->50997 51001 7ff759135700 50997->51001 51185 7ff759131ee0 50998->51185 51000 7ff75912178d 51000->50462 51002 7ff759135744 51001->51002 51003 7ff7591a5fd8 std::_Facet_Register 85 API calls 51002->51003 51004 7ff759135759 51003->51004 51005 7ff7591a5fb0 _Strcoll 8 API calls 51004->51005 51006 7ff7591357ad 51005->51006 51006->50469 51008 7ff759131687 51007->51008 51010 7ff75913168f 51007->51010 51200 7ff759137820 85 API calls 2 library calls 51008->51200 51011 7ff759131729 51010->51011 51190 7ff7591376e0 51010->51190 51201 7ff7591378b0 85 API calls 51011->51201 51013 7ff7591316ad 51015 7ff7591316e0 ISource 51013->51015 51020 7ff759131724 51013->51020 51017 7ff7591a5fb0 _Strcoll 8 API calls 51015->51017 51016 7ff759131746 51202 7ff759137460 51016->51202 51018 7ff75913170f 51017->51018 51018->50476 51021 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51020->51021 51021->51011 51023 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 51024 7ff75913176a 51023->51024 51031 7ff759134860 51025->51031 51028 7ff759133900 51135 7ff759134200 51028->51135 51032 7ff7591348c1 51031->51032 51068 7ff7591a5fd8 51031->51068 51046 7ff7591dc61c 51032->51046 51035 7ff7591348d1 51053 7ff759134bc0 51035->51053 51038 7ff75913495e 51039 7ff75913133b 51038->51039 51077 7ff7591dc8e8 6 API calls std::_Lockit::_Lockit 51038->51077 51039->51028 51041 7ff759134986 51078 7ff75911f500 51041->51078 51045 7ff7591349d7 51086 7ff7591dbfbc 51046->51086 51048 7ff7591dc63e 51052 7ff7591dc661 _Yarn memcpy_s 51048->51052 51090 7ff7591dc814 85 API calls std::_Facet_Register 51048->51090 51050 7ff7591dc656 51091 7ff7591dc844 84 API calls std::locale::_Setgloballocale 51050->51091 51052->51035 51054 7ff7591dbfbc std::_Lockit::_Lockit 6 API calls 51053->51054 51055 7ff759134bf0 51054->51055 51056 7ff7591dbfbc std::_Lockit::_Lockit 6 API calls 51055->51056 51058 7ff759134c15 51055->51058 51056->51058 51057 7ff759134c8d 51059 7ff7591a5fb0 _Strcoll 8 API calls 51057->51059 51058->51057 51093 7ff75911f1a0 124 API calls 7 library calls 51058->51093 51060 7ff759134902 51059->51060 51060->51038 51060->51041 51062 7ff759134c9f 51063 7ff759134ca5 51062->51063 51064 7ff759134d06 51062->51064 51094 7ff7591dc5dc 85 API calls std::_Facet_Register 51063->51094 51095 7ff75911ece0 85 API calls 2 library calls 51064->51095 51067 7ff759134d0b 51069 7ff7591a5fe3 51068->51069 51070 7ff7591a5ffc 51069->51070 51072 7ff7591a6002 51069->51072 51096 7ff7591a136c 51069->51096 51070->51032 51076 7ff7591a600d 51072->51076 51099 7ff7591a702c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 51072->51099 51075 7ff7591a6013 51100 7ff75911df10 85 API calls 2 library calls 51076->51100 51077->51039 51107 7ff75911e6a0 51078->51107 51080 7ff75911f523 51081 7ff7591a85d8 51080->51081 51082 7ff7591a85f7 51081->51082 51083 7ff7591a8642 RaiseException 51082->51083 51084 7ff7591a8620 RtlPcToFileHeader 51082->51084 51083->51045 51085 7ff7591a8638 51084->51085 51085->51083 51087 7ff7591dbfd0 51086->51087 51088 7ff7591dbfcb 51086->51088 51087->51048 51092 7ff7591939ac 6 API calls std::_Lockit::_Lockit 51088->51092 51090->51050 51091->51052 51093->51062 51094->51057 51095->51067 51101 7ff7591a13ac 51096->51101 51099->51076 51100->51075 51106 7ff75919393c EnterCriticalSection 51101->51106 51108 7ff75911e6d3 51107->51108 51118 7ff7591327f0 51108->51118 51110 7ff75911e70a 51132 7ff75911e130 83 API calls 2 library calls 51110->51132 51112 7ff75911e7c7 ISource 51112->51080 51113 7ff75911e802 51115 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51113->51115 51114 7ff75911e731 ISource 51114->51112 51114->51113 51116 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51114->51116 51117 7ff75911e808 ISource __std_exception_destroy 51115->51117 51116->51113 51117->51080 51120 7ff75913281e 51118->51120 51121 7ff75913286a 51120->51121 51124 7ff7591328c2 51120->51124 51126 7ff75913283a memcpy_s 51120->51126 51130 7ff7591328fd 51120->51130 51123 7ff7591a5fd8 std::_Facet_Register 85 API calls 51121->51123 51131 7ff7591328f7 51121->51131 51128 7ff759132880 51123->51128 51125 7ff7591a5fd8 std::_Facet_Register 85 API calls 51124->51125 51125->51126 51126->51110 51128->51126 51129 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51128->51129 51129->51131 51134 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51130->51134 51133 7ff75911df10 85 API calls 2 library calls 51131->51133 51132->51114 51133->51130 51136 7ff7591a5fd8 std::_Facet_Register 85 API calls 51135->51136 51137 7ff759134277 51136->51137 51138 7ff7591dc61c 92 API calls 51137->51138 51139 7ff75912f353 51138->51139 51139->50449 51139->50450 51141 7ff759127754 51140->51141 51144 7ff759127656 51140->51144 51157 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51141->51157 51143 7ff7591276cf 51146 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51143->51146 51154 7ff759127661 memcpy_s 51143->51154 51145 7ff75912774f 51144->51145 51148 7ff7591276ba 51144->51148 51149 7ff759127712 51144->51149 51144->51154 51156 7ff75911df10 85 API calls 2 library calls 51145->51156 51150 7ff759127760 51146->51150 51148->51145 51152 7ff7591276c7 51148->51152 51151 7ff7591a5fd8 std::_Facet_Register 85 API calls 51149->51151 51151->51154 51153 7ff7591a5fd8 std::_Facet_Register 85 API calls 51152->51153 51153->51143 51154->50952 51155->50954 51156->51141 51158->50969 51159->50981 51160->50976 51161->50991 51163 7ff75913261d 51162->51163 51164 7ff759132634 51162->51164 51163->50995 51167 7ff75913264e memcpy_s 51164->51167 51168 7ff759138820 51164->51168 51166 7ff75913269c 51166->50995 51167->50995 51169 7ff7591389af 51168->51169 51173 7ff75913884f 51168->51173 51183 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51169->51183 51171 7ff7591388b9 51174 7ff7591a5fd8 std::_Facet_Register 85 API calls 51171->51174 51172 7ff7591389b4 51184 7ff75911df10 85 API calls 2 library calls 51172->51184 51173->51171 51176 7ff7591388e8 51173->51176 51177 7ff7591388ac 51173->51177 51180 7ff75913889f memcpy_s 51173->51180 51174->51180 51178 7ff7591a5fd8 std::_Facet_Register 85 API calls 51176->51178 51177->51171 51177->51172 51178->51180 51179 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51181 7ff7591389c0 51179->51181 51180->51179 51182 7ff75913895e ISource memcpy_s 51180->51182 51182->51166 51184->51180 51186 7ff759131efe 51185->51186 51187 7ff759131f50 ISource 51185->51187 51186->51187 51188 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51186->51188 51187->51000 51189 7ff759131fdc 51188->51189 51191 7ff759137706 51190->51191 51192 7ff75913774c 51191->51192 51193 7ff759137813 51191->51193 51199 7ff7591377bf 51191->51199 51194 7ff7591a5fd8 std::_Facet_Register 85 API calls 51192->51194 51232 7ff75911e110 85 API calls std::_Throw_Cpp_error 51193->51232 51196 7ff75913776a 51194->51196 51222 7ff759133340 51196->51222 51199->51013 51200->51010 51201->51016 51203 7ff7591374b7 51202->51203 51234 7ff759121330 51203->51234 51205 7ff7591374f5 51254 7ff75913c910 51205->51254 51207 7ff7591376c9 51210 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51207->51210 51208 7ff7591376cf 51213 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51208->51213 51209 7ff759137509 ISource 51209->51207 51209->51208 51212 7ff7591376d5 51209->51212 51264 7ff7591a7e88 51209->51264 51210->51208 51215 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51212->51215 51213->51212 51214 7ff759137644 51216 7ff759137691 ISource 51214->51216 51219 7ff7591376c4 51214->51219 51217 7ff7591376db 51215->51217 51218 7ff7591a5fb0 _Strcoll 8 API calls 51216->51218 51220 7ff759131759 51218->51220 51221 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51219->51221 51220->51023 51221->51207 51223 7ff759133496 51222->51223 51224 7ff759133373 51222->51224 51223->51224 51225 7ff7591334a3 51223->51225 51226 7ff7591a5fb0 _Strcoll 8 API calls 51224->51226 51233 7ff759138260 85 API calls 4 library calls 51225->51233 51227 7ff7591333a2 51226->51227 51227->51199 51229 7ff7591334c4 51230 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 51229->51230 51231 7ff7591334d5 51230->51231 51231->51199 51233->51229 51235 7ff75912136b 51234->51235 51236 7ff759121461 51235->51236 51268 7ff759137f00 51235->51268 51294 7ff759133ad0 51236->51294 51239 7ff75912147a 51240 7ff759133ad0 85 API calls 51239->51240 51241 7ff759121493 51240->51241 51242 7ff7591214a0 51241->51242 51299 7ff7591386b0 51241->51299 51244 7ff759133ad0 85 API calls 51242->51244 51245 7ff7591214ea 51244->51245 51246 7ff759133ad0 85 API calls 51245->51246 51247 7ff7591214ff 51246->51247 51248 7ff759121543 ISource 51247->51248 51250 7ff75912157c 51247->51250 51249 7ff7591a5fb0 _Strcoll 8 API calls 51248->51249 51251 7ff759121568 51249->51251 51252 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51250->51252 51251->51205 51253 7ff759121581 ISource __std_exception_destroy 51252->51253 51253->51205 51255 7ff75913c974 51254->51255 51256 7ff75913c968 51254->51256 51258 7ff759133ad0 85 API calls 51255->51258 51257 7ff759137f00 85 API calls 51256->51257 51257->51255 51259 7ff75913c991 51258->51259 51260 7ff759133ad0 85 API calls 51259->51260 51261 7ff75913c9aa 51260->51261 51262 7ff759133ad0 85 API calls 51261->51262 51263 7ff75913c9c3 51262->51263 51263->51209 51265 7ff7591a7ea9 51264->51265 51266 7ff7591a7ede _Yarn 51264->51266 51265->51266 51336 7ff75918b740 83 API calls 2 library calls 51265->51336 51266->51214 51269 7ff75913803a 51268->51269 51273 7ff759137f29 51268->51273 51314 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51269->51314 51271 7ff759137f8e 51274 7ff7591a5fd8 std::_Facet_Register 85 API calls 51271->51274 51272 7ff75913803f 51315 7ff75911df10 85 API calls 2 library calls 51272->51315 51273->51271 51275 7ff759137fbd 51273->51275 51276 7ff759137f81 51273->51276 51280 7ff759137f74 memcpy_s 51273->51280 51274->51280 51278 7ff7591a5fd8 std::_Facet_Register 85 API calls 51275->51278 51276->51271 51276->51272 51278->51280 51279 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51282 7ff75913804b 51279->51282 51280->51279 51281 7ff759138007 ISource memcpy_s 51280->51281 51281->51236 51283 7ff7591380ac 51282->51283 51285 7ff75913807c memcpy_s 51282->51285 51286 7ff7591380fa 51282->51286 51287 7ff759138105 51282->51287 51284 7ff7591a5fd8 std::_Facet_Register 85 API calls 51283->51284 51290 7ff7591380c2 51284->51290 51285->51236 51286->51283 51288 7ff75913813f 51286->51288 51289 7ff7591a5fd8 std::_Facet_Register 85 API calls 51287->51289 51316 7ff75911df10 85 API calls 2 library calls 51288->51316 51289->51285 51290->51285 51292 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51290->51292 51293 7ff75913814a 51292->51293 51293->51236 51295 7ff759133b32 51294->51295 51296 7ff759133af3 memcpy_s 51294->51296 51317 7ff7591389d0 51295->51317 51296->51239 51298 7ff759133b4b 51298->51239 51300 7ff759138805 51299->51300 51304 7ff7591386df 51299->51304 51334 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51300->51334 51302 7ff759138744 51305 7ff7591a5fd8 std::_Facet_Register 85 API calls 51302->51305 51303 7ff75913880a 51335 7ff75911df10 85 API calls 2 library calls 51303->51335 51304->51302 51307 7ff759138737 51304->51307 51308 7ff759138773 51304->51308 51312 7ff75913872a memcpy_s 51304->51312 51305->51312 51307->51302 51307->51303 51309 7ff7591a5fd8 std::_Facet_Register 85 API calls 51308->51309 51309->51312 51310 7ff7591387c6 ISource memcpy_s 51310->51242 51311 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51313 7ff759138816 51311->51313 51312->51310 51312->51311 51315->51280 51316->51290 51318 7ff759138b46 51317->51318 51323 7ff759138a08 51317->51323 51332 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51318->51332 51319 7ff759138a6d 51322 7ff7591a5fd8 std::_Facet_Register 85 API calls 51319->51322 51321 7ff759138b4b 51333 7ff75911df10 85 API calls 2 library calls 51321->51333 51328 7ff759138a53 memcpy_s 51322->51328 51323->51319 51325 7ff759138a9c 51323->51325 51326 7ff759138a60 51323->51326 51323->51328 51327 7ff7591a5fd8 std::_Facet_Register 85 API calls 51325->51327 51326->51319 51326->51321 51327->51328 51329 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51328->51329 51331 7ff759138afc ISource memcpy_s 51328->51331 51330 7ff759138b57 51329->51330 51331->51298 51333->51328 51335->51312 51336->51266 51338 7ff7591747b4 RegOpenKeyExA 51337->51338 51339 7ff759174a04 51338->51339 51344 7ff7591747d7 51338->51344 51340 7ff759174a0d RegCloseKey 51339->51340 51341 7ff759174a13 51339->51341 51340->51341 51343 7ff7591a5fb0 _Strcoll 8 API calls 51341->51343 51342 7ff7591747e0 RegEnumKeyExA 51342->51344 51345 7ff759174a25 51343->51345 51344->51339 51344->51342 51346 7ff759174a46 51344->51346 51345->50502 51360 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51346->51360 51354 7ff759131449 ISource 51353->51354 51355 7ff759131411 51353->51355 51354->50495 51361 7ff7591381d0 51355->51361 51358 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51359 7ff759131469 51358->51359 51362 7ff75913141d 51361->51362 51363 7ff7591381d5 ISource 51361->51363 51362->51354 51362->51358 51363->51362 51364 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51363->51364 51365 7ff759138253 51364->51365 51369 7ff759178210 ISource 51366->51369 51370 7ff7591782d8 FreeEnvironmentStringsW 51369->51370 51371 7ff759178305 51369->51371 51396 7ff75917ba70 85 API calls 5 library calls 51369->51396 51397 7ff75917eee0 85 API calls 4 library calls 51369->51397 51370->50547 51372 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51371->51372 51373 7ff75917830a 51372->51373 51374 7ff759178374 51373->51374 51375 7ff759178343 RtlInitUnicodeString RtlInitUnicodeString 51373->51375 51374->50547 51375->50547 51378 7ff759130fe6 ISource 51376->51378 51379 7ff759130fb1 51376->51379 51378->50564 51379->51376 51379->51378 51380 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51379->51380 51398 7ff759127a00 83 API calls 2 library calls 51379->51398 51380->51379 51381->50575 51383 7ff75913b534 51382->51383 51385 7ff75913b569 51383->51385 51386 7ff7591342e0 85 API calls 51383->51386 51384 7ff75913b59d 51387 7ff75913b71c 51384->51387 51388 7ff75913b765 51384->51388 51385->51384 51399 7ff759132020 51385->51399 51386->51385 51389 7ff75913b72d 51387->51389 51403 7ff759134440 85 API calls Concurrency::cancel_current_task 51387->51403 51391 7ff75911f500 85 API calls 51388->51391 51389->50575 51392 7ff75913b7a9 51391->51392 51393 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 51392->51393 51394 7ff75913b7ba 51393->51394 51396->51369 51397->51369 51398->51379 51400 7ff759132043 memcpy_s 51399->51400 51401 7ff7591320b6 51399->51401 51400->51401 51404 7ff759131ce0 51400->51404 51401->51384 51403->51389 51405 7ff759131d0d ISource 51404->51405 51407 7ff759131d08 51404->51407 51405->51400 51406 7ff759131dc7 51408 7ff7591a5fd8 std::_Facet_Register 85 API calls 51406->51408 51407->51405 51407->51406 51409 7ff759131d89 51407->51409 51411 7ff759131d96 51407->51411 51414 7ff759131d7b memcpy_s 51407->51414 51408->51414 51410 7ff759131ecc 51409->51410 51409->51411 51417 7ff75911df10 85 API calls 2 library calls 51410->51417 51411->51405 51412 7ff7591a5fd8 std::_Facet_Register 85 API calls 51411->51412 51412->51414 51414->51405 51415 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51414->51415 51416 7ff759131ed7 51415->51416 51417->51414 51418->50607 51420 7ff7591373e0 51419->51420 51420->51420 51421 7ff75913740e 51420->51421 51422 7ff759137f00 85 API calls 51420->51422 51423 7ff759133ad0 85 API calls 51421->51423 51422->51421 51424 7ff75913742a 51423->51424 51425 7ff759133ad0 85 API calls 51424->51425 51426 7ff75912e1c7 51425->51426 51426->50615 51428 7ff7591a5fd8 std::_Facet_Register 85 API calls 51427->51428 51429 7ff7591b928d 51428->51429 51430 7ff7591a5fd8 std::_Facet_Register 85 API calls 51429->51430 51431 7ff7591b92a8 memcpy_s 51430->51431 51451 7ff7591b8fa0 51431->51451 51433 7ff7591b92d1 51434 7ff7591b92f7 51433->51434 51436 7ff7591b936f 51433->51436 51456 7ff75913a020 85 API calls 5 library calls 51434->51456 51437 7ff7591b9320 51436->51437 51457 7ff75913a020 85 API calls 5 library calls 51436->51457 51437->50620 51440 7ff7591bd7df 51439->51440 51441 7ff7591a5fd8 std::_Facet_Register 85 API calls 51440->51441 51442 7ff7591bd809 51441->51442 51443 7ff7591b96c0 85 API calls 51442->51443 51444 7ff7591af9f3 51443->51444 51445 7ff7591c31b0 51444->51445 51446 7ff7591c31c5 51445->51446 51473 7ff7591ccc70 51446->51473 51452 7ff7591a5fd8 std::_Facet_Register 85 API calls 51451->51452 51453 7ff7591b8fc6 51452->51453 51458 7ff7591b96c0 51453->51458 51455 7ff7591b9002 51455->51433 51456->51437 51457->51437 51459 7ff7591b97d2 51458->51459 51460 7ff7591b96f0 51458->51460 51459->51455 51461 7ff7591b97ee 51460->51461 51462 7ff7591b9747 51460->51462 51463 7ff7591b971e 51460->51463 51472 7ff75911df10 85 API calls 2 library calls 51461->51472 51466 7ff7591b9730 51462->51466 51468 7ff7591a5fd8 std::_Facet_Register 85 API calls 51462->51468 51463->51461 51465 7ff7591b972b 51463->51465 51467 7ff7591a5fd8 std::_Facet_Register 85 API calls 51465->51467 51469 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51466->51469 51470 7ff7591b9794 ISource 51466->51470 51467->51466 51468->51466 51471 7ff7591b97f9 51469->51471 51470->51455 51472->51466 51480 7ff7591cce70 51473->51480 51476 7ff7591cc170 51477 7ff759169a11 51476->51477 51478 7ff7591cc18b 51476->51478 51477->50625 51479 7ff7591cc1ca GetSystemInfo 51478->51479 51479->51477 51485 7ff7591cc4b0 51480->51485 51482 7ff7591c31db 51482->51476 51483 7ff7591cce94 51483->51482 51484 7ff7591ccf32 InitializeCriticalSection 51483->51484 51484->51482 51486 7ff7591cc4bf GetSystemInfo 51485->51486 51487 7ff7591cc517 51485->51487 51486->51487 51487->51483 51489 7ff7591653a0 125 API calls 51488->51489 51490 7ff7591aef77 51489->51490 51588 7ff7591350c0 51490->51588 51492 7ff7591aef89 51493 7ff759133850 85 API calls 51492->51493 51494 7ff7591aefeb 51493->51494 51495 7ff759121740 83 API calls 51494->51495 51496 7ff7591aeff6 51495->51496 51496->50628 51496->50630 51498 7ff7591ba310 ISource 51497->51498 51500 7ff7591b9a62 51497->51500 51499 7ff7591a5fb0 _Strcoll 8 API calls 51498->51499 51501 7ff7591b3433 51499->51501 51601 7ff7591abfa0 GetCurrentProcess ReadProcessMemory 51500->51601 51507 7ff7591653a0 51501->51507 51504 7ff7591b9acf 51504->51498 51610 7ff7591ba3a0 85 API calls 5 library calls 51504->51610 51508 7ff7591653c1 51507->51508 51509 7ff759133280 125 API calls 51508->51509 51510 7ff759165438 51509->51510 51511 7ff759134200 92 API calls 51510->51511 51512 7ff759165469 51511->51512 51512->50652 51514 7ff75913388f 51513->51514 51515 7ff7591338ee 51514->51515 51611 7ff759133970 85 API calls 6 library calls 51514->51611 51515->50645 51518 7ff75915cb8e 51517->51518 51520 7ff75915ca1c 51517->51520 51612 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51518->51612 51522 7ff75915ca82 51520->51522 51524 7ff75915ca75 51520->51524 51525 7ff75915cab1 51520->51525 51532 7ff75915ca68 memcpy_s 51520->51532 51521 7ff75915cb93 51613 7ff75911df10 85 API calls 2 library calls 51521->51613 51523 7ff7591a5fd8 std::_Facet_Register 85 API calls 51522->51523 51523->51532 51524->51521 51524->51522 51527 7ff7591a5fd8 std::_Facet_Register 85 API calls 51525->51527 51527->51532 51528 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51529 7ff75915cb9f 51528->51529 51614 7ff759156ea0 84 API calls 2 library calls 51529->51614 51531 7ff75915cbb8 51615 7ff7591db510 84 API calls __std_fs_directory_iterator_open 51531->51615 51532->51528 51535 7ff75915cb32 ISource memcpy_s 51532->51535 51534 7ff75915cbc2 51535->50659 51537 7ff7591bc76b 51536->51537 51549 7ff7591bc635 51536->51549 51621 7ff75913a020 85 API calls 5 library calls 51537->51621 51539 7ff7591bc8f1 51624 7ff75913a020 85 API calls 5 library calls 51539->51624 51541 7ff7591bc78c 51541->50667 51543 7ff7591bc87c 51623 7ff75913a020 85 API calls 5 library calls 51543->51623 51546 7ff7591b99f0 90 API calls 51546->51549 51547 7ff7591bc811 51622 7ff75913a020 85 API calls 5 library calls 51547->51622 51549->51537 51549->51539 51549->51541 51549->51543 51549->51546 51549->51547 51616 7ff7591b2fa0 51549->51616 51620 7ff75913a020 85 API calls 5 library calls 51549->51620 51551 7ff7591b17ce 51550->51551 51625 7ff75913a020 85 API calls 5 library calls 51551->51625 51553 7ff7591b19f5 51555 7ff7591653a0 125 API calls 51554->51555 51561 7ff7591b0807 51555->51561 51556 7ff7591b08a7 51557 7ff7591350c0 85 API calls 51556->51557 51558 7ff7591b08da 51557->51558 51560 7ff7591350c0 85 API calls 51558->51560 51563 7ff7591b08f9 51560->51563 51561->51556 51562 7ff7591350c0 85 API calls 51561->51562 51640 7ff7591b05c0 130 API calls 4 library calls 51561->51640 51562->51561 51564 7ff759133850 85 API calls 51563->51564 51565 7ff7591b094d 51564->51565 51566 7ff75913b4f0 85 API calls 51565->51566 51567 7ff7591b0968 ISource 51566->51567 51581 7ff7591b0ae6 51567->51581 51626 7ff7591b3020 51567->51626 51570 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51571 7ff7591b0aec 51570->51571 51572 7ff75913b4f0 85 API calls 51573 7ff7591b09ca 51572->51573 51581->51570 51586->50695 51587->50695 51589 7ff7591350f7 51588->51589 51590 7ff7591342e0 85 API calls 51589->51590 51595 7ff759135145 51589->51595 51590->51595 51591 7ff759135347 51596 7ff75911f500 85 API calls 51591->51596 51592 7ff75913530e 51592->51492 51593 7ff7591352fd 51593->51592 51600 7ff759134440 85 API calls Concurrency::cancel_current_task 51593->51600 51595->51591 51595->51593 51597 7ff759135389 51596->51597 51598 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 51597->51598 51599 7ff75913539a 51598->51599 51600->51592 51602 7ff7591ac000 GetLastError 51601->51602 51603 7ff7591abff6 51601->51603 51604 7ff7591abffc 51602->51604 51605 7ff7591ac00d VirtualQueryEx 51602->51605 51603->51602 51603->51604 51604->51498 51609 7ff7591e4d50 8 API calls 2 library calls 51604->51609 51605->51604 51606 7ff7591ac029 51605->51606 51606->51604 51607 7ff7591ac03c ReadProcessMemory 51606->51607 51607->51604 51608 7ff7591ac057 51607->51608 51608->51604 51609->51504 51610->51498 51611->51515 51613->51532 51614->51531 51615->51534 51617 7ff7591b2faa 51616->51617 51618 7ff7591abfa0 5 API calls 51617->51618 51619 7ff7591b3007 51617->51619 51618->51619 51619->51549 51620->51549 51621->51541 51622->51541 51623->51541 51624->51541 51625->51553 51627 7ff7591b3151 51626->51627 51628 7ff7591b306d 51626->51628 51653 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 51627->51653 51641 7ff759139f00 51628->51641 51632 7ff7591b30a3 51633 7ff759133ad0 85 API calls 51632->51633 51634 7ff7591b30c3 51633->51634 51635 7ff7591b3122 ISource 51634->51635 51638 7ff7591b314c 51634->51638 51636 7ff7591a5fb0 _Strcoll 8 API calls 51635->51636 51637 7ff7591b09b0 51636->51637 51637->51572 51639 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51638->51639 51639->51627 51640->51561 51642 7ff759139f53 51641->51642 51643 7ff759139f87 memcpy_s 51641->51643 51642->51643 51644 7ff759139f68 51642->51644 51645 7ff759139fc6 51642->51645 51643->51632 51646 7ff7591a5fd8 std::_Facet_Register 85 API calls 51644->51646 51647 7ff75913a017 51644->51647 51648 7ff7591a5fd8 std::_Facet_Register 85 API calls 51645->51648 51649 7ff759139f7e 51646->51649 51654 7ff75911df10 85 API calls 2 library calls 51647->51654 51648->51643 51649->51643 51652 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 51649->51652 51651 7ff75913a01d 51652->51647 51654->51651 51656 7ff7591873fd 51655->51656 51657 7ff75918740f 51655->51657 51678 7ff759188590 11 API calls memcpy_s 51656->51678 51659 7ff759187459 51657->51659 51662 7ff75918741c 51657->51662 51660 7ff759187474 51659->51660 51681 7ff759188140 83 API calls ProcessCodePage 51659->51681 51668 7ff759187496 51660->51668 51682 7ff75918728c 85 API calls _Getctype 51660->51682 51661 7ff759187402 51679 7ff759183ba4 83 API calls _invalid_parameter_noinfo 51661->51679 51680 7ff759183ad8 83 API calls 2 library calls 51662->51680 51667 7ff759187537 51671 7ff75918740d 51667->51671 51685 7ff759188590 11 API calls memcpy_s 51667->51685 51668->51667 51683 7ff759188590 11 API calls memcpy_s 51668->51683 51671->50800 51676 7ff7591819b4 83 API calls 2 library calls 51671->51676 51672 7ff75918752c 51684 7ff759183ba4 83 API calls _invalid_parameter_noinfo 51672->51684 51673 7ff7591875e2 51686 7ff759183ba4 83 API calls _invalid_parameter_noinfo 51673->51686 51676->50800 51677->50802 51678->51661 51679->51671 51680->51671 51681->51660 51682->51660 51683->51672 51684->51667 51685->51673 51686->51671 52847 7ff759134585 52848 7ff7591a5fd8 std::_Facet_Register 85 API calls 52847->52848 52849 7ff759134597 52848->52849 52850 7ff7591a5fd8 std::_Facet_Register 85 API calls 52849->52850 52851 7ff7591345c6 52850->52851 52856 7ff75914ad70 52851->52856 52853 7ff7591345ec 52853->52853 52854 7ff7591a5fb0 _Strcoll 8 API calls 52853->52854 52855 7ff759134823 52854->52855 52857 7ff75914ae42 52856->52857 52858 7ff75914ada2 52856->52858 52857->52853 52859 7ff7591a5fd8 std::_Facet_Register 85 API calls 52858->52859 52860 7ff75914adbd 52859->52860 52861 7ff7591327f0 std::_Throw_Cpp_error 85 API calls 52860->52861 52862 7ff75914addb 52861->52862 52863 7ff759134520 8 API calls 52862->52863 52864 7ff75914adea 52863->52864 52865 7ff75914ad70 85 API calls 52864->52865 52866 7ff75914ae2f 52865->52866 52867 7ff75914ad70 85 API calls 52866->52867 52867->52857 52868 7ff759154200 52869 7ff759121230 102 API calls 52868->52869 52870 7ff75915425f 52869->52870 52871 7ff759121230 102 API calls 52870->52871 52872 7ff759154ad4 52871->52872 52873 7ff75911fc20 85 API calls 52872->52873 52885 7ff759154ef6 ISource 52872->52885 52875 7ff759154b0a 52873->52875 52874 7ff7591a5fb0 _Strcoll 8 API calls 52876 7ff759154f21 52874->52876 52877 7ff75911fab0 91 API calls 52875->52877 52878 7ff759154b18 52877->52878 52969 7ff759157010 52878->52969 52881 7ff75916ceb0 209 API calls 52882 7ff759154bdd 52881->52882 52883 7ff759123a40 209 API calls 52882->52883 52884 7ff759154ebd 52883->52884 52884->52885 52886 7ff759154f3d 52884->52886 52885->52874 52887 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 52886->52887 52888 7ff759154f42 52887->52888 52889 7ff759137390 85 API calls 52888->52889 52890 7ff759154f65 52889->52890 52891 7ff759137460 85 API calls 52890->52891 52892 7ff759154f7a 52891->52892 52893 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 52892->52893 52894 7ff759154f8d 52893->52894 52973 7ff759120910 52894->52973 52970 7ff759157036 52969->52970 52979 7ff759158620 52970->52979 52972 7ff759154b2b 52972->52881 52974 7ff759120929 52973->52974 52984 7ff7591202b0 90 API calls 3 library calls 52974->52984 52976 7ff759120960 52977 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 52976->52977 52978 7ff759120971 52977->52978 52980 7ff7591586dc 52979->52980 52983 7ff75915864e memcpy_s 52979->52983 52981 7ff75915c9e0 86 API calls 52980->52981 52982 7ff7591586fa 52981->52982 52982->52972 52983->52972 52984->52976 52985 7ff75916d260 53024 7ff759172f20 GetUserGeoID GetGeoInfoA 52985->53024 52987 7ff759145210 85 API calls 52988 7ff75916d31f 52987->52988 52990 7ff759131650 85 API calls 52988->52990 52989 7ff75916d2a5 _Strcoll 52989->52987 53020 7ff75916d4a8 ISource 52989->53020 52991 7ff75916d366 52990->52991 52994 7ff759131650 85 API calls 52991->52994 52992 7ff75916d4e0 ISource 52993 7ff7591a5fb0 _Strcoll 8 API calls 52992->52993 52995 7ff75916d504 52993->52995 52996 7ff75916d3a3 52994->52996 52999 7ff75916d3cd WSAStartup 52996->52999 52997 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 52998 7ff75916d654 52997->52998 53003 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 52998->53003 53000 7ff75916d3e7 socket 52999->53000 52999->53020 53001 7ff75916d411 htons 53000->53001 53002 7ff75916d4a2 WSACleanup 53000->53002 53004 7ff75916d54c 53001->53004 53010 7ff75916d444 53001->53010 53002->53020 53005 7ff75916d65a 53003->53005 53007 7ff75916c490 87 API calls 53004->53007 53008 7ff75916d55d 53007->53008 53011 7ff759132500 83 API calls 53008->53011 53009 7ff75916d459 inet_pton connect 53009->53010 53012 7ff75916d52a 53009->53012 53010->53009 53014 7ff75916d495 closesocket 53010->53014 53030 7ff75917b6e0 53010->53030 53013 7ff75916d570 ISource 53011->53013 53012->53004 53036 7ff759133970 85 API calls 6 library calls 53012->53036 53013->52998 53015 7ff75916c490 87 API calls 53013->53015 53014->53002 53016 7ff75916d5d8 53015->53016 53018 7ff759132500 83 API calls 53016->53018 53019 7ff75916d5ee 53018->53019 53019->53020 53021 7ff75916d649 53019->53021 53020->52992 53023 7ff75916d64e 53020->53023 53022 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53021->53022 53022->53023 53023->52997 53025 7ff759132610 85 API calls 53024->53025 53026 7ff759172f95 GetGeoInfoA 53025->53026 53028 7ff759132610 85 API calls 53026->53028 53029 7ff759172fc8 53028->53029 53029->52989 53031 7ff75917b6fc 53030->53031 53033 7ff75917b72b memcpy_s 53031->53033 53037 7ff75918b390 85 API calls _Strcoll 53031->53037 53035 7ff75917b7aa memcpy_s 53033->53035 53038 7ff75918b390 85 API calls _Strcoll 53033->53038 53035->53010 53036->53004 53037->53031 53038->53033 53039 7ff759142d68 53040 7ff759142d72 53039->53040 53041 7ff759142d96 ISource 53039->53041 53040->53041 53042 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53040->53042 53043 7ff759142dbc 53042->53043 53044 7ff759133fc8 53047 7ff759133eb0 ISource 53044->53047 53046 7ff759134050 ISource 53048 7ff7591a5fb0 _Strcoll 8 API calls 53046->53048 53050 7ff759134a50 83 API calls 2 library calls 53047->53050 53049 7ff75913415f 53048->53049 53050->53046 53051 7ff75912a5ad 53052 7ff75912a5bc 53051->53052 53269 7ff7591326c0 53052->53269 53054 7ff75912a5c6 53055 7ff75912a5de 53054->53055 53355 7ff759121190 109 API calls _Strcoll 53054->53355 53062 7ff75912a5e2 ISource 53055->53062 53356 7ff759120ea0 115 API calls 53055->53356 53058 7ff75912ba8f 53059 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53058->53059 53061 7ff75912ba95 53059->53061 53060 7ff75912b9f2 ISource 53064 7ff7591a5fb0 _Strcoll 8 API calls 53060->53064 53063 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53061->53063 53062->53058 53062->53060 53062->53061 53065 7ff75912ba9b 53062->53065 53066 7ff75912ba3e 53062->53066 53110 7ff75912ba71 53062->53110 53118 7ff75912ba77 53062->53118 53125 7ff75912ba7d 53062->53125 53131 7ff75912ba83 53062->53131 53134 7ff75912ba89 53062->53134 53063->53065 53068 7ff75912ba1d 53064->53068 53067 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53065->53067 53069 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53066->53069 53142 7ff75912baa1 ISource 53067->53142 53071 7ff75912ba43 53069->53071 53070 7ff75912cb3e 53072 7ff7591a5fb0 _Strcoll 8 API calls 53070->53072 53074 7ff759120910 90 API calls 53071->53074 53073 7ff75912cb4d 53072->53073 53075 7ff75912ba53 53074->53075 53076 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53075->53076 53078 7ff75912ba59 53076->53078 53077 7ff75911ff50 85 API calls 53077->53142 53080 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53078->53080 53079 7ff759121230 102 API calls 53079->53142 53082 7ff75912ba5f 53080->53082 53081 7ff75912cbae 53084 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53081->53084 53086 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53082->53086 53083 7ff75912a90c 53087 7ff75911ff50 85 API calls 53083->53087 53088 7ff75912cbb4 53084->53088 53085 7ff75912cb93 53089 7ff759120980 90 API calls 53085->53089 53091 7ff75912ba65 53086->53091 53092 7ff75912aa20 53087->53092 53094 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53088->53094 53089->53081 53096 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53091->53096 53093 7ff759120180 83 API calls 53092->53093 53097 7ff75912aa2a 53093->53097 53098 7ff75912cbba 53094->53098 53095 7ff75912cb73 53099 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53095->53099 53101 7ff75912ba6b 53096->53101 53369 7ff759121190 109 API calls _Strcoll 53097->53369 53103 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53098->53103 53102 7ff75912cb78 53099->53102 53106 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53101->53106 53108 7ff759120980 90 API calls 53102->53108 53104 7ff75912cbc0 53103->53104 53112 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53104->53112 53105 7ff75912cbcc 53400 7ff7591344f0 85 API calls 53105->53400 53106->53110 53108->53085 53114 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53110->53114 53111 7ff75912aa43 53177 7ff75912adf1 53111->53177 53370 7ff759120ea0 115 API calls 53111->53370 53117 7ff75912cbc6 53112->53117 53113 7ff75912cbd2 53121 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53113->53121 53114->53118 53116 7ff759120180 83 API calls 53167 7ff75912a66c 53116->53167 53122 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53117->53122 53126 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53118->53126 53124 7ff75912cbd8 53121->53124 53122->53105 53123 7ff75912af19 _Strcoll 53127 7ff75912b778 53123->53127 53152 7ff75912af56 ISource 53123->53152 53132 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53124->53132 53130 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53125->53130 53126->53125 53383 7ff759130c30 83 API calls 2 library calls 53127->53383 53128 7ff75916ceb0 209 API calls 53128->53167 53130->53131 53133 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53131->53133 53136 7ff75912cbde 53132->53136 53133->53134 53138 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53134->53138 53141 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53136->53141 53138->53058 53145 7ff75912cbe4 53141->53145 53142->53070 53142->53077 53142->53079 53142->53081 53142->53085 53142->53088 53142->53095 53142->53098 53142->53102 53142->53104 53142->53105 53142->53113 53142->53117 53142->53124 53142->53136 53143 7ff759123a40 209 API calls 53142->53143 53142->53145 53146 7ff75912cbea 53142->53146 53147 7ff75912cc00 53142->53147 53155 7ff759133340 85 API calls 53142->53155 53157 7ff759135430 85 API calls 53142->53157 53160 7ff759135700 85 API calls 53142->53160 53172 7ff75916ceb0 209 API calls 53142->53172 53182 7ff759133590 85 API calls 53142->53182 53189 7ff759120ef0 87 API calls 53142->53189 53190 7ff75911fc20 85 API calls 53142->53190 53202 7ff75911fab0 91 API calls 53142->53202 53216 7ff759131650 85 API calls 53142->53216 53228 7ff759145210 85 API calls 53142->53228 53251 7ff7591327f0 85 API calls std::_Throw_Cpp_error 53142->53251 53258 7ff759131570 85 API calls 53142->53258 53274 7ff75916dd50 53142->53274 53346 7ff7591364d0 85 API calls memcpy_s 53142->53346 53347 7ff759164db0 CryptUnprotectData 53142->53347 53384 7ff759132720 83 API calls 2 library calls 53142->53384 53385 7ff759134ef0 53142->53385 53143->53142 53144 7ff75912b2a6 53381 7ff759128b60 211 API calls 4 library calls 53144->53381 53154 7ff75911f6b0 2 API calls 53145->53154 53150 7ff759120910 90 API calls 53146->53150 53151 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53147->53151 53149 7ff75911fc20 85 API calls 53149->53167 53150->53147 53164 7ff75912cc06 53151->53164 53152->53078 53152->53082 53152->53091 53152->53144 53152->53152 53178 7ff7591327f0 85 API calls std::_Throw_Cpp_error 53152->53178 53379 7ff759136bd0 85 API calls 3 library calls 53152->53379 53380 7ff75913c190 85 API calls 4 library calls 53152->53380 53153 7ff75912b2b9 53159 7ff759133590 85 API calls 53153->53159 53163 7ff75912b5fa ISource 53153->53163 53154->53146 53155->53142 53156 7ff75912aa5e 53156->53071 53170 7ff759121230 102 API calls 53156->53170 53156->53177 53179 7ff759120ef0 87 API calls 53156->53179 53181 7ff75916ceb0 209 API calls 53156->53181 53193 7ff759123a40 209 API calls 53156->53193 53204 7ff75911fc20 85 API calls 53156->53204 53210 7ff75911fab0 91 API calls 53156->53210 53215 7ff759135700 85 API calls 53156->53215 53226 7ff7591326c0 83 API calls 53156->53226 53233 7ff7591322b0 85 API calls 53156->53233 53244 7ff759135670 85 API calls 53156->53244 53247 7ff759131790 8 API calls 53156->53247 53248 7ff7591327f0 std::_Throw_Cpp_error 85 API calls 53156->53248 53249 7ff759131650 85 API calls 53156->53249 53252 7ff759131570 85 API calls 53156->53252 53259 7ff759132490 83 API calls 53156->53259 53261 7ff759120180 83 API calls 53156->53261 53371 7ff7591317f0 85 API calls 53156->53371 53372 7ff7591356d0 85 API calls 53156->53372 53373 7ff75911fbe0 53156->53373 53376 7ff7591364d0 85 API calls memcpy_s 53156->53376 53377 7ff759132720 83 API calls 2 library calls 53156->53377 53157->53142 53158 7ff75911fab0 91 API calls 53158->53167 53161 7ff75912b2eb 53159->53161 53160->53142 53169 7ff7591a5fd8 std::_Facet_Register 85 API calls 53161->53169 53162 7ff759135700 85 API calls 53162->53167 53163->53101 53382 7ff75912a240 83 API calls 2 library calls 53163->53382 53168 7ff75911ff50 85 API calls 53164->53168 53165 7ff759135670 85 API calls 53165->53167 53167->53083 53167->53116 53167->53128 53167->53149 53167->53158 53167->53162 53167->53165 53174 7ff7591326c0 83 API calls 53167->53174 53212 7ff759131790 8 API calls 53167->53212 53218 7ff7591327f0 std::_Throw_Cpp_error 85 API calls 53167->53218 53220 7ff759131650 85 API calls 53167->53220 53224 7ff759131570 85 API calls 53167->53224 53357 7ff7591317f0 85 API calls 53167->53357 53358 7ff7591322b0 85 API calls 3 library calls 53167->53358 53359 7ff7591356d0 85 API calls 53167->53359 53360 7ff759120ef0 53167->53360 53171 7ff75912cdb6 ISource 53168->53171 53186 7ff75912b3b6 53169->53186 53170->53156 53175 7ff759121230 102 API calls 53171->53175 53176 7ff75912d693 53171->53176 53172->53142 53174->53167 53205 7ff75912ce19 53175->53205 53180 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53176->53180 53177->53062 53378 7ff759136680 129 API calls 53177->53378 53178->53152 53179->53156 53184 7ff75912d699 53180->53184 53181->53156 53182->53142 53183 7ff75912d678 53188 7ff759120980 90 API calls 53183->53188 53194 7ff759120910 90 API calls 53184->53194 53185 7ff75912d618 ISource 53191 7ff7591a5fb0 _Strcoll 8 API calls 53185->53191 53192 7ff759131650 85 API calls 53186->53192 53188->53176 53189->53142 53190->53142 53198 7ff75912d644 53191->53198 53199 7ff75912b466 53192->53199 53193->53156 53201 7ff75912d6af 53194->53201 53196 7ff75912d673 53203 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53196->53203 53208 7ff759135430 85 API calls 53199->53208 53206 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53201->53206 53202->53142 53203->53183 53204->53156 53207 7ff759134ef0 110 API calls 53205->53207 53237 7ff75912d4c7 ISource 53205->53237 53209 7ff75912d6b5 53206->53209 53267 7ff75912cf2d ISource _Strcoll 53207->53267 53211 7ff75912b4d6 53208->53211 53214 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53209->53214 53210->53156 53213 7ff759135700 85 API calls 53211->53213 53212->53167 53217 7ff75912b4f2 53213->53217 53219 7ff75912d6bb 53214->53219 53215->53156 53216->53142 53222 7ff759131650 85 API calls 53217->53222 53218->53167 53221 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53219->53221 53220->53167 53223 7ff75912d6c1 53221->53223 53230 7ff75912b548 ISource 53222->53230 53225 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53223->53225 53224->53167 53227 7ff75912d6c7 53225->53227 53226->53156 53229 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53227->53229 53228->53142 53232 7ff75912d6cd 53229->53232 53230->53075 53231 7ff7591327f0 std::_Throw_Cpp_error 85 API calls 53230->53231 53234 7ff75912b5de 53231->53234 53239 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53232->53239 53233->53156 53238 7ff759131650 85 API calls 53234->53238 53235 7ff759120ef0 87 API calls 53235->53267 53237->53183 53237->53185 53237->53196 53237->53201 53241 7ff75912b5ee 53238->53241 53242 7ff75912d6d3 53239->53242 53243 7ff759131570 85 API calls 53241->53243 53245 7ff75911f6b0 2 API calls 53242->53245 53243->53163 53244->53156 53246 7ff75912d6d9 53245->53246 53247->53156 53248->53156 53249->53156 53250 7ff75916ceb0 209 API calls 53250->53267 53251->53142 53252->53156 53253 7ff759133590 85 API calls 53253->53267 53254 7ff759123a40 209 API calls 53254->53267 53255 7ff75911fc20 85 API calls 53255->53267 53257 7ff75911fab0 91 API calls 53257->53267 53258->53142 53259->53156 53260 7ff759135430 85 API calls 53260->53267 53261->53156 53262 7ff759135700 85 API calls 53262->53267 53264 7ff759131650 85 API calls 53264->53267 53266 7ff759145210 85 API calls 53266->53267 53267->53184 53267->53209 53267->53219 53267->53223 53267->53227 53267->53232 53267->53235 53267->53237 53267->53242 53267->53250 53267->53253 53267->53254 53267->53255 53267->53257 53267->53260 53267->53262 53267->53264 53267->53266 53268 7ff759131570 85 API calls 53267->53268 53401 7ff75911fd20 85 API calls 53267->53401 53268->53267 53270 7ff7591326d3 53269->53270 53271 7ff7591326f7 ISource 53269->53271 53270->53271 53272 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53270->53272 53271->53054 53273 7ff75913271d 53272->53273 53275 7ff75916dde3 53274->53275 53276 7ff75911ff50 85 API calls 53275->53276 53277 7ff75916de08 ISource 53276->53277 53278 7ff759121230 102 API calls 53277->53278 53279 7ff75916e35c 53277->53279 53282 7ff75916de74 memcpy_s 53278->53282 53280 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53279->53280 53281 7ff75916e362 53280->53281 53283 7ff759120980 90 API calls 53281->53283 53286 7ff75917d020 151 API calls 53282->53286 53298 7ff75916deb6 53282->53298 53293 7ff75916e37f 53283->53293 53284 7ff75916df17 ISource 53285 7ff7591a5fb0 _Strcoll 8 API calls 53284->53285 53288 7ff75916df49 53285->53288 53290 7ff75916df99 53286->53290 53287 7ff75916e357 53289 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53287->53289 53288->53142 53289->53279 53291 7ff75916dfdd 53290->53291 53292 7ff75916e249 53290->53292 53402 7ff75917b810 53291->53402 53465 7ff7591446e0 87 API calls 53292->53465 53296 7ff75911f500 85 API calls 53293->53296 53299 7ff75916e3a6 53296->53299 53298->53281 53298->53284 53298->53287 53300 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53299->53300 53301 7ff75916e3b7 53300->53301 53306 7ff75911f500 85 API calls 53301->53306 53309 7ff75916e3e0 53306->53309 53311 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53309->53311 53321 7ff75916e3f4 53311->53321 53324 7ff75911f500 85 API calls 53321->53324 53326 7ff75916e41e 53324->53326 53329 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53326->53329 53332 7ff75916e432 53329->53332 53335 7ff75916e49c 53332->53335 53337 7ff75916e470 send 53332->53337 53335->53142 53337->53332 53337->53335 53346->53142 53348 7ff759164edc 53347->53348 53349 7ff759164e16 53347->53349 53350 7ff7591a5fb0 _Strcoll 8 API calls 53348->53350 53352 7ff759138820 85 API calls 53349->53352 53353 7ff759164e3d memcpy_s 53349->53353 53351 7ff759164ef6 53350->53351 53351->53142 53352->53353 53354 7ff759164e96 LocalFree 53353->53354 53354->53348 53355->53055 53356->53167 53357->53167 53358->53167 53359->53167 53367 7ff759120f20 53360->53367 53362 7ff759120fee 53785 7ff759120800 85 API calls 3 library calls 53362->53785 53363 7ff759120f5b 53365 7ff7591a5fb0 _Strcoll 8 API calls 53363->53365 53366 7ff759120fd9 53365->53366 53366->53167 53367->53362 53367->53363 53782 7ff7591db4f0 FindNextFileW 53367->53782 53368 7ff759120ffc 53369->53111 53370->53156 53371->53156 53372->53156 53374 7ff7591278c0 85 API calls 53373->53374 53375 7ff75911fc00 53374->53375 53375->53156 53376->53156 53377->53156 53378->53123 53379->53152 53380->53152 53381->53153 53383->53062 53384->53142 53386 7ff7591278c0 85 API calls 53385->53386 53387 7ff759134f3c 53386->53387 53786 7ff7591209e0 53387->53786 53391 7ff7591a5fd8 std::_Facet_Register 85 API calls 53393 7ff759134fb4 53391->53393 53392 7ff759135083 53394 7ff759120180 83 API calls 53392->53394 53809 7ff759120e00 83 API calls 53393->53809 53396 7ff75913508e 53394->53396 53397 7ff7591a5fb0 _Strcoll 8 API calls 53396->53397 53398 7ff75913509f 53397->53398 53398->53142 53399 7ff759134feb 53810 7ff7591db510 84 API calls __std_fs_directory_iterator_open 53399->53810 53401->53267 53403 7ff759133340 85 API calls 53402->53403 53404 7ff75917b846 53403->53404 53466 7ff75917ed00 53404->53466 53465->53298 53467 7ff75917ed54 53466->53467 53540 7ff759188488 53467->53540 53471 7ff75917ee61 53563 7ff75916b590 53471->53563 53474 7ff7591a5fb0 _Strcoll 8 API calls 53475 7ff75917b8a9 53474->53475 53476 7ff75917c9c0 53475->53476 53477 7ff75917ccd1 53476->53477 53480 7ff75917ca0b memcpy_s 53476->53480 53588 7ff759180320 53477->53588 53650 7ff759157e10 85 API calls 53480->53650 53481 7ff75917d460 85 API calls 53484 7ff75917cd10 53481->53484 53483 7ff75917ca5b 53487 7ff75917d460 85 API calls 53483->53487 53492 7ff75915b810 85 API calls 53484->53492 53523 7ff75917ce97 ISource 53484->53523 53485 7ff759133340 85 API calls 53490 7ff75917cecc 53485->53490 53486 7ff7591a5fb0 _Strcoll 8 API calls 53488 7ff75917b8b5 53486->53488 53497 7ff75917ca77 53487->53497 53534 7ff75917c8f0 53488->53534 53489 7ff75917cfb5 53491 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53489->53491 53490->53489 53506 7ff75917cccc ISource 53490->53506 53493 7ff75917cfbb 53491->53493 53494 7ff75917cd83 53492->53494 53736 7ff759156fd0 83 API calls 53493->53736 53498 7ff7591584f0 85 API calls 53494->53498 53495 7ff75917cc1d 53499 7ff759133340 85 API calls 53495->53499 53496 7ff75917cc65 53500 7ff759133340 85 API calls 53496->53500 53503 7ff75917cc38 53496->53503 53533 7ff75917cc04 ISource 53497->53533 53651 7ff75915b810 53497->53651 53522 7ff75917cd92 ISource __std_exception_destroy 53498->53522 53499->53503 53500->53503 53735 7ff759157c30 83 API calls 2 library calls 53503->53735 53504 7ff75917cfc8 53509 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53504->53509 53505 7ff75917cfea 53737 7ff759156fd0 83 API calls 53505->53737 53506->53486 53512 7ff75917cfd8 53509->53512 53510 7ff75917cff7 53513 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53510->53513 53511 7ff75917cae9 53729 7ff7591584f0 53511->53729 53518 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53512->53518 53515 7ff75917d007 53513->53515 53517 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53515->53517 53520 7ff75917d00d 53517->53520 53521 7ff75917cfde 53518->53521 53519 7ff75917cb0e 53519->53512 53532 7ff75917cb45 ISource __std_exception_destroy 53519->53532 53524 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53520->53524 53525 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53521->53525 53522->53505 53522->53515 53522->53520 53522->53523 53528 7ff75917cfb0 53522->53528 53523->53485 53523->53490 53526 7ff75917d013 53524->53526 53527 7ff75917cfe4 53525->53527 53529 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53527->53529 53530 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53528->53530 53529->53505 53530->53489 53531 7ff75917cbbe ISource 53531->53527 53531->53533 53532->53521 53532->53531 53533->53495 53533->53496 53537 7ff75917c90c ISource 53534->53537 53535 7ff75917c9a4 53538 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53535->53538 53536 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53536->53535 53537->53535 53537->53536 53539 7ff75917c9aa 53538->53539 53541 7ff759191208 _Strcoll 83 API calls 53540->53541 53542 7ff759188491 53541->53542 53543 7ff7591936f8 _Strcoll 83 API calls 53542->53543 53544 7ff75917ee3a 53543->53544 53545 7ff75917d460 53544->53545 53546 7ff75917d483 53545->53546 53550 7ff75917d4d0 53545->53550 53570 7ff75917ea10 53546->53570 53548 7ff75917ea10 85 API calls 53548->53550 53549 7ff75917d488 53549->53550 53551 7ff75917ea10 85 API calls 53549->53551 53550->53548 53561 7ff75917d523 53550->53561 53552 7ff75917d497 53551->53552 53553 7ff75917d4ad 53552->53553 53554 7ff75917ea10 85 API calls 53552->53554 53555 7ff7591a5fb0 _Strcoll 8 API calls 53553->53555 53557 7ff75917d4a6 53554->53557 53558 7ff75917d4ca 53555->53558 53556 7ff75917d628 53559 7ff7591a5fb0 _Strcoll 8 API calls 53556->53559 53557->53550 53557->53553 53558->53471 53560 7ff75917d77b 53559->53560 53560->53471 53561->53556 53562 7ff75917ea10 85 API calls 53561->53562 53562->53561 53564 7ff75916b5c7 53563->53564 53565 7ff75916b59e 53563->53565 53564->53474 53565->53564 53566 7ff75911f500 85 API calls 53565->53566 53567 7ff75916b5fe 53566->53567 53568 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53567->53568 53569 7ff75916b60f 53568->53569 53571 7ff75917ea33 53570->53571 53574 7ff75917ea2d 53570->53574 53573 7ff75917ea4a 53571->53573 53586 7ff759144090 85 API calls 53571->53586 53572 7ff75917eab7 53572->53549 53573->53574 53576 7ff75917eae4 53573->53576 53574->53572 53587 7ff75915df10 85 API calls 5 library calls 53574->53587 53577 7ff75911f500 85 API calls 53576->53577 53578 7ff75917eb26 53577->53578 53579 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53578->53579 53580 7ff75917eb37 53579->53580 53581 7ff7591386b0 85 API calls 53580->53581 53584 7ff75917eb65 53580->53584 53581->53584 53582 7ff75917ec10 53582->53549 53583 7ff75917ea10 85 API calls 53583->53584 53584->53582 53584->53583 53585 7ff7591386b0 85 API calls 53584->53585 53585->53584 53586->53573 53587->53572 53589 7ff75918039d 53588->53589 53590 7ff75915b810 85 API calls 53589->53590 53591 7ff759180fd2 53590->53591 53592 7ff7591584f0 85 API calls 53591->53592 53593 7ff759180fe2 53592->53593 53594 7ff75918104d 53593->53594 53595 7ff759180fed 53593->53595 53743 7ff759156fd0 83 API calls 53594->53743 53597 7ff7591326c0 83 API calls 53595->53597 53599 7ff759180ff7 53597->53599 53598 7ff759181059 53600 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53598->53600 53603 7ff7591326c0 83 API calls 53599->53603 53601 7ff759181069 53600->53601 53744 7ff759156fd0 83 API calls 53601->53744 53605 7ff75918100b 53603->53605 53604 7ff759181076 53606 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53604->53606 53607 7ff7591326c0 83 API calls 53605->53607 53609 7ff759181086 53606->53609 53608 7ff759181016 53607->53608 53738 7ff75913a790 53608->53738 53745 7ff759156fd0 83 API calls 53609->53745 53612 7ff759181024 53615 7ff7591a5fb0 _Strcoll 8 API calls 53612->53615 53613 7ff759181093 53614 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53613->53614 53616 7ff7591810a3 53614->53616 53617 7ff75917cd04 53615->53617 53746 7ff75915d610 83 API calls 53616->53746 53617->53481 53619 7ff7591810b0 53620 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53619->53620 53621 7ff7591810c0 53620->53621 53747 7ff759156fd0 83 API calls 53621->53747 53623 7ff7591810cd 53624 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53623->53624 53625 7ff7591810dd 53624->53625 53748 7ff759156fd0 83 API calls 53625->53748 53627 7ff7591810ea 53628 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53627->53628 53629 7ff7591810fa 53628->53629 53749 7ff759156fd0 83 API calls 53629->53749 53631 7ff759181107 53632 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53631->53632 53633 7ff759181117 53632->53633 53750 7ff759156fd0 83 API calls 53633->53750 53635 7ff759181124 53636 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53635->53636 53637 7ff759181134 53636->53637 53751 7ff759156fd0 83 API calls 53637->53751 53639 7ff759181141 53640 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53639->53640 53641 7ff759181151 53640->53641 53752 7ff759156fd0 83 API calls 53641->53752 53643 7ff75918115e 53644 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53643->53644 53645 7ff75918116e 53644->53645 53753 7ff759156fd0 83 API calls 53645->53753 53647 7ff75918117b 53648 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53647->53648 53649 7ff75918118b 53648->53649 53650->53483 53652 7ff75915b86f 53651->53652 53754 7ff75914cab0 85 API calls 3 library calls 53652->53754 53654 7ff75915b886 53655 7ff759121330 85 API calls 53654->53655 53656 7ff75915b8c2 53655->53656 53755 7ff75915a800 85 API calls 53656->53755 53658 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53659 7ff75915bb0e 53658->53659 53661 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53659->53661 53660 7ff7591a7e88 __std_exception_copy 83 API calls 53665 7ff75915ba73 53660->53665 53662 7ff75915bb14 53661->53662 53666 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53662->53666 53663 7ff75915b8e1 ISource 53663->53659 53663->53660 53663->53662 53664 7ff75915bb1a 53663->53664 53673 7ff75915bb08 53663->53673 53667 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53664->53667 53669 7ff75915bb03 53665->53669 53670 7ff75915bac7 ISource 53665->53670 53666->53664 53674 7ff75915bb20 53667->53674 53668 7ff7591a5fb0 _Strcoll 8 API calls 53671 7ff75915baec 53668->53671 53672 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53669->53672 53670->53668 53671->53511 53672->53673 53673->53658 53675 7ff75915b810 85 API calls 53674->53675 53676 7ff75915c7e2 53675->53676 53677 7ff7591584f0 85 API calls 53676->53677 53678 7ff75915c7f2 53677->53678 53679 7ff75915c85d 53678->53679 53680 7ff75915c7fd 53678->53680 53756 7ff759156fd0 83 API calls 53679->53756 53682 7ff7591326c0 83 API calls 53680->53682 53684 7ff75915c807 53682->53684 53683 7ff75915c869 53685 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53683->53685 53687 7ff7591326c0 83 API calls 53684->53687 53686 7ff75915c879 53685->53686 53757 7ff759156fd0 83 API calls 53686->53757 53689 7ff75915c81b 53687->53689 53693 7ff7591326c0 83 API calls 53689->53693 53690 7ff75915c886 53691 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53690->53691 53692 7ff75915c896 53691->53692 53758 7ff759156fd0 83 API calls 53692->53758 53695 7ff75915c826 53693->53695 53698 7ff75913a790 83 API calls 53695->53698 53696 7ff75915c8a3 53697 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53696->53697 53699 7ff75915c8b3 53697->53699 53700 7ff75915c834 53698->53700 53759 7ff75915d610 83 API calls 53699->53759 53703 7ff7591a5fb0 _Strcoll 8 API calls 53700->53703 53702 7ff75915c8c0 53704 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53702->53704 53705 7ff75915c846 53703->53705 53706 7ff75915c8d0 53704->53706 53705->53511 53760 7ff759156fd0 83 API calls 53706->53760 53708 7ff75915c8dd 53709 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53708->53709 53710 7ff75915c8ed 53709->53710 53761 7ff759156fd0 83 API calls 53710->53761 53712 7ff75915c8fa 53713 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53712->53713 53714 7ff75915c90a 53713->53714 53762 7ff759156fd0 83 API calls 53714->53762 53716 7ff75915c917 53717 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53716->53717 53718 7ff75915c927 53717->53718 53763 7ff759156fd0 83 API calls 53718->53763 53720 7ff75915c934 53721 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53720->53721 53722 7ff75915c944 53721->53722 53764 7ff759156fd0 83 API calls 53722->53764 53724 7ff75915c951 53725 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53724->53725 53728 7ff75915c961 53725->53728 53726 7ff759156fd0 83 API calls 53726->53728 53727 7ff7591a85d8 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 53727->53728 53728->53726 53728->53727 53730 7ff7591585f2 53729->53730 53733 7ff759158546 53729->53733 53731 7ff7591a5fb0 _Strcoll 8 API calls 53730->53731 53732 7ff759158602 53731->53732 53732->53493 53732->53519 53733->53730 53734 7ff7591386b0 85 API calls 53733->53734 53734->53733 53735->53506 53736->53504 53737->53510 53739 7ff75913a7a6 53738->53739 53740 7ff75913a7cf ISource 53738->53740 53739->53740 53741 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53739->53741 53740->53612 53742 7ff75913a7ef ISource 53741->53742 53742->53612 53743->53598 53744->53604 53745->53613 53746->53619 53747->53623 53748->53627 53749->53631 53750->53635 53751->53639 53752->53643 53753->53647 53754->53654 53755->53663 53756->53683 53757->53690 53758->53696 53759->53702 53760->53708 53761->53712 53762->53716 53763->53720 53764->53724 53783 7ff7591db505 GetLastError 53782->53783 53784 7ff7591db4fe 53782->53784 53784->53367 53785->53368 53787 7ff759120a1f 53786->53787 53788 7ff7591278c0 85 API calls 53787->53788 53804 7ff759120bd2 ISource 53787->53804 53790 7ff759120a59 53788->53790 53789 7ff7591a5fb0 _Strcoll 8 API calls 53791 7ff759120bfe 53789->53791 53792 7ff759127630 85 API calls 53790->53792 53791->53391 53791->53399 53793 7ff759120a87 53792->53793 53794 7ff75911f880 85 API calls 53793->53794 53795 7ff759120aad ISource 53794->53795 53796 7ff759120c1a 53795->53796 53811 7ff7591db530 53795->53811 53799 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53796->53799 53801 7ff759120c20 53799->53801 53800 7ff759120b56 53802 7ff759121230 102 API calls 53800->53802 53805 7ff759120b4f 53800->53805 53802->53805 53803 7ff759120b1e 53803->53805 53806 7ff7591db4f0 2 API calls 53803->53806 53804->53789 53805->53804 53807 7ff759120c15 53805->53807 53806->53803 53808 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53807->53808 53808->53796 53810->53392 53812 7ff7591db55b FindFirstFileExW 53811->53812 53813 7ff7591db54e FindClose 53811->53813 53815 7ff7591db586 GetLastError 53812->53815 53816 7ff759120b18 53812->53816 53813->53812 53814 7ff7591db59c 53813->53814 53819 7ff759190bd0 83 API calls 2 library calls 53814->53819 53815->53816 53816->53800 53816->53803 53820 7ff759124a50 53821 7ff759124b25 53820->53821 53822 7ff759124d60 RegOpenKeyExA 53821->53822 53824 7ff759124e9e 53822->53824 53823 7ff75912570d ISource 53825 7ff7591a5fb0 _Strcoll 8 API calls 53823->53825 53824->53823 53826 7ff759125760 53824->53826 53827 7ff759125730 53825->53827 53828 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53826->53828 53829 7ff759125765 53828->53829 53830 7ff759120980 90 API calls 53829->53830 53831 7ff75912577a 53830->53831 53832 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53831->53832 53833 7ff759125780 53832->53833 53834 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53833->53834 53835 7ff759125786 53834->53835 53836 7ff759120910 90 API calls 53835->53836 53837 7ff759125799 53836->53837 53838 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53837->53838 53839 7ff75912579f 53838->53839 53840 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53839->53840 53841 7ff7591257a5 53840->53841 53842 7ff759120910 90 API calls 53841->53842 53843 7ff7591257b5 53842->53843 53844 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53843->53844 53845 7ff7591257bb 53844->53845 53846 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53845->53846 53847 7ff7591257c1 53846->53847 53848 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53847->53848 53849 7ff7591257c7 53848->53849 53850 7ff75911f6b0 2 API calls 53849->53850 53851 7ff7591257cd 53850->53851 53852 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53851->53852 53853 7ff7591257d3 53852->53853 53854 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53853->53854 53855 7ff7591257d9 53854->53855 53856 7ff75915a9f6 53919 7ff75915d270 53856->53919 53859 7ff75915b648 53861 7ff75913a790 83 API calls 53859->53861 53862 7ff75915b656 53861->53862 53863 7ff7591a5fb0 _Strcoll 8 API calls 53862->53863 53864 7ff75915b668 53863->53864 53865 7ff75915aabe 53868 7ff75915b810 85 API calls 53865->53868 53866 7ff75915aa27 53866->53865 53933 7ff759158710 85 API calls _Strcoll 53866->53933 53869 7ff75915af63 53868->53869 53870 7ff7591584f0 85 API calls 53869->53870 53871 7ff75915af73 53870->53871 53872 7ff75915b69d 53871->53872 53873 7ff75915af85 53871->53873 53934 7ff759156fd0 83 API calls 53872->53934 53875 7ff7591326c0 83 API calls 53873->53875 53877 7ff75915af8f 53875->53877 53876 7ff75915b6a9 53878 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53876->53878 53881 7ff7591326c0 83 API calls 53877->53881 53879 7ff75915b6b9 53878->53879 53935 7ff759156fd0 83 API calls 53879->53935 53883 7ff75915afa3 53881->53883 53882 7ff75915b6c6 53884 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53882->53884 53886 7ff7591326c0 83 API calls 53883->53886 53885 7ff75915b6d6 53884->53885 53936 7ff75915d610 83 API calls 53885->53936 53886->53859 53888 7ff75915b6e3 53889 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53888->53889 53890 7ff75915b6f3 53889->53890 53937 7ff759156fd0 83 API calls 53890->53937 53892 7ff75915b700 53893 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53892->53893 53894 7ff75915b710 53893->53894 53938 7ff759156fd0 83 API calls 53894->53938 53896 7ff75915b71d 53897 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53896->53897 53898 7ff75915b72d 53897->53898 53939 7ff759156fd0 83 API calls 53898->53939 53900 7ff75915b73a 53901 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53900->53901 53902 7ff75915b74a 53901->53902 53940 7ff759156fd0 83 API calls 53902->53940 53904 7ff75915b757 53905 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53904->53905 53906 7ff75915b767 53905->53906 53941 7ff759156fd0 83 API calls 53906->53941 53908 7ff75915b774 53909 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53908->53909 53910 7ff75915b784 53909->53910 53942 7ff759156fd0 83 API calls 53910->53942 53912 7ff75915b791 53913 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53912->53913 53914 7ff75915b7a1 53913->53914 53943 7ff759156fd0 83 API calls 53914->53943 53916 7ff75915b7ae 53917 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 53916->53917 53918 7ff75915b7be 53917->53918 53920 7ff759145210 85 API calls 53919->53920 53921 7ff75915d2b2 53920->53921 53922 7ff75915d401 53921->53922 53925 7ff75915d2d8 53921->53925 53956 7ff7591dc3c0 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 53922->53956 53926 7ff759134520 8 API calls 53925->53926 53931 7ff75915d3a6 53925->53931 53927 7ff75915d38a 53926->53927 53944 7ff75915d710 53927->53944 53928 7ff7591a5fb0 _Strcoll 8 API calls 53930 7ff75915aa17 53928->53930 53930->53859 53932 7ff759158710 85 API calls _Strcoll 53930->53932 53931->53928 53932->53866 53933->53865 53934->53876 53935->53882 53936->53888 53937->53892 53938->53896 53939->53900 53940->53904 53941->53908 53942->53912 53943->53916 53945 7ff75915d735 53944->53945 53946 7ff75915d768 53945->53946 53947 7ff75915d811 53945->53947 53955 7ff75915d7c0 53945->53955 53949 7ff7591a5fd8 std::_Facet_Register 85 API calls 53946->53949 53957 7ff75911e110 85 API calls std::_Throw_Cpp_error 53947->53957 53951 7ff75915d78c 53949->53951 53952 7ff7591327f0 std::_Throw_Cpp_error 85 API calls 53951->53952 53953 7ff75915d7a8 53952->53953 53954 7ff759133340 85 API calls 53953->53954 53954->53955 53955->53931 53958 7ff759134715 53959 7ff7591a5fd8 std::_Facet_Register 85 API calls 53958->53959 53960 7ff759134727 53959->53960 53961 7ff7591327f0 std::_Throw_Cpp_error 85 API calls 53960->53961 53962 7ff759134741 53961->53962 53963 7ff7591a5fb0 _Strcoll 8 API calls 53962->53963 53964 7ff759134823 53963->53964 53965 7ff7591696d0 53966 7ff7591696e0 _Strcoll 53965->53966 54144 7ff75916cde0 GetCurrentProcess OpenProcessToken 53966->54144 53969 7ff759169705 54401 7ff75916d120 86 API calls 2 library calls 53969->54401 53970 7ff75916972f 54151 7ff759179910 GetCurrentProcess OpenProcessToken 53970->54151 53973 7ff75916970f 54402 7ff7591786e0 113 API calls _Strcoll 53973->54402 53975 7ff759179910 13 API calls 53977 7ff759169747 53975->53977 54159 7ff7591756a0 53977->54159 53978 7ff759169718 53980 7ff759132490 83 API calls 53978->53980 53982 7ff759169723 ExitProcess 53980->53982 53981 7ff759169751 54343 7ff75916a650 53981->54343 53985 7ff759169815 OpenMutexA 53987 7ff75916984e ExitProcess 53985->53987 53988 7ff75916985a CreateMutexExA 53985->53988 53986 7ff759169810 ISource 53986->53985 53990 7ff759169895 memcpy_s 53988->53990 53989 7ff759169ee9 53991 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53989->53991 53993 7ff7591af940 88 API calls 53990->53993 53992 7ff759169eee 53991->53992 53996 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 53992->53996 53994 7ff7591698b5 53993->53994 53995 7ff7591b3180 162 API calls 53994->53995 53997 7ff7591698c3 53995->53997 53998 7ff759169ef4 53996->53998 54347 7ff75918b7a0 53997->54347 54001 7ff7591b81c0 104 API calls 54002 7ff7591698e4 memcpy_s 54001->54002 54003 7ff7591af940 88 API calls 54002->54003 54004 7ff759169919 54003->54004 54005 7ff7591b3180 162 API calls 54004->54005 54006 7ff759169927 54005->54006 54007 7ff7591b81c0 104 API calls 54006->54007 54008 7ff759169946 54007->54008 54009 7ff75916994a ExitProcess 54008->54009 54010 7ff759169956 memcpy_s 54008->54010 54011 7ff7591af940 88 API calls 54010->54011 54012 7ff75916998b 54011->54012 54013 7ff7591b3180 162 API calls 54012->54013 54014 7ff759169999 54013->54014 54356 7ff759169580 54014->54356 54017 7ff7591b81c0 104 API calls 54018 7ff7591699ba 54017->54018 54360 7ff75912e240 LoadLibraryA 54018->54360 54021 7ff75912f2e0 131 API calls 54022 7ff7591699cd 54021->54022 54023 7ff75912f890 128 API calls 54022->54023 54024 7ff7591699d2 54023->54024 54025 7ff7591305c0 131 API calls 54024->54025 54026 7ff7591699d7 54025->54026 54027 7ff75912d6e0 87 API calls 54026->54027 54028 7ff7591699dc memcpy_s 54027->54028 54029 7ff7591af940 88 API calls 54028->54029 54030 7ff759169a11 54029->54030 54031 7ff7591b3180 162 API calls 54030->54031 54032 7ff759169a1f 54031->54032 54033 7ff75918b598 85 API calls 54032->54033 54034 7ff759169a2c 54033->54034 54035 7ff7591b81c0 104 API calls 54034->54035 54036 7ff759169a39 memcpy_s 54035->54036 54037 7ff7591af940 88 API calls 54036->54037 54038 7ff759169a6e 54037->54038 54039 7ff7591b3180 162 API calls 54038->54039 54040 7ff759169a7c 54039->54040 54041 7ff7591b81c0 104 API calls 54040->54041 54042 7ff759169a9e memcpy_s 54041->54042 54043 7ff7591af940 88 API calls 54042->54043 54044 7ff759169ad3 54043->54044 54045 7ff7591b3180 162 API calls 54044->54045 54046 7ff759169ae1 54045->54046 54047 7ff759169630 85 API calls 54046->54047 54048 7ff759169af6 54047->54048 54049 7ff7591b81c0 104 API calls 54048->54049 54050 7ff759169b03 memcpy_s 54049->54050 54051 7ff7591af940 88 API calls 54050->54051 54052 7ff759169b39 54051->54052 54053 7ff7591b3180 162 API calls 54052->54053 54054 7ff759169b47 54053->54054 54055 7ff7591881b8 85 API calls 54054->54055 54056 7ff759169b5f 54055->54056 54057 7ff7591b81c0 104 API calls 54056->54057 54058 7ff759169b6c 54057->54058 54059 7ff7591b00a0 108 API calls 54058->54059 54060 7ff759169b7a memcpy_s 54059->54060 54061 7ff7591af940 88 API calls 54060->54061 54062 7ff759169bb7 54061->54062 54063 7ff7591b3180 162 API calls 54062->54063 54064 7ff759169bc5 54063->54064 54065 7ff75918b230 85 API calls 54064->54065 54066 7ff759169bcf 54065->54066 54067 7ff7591b81c0 104 API calls 54066->54067 54068 7ff759169bdc memcpy_s 54067->54068 54069 7ff7591af940 88 API calls 54068->54069 54070 7ff759169c11 54069->54070 54071 7ff7591b3180 162 API calls 54070->54071 54072 7ff759169c1f 54071->54072 54073 7ff75918b180 85 API calls 54072->54073 54074 7ff759169c29 54073->54074 54075 7ff7591b81c0 104 API calls 54074->54075 54076 7ff759169c36 memcpy_s 54075->54076 54077 7ff7591af940 88 API calls 54076->54077 54078 7ff759169c6b 54077->54078 54079 7ff7591b3180 162 API calls 54078->54079 54080 7ff759169c79 54079->54080 54081 7ff759181db8 90 API calls 54080->54081 54082 7ff759169c83 54081->54082 54083 7ff7591b81c0 104 API calls 54082->54083 54084 7ff759169c90 54083->54084 54085 7ff7591284c0 214 API calls 54084->54085 54086 7ff759169c95 memcpy_s 54085->54086 54087 7ff7591af940 88 API calls 54086->54087 54088 7ff759169cca 54087->54088 54089 7ff7591b3180 162 API calls 54088->54089 54090 7ff759169cd8 54089->54090 54091 7ff75918ac78 83 API calls 54090->54091 54092 7ff759169ce2 54091->54092 54093 7ff7591b81c0 104 API calls 54092->54093 54094 7ff759169cef memcpy_s 54093->54094 54095 7ff7591af940 88 API calls 54094->54095 54096 7ff759169d24 54095->54096 54097 7ff7591b3180 162 API calls 54096->54097 54098 7ff759169d32 54097->54098 54099 7ff75918ac90 GetSystemTimeAsFileTime 54098->54099 54100 7ff759169d39 54099->54100 54101 7ff7591b81c0 104 API calls 54100->54101 54102 7ff759169d46 memcpy_s 54101->54102 54103 7ff7591af940 88 API calls 54102->54103 54104 7ff759169d7c 54103->54104 54105 7ff7591b3180 162 API calls 54104->54105 54106 7ff759169d8a 54105->54106 54107 7ff75918ac4c 83 API calls 54106->54107 54108 7ff759169d8f 54107->54108 54109 7ff7591b81c0 104 API calls 54108->54109 54110 7ff759169d9c 54109->54110 54145 7ff75916ce74 54144->54145 54146 7ff75916ce38 GetTokenInformation 54144->54146 54147 7ff75916ce8d 54145->54147 54148 7ff75916ce81 CloseHandle 54145->54148 54146->54145 54149 7ff7591a5fb0 _Strcoll 8 API calls 54147->54149 54148->54147 54150 7ff759169701 54149->54150 54150->53969 54150->53970 54152 7ff75917997b LookupPrivilegeValueW 54151->54152 54153 7ff7591799e6 54151->54153 54152->54153 54154 7ff75917999c AdjustTokenPrivileges 54152->54154 54155 7ff7591799ee CloseHandle 54153->54155 54156 7ff7591799fa 54153->54156 54154->54153 54155->54156 54157 7ff7591a5fb0 _Strcoll 8 API calls 54156->54157 54158 7ff75916973b 54157->54158 54158->53975 54403 7ff7591742d0 GetCurrentHwProfileW 54159->54403 54163 7ff7591757a9 54164 7ff7591757f3 54163->54164 54785 7ff759181de4 90 API calls 54163->54785 54165 7ff7591759e3 54164->54165 54167 7ff759139f00 85 API calls 54164->54167 54788 7ff75911dfd0 85 API calls std::_Throw_Cpp_error 54165->54788 54176 7ff75917584c 54167->54176 54169 7ff7591759e9 54170 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54169->54170 54171 7ff7591759ef 54170->54171 54430 7ff759173ba0 54171->54430 54179 7ff7591758ce ISource memcpy_s 54176->54179 54186 7ff7591758a4 54176->54186 54786 7ff75918b390 85 API calls _Strcoll 54176->54786 54179->54169 54181 7ff75917599c ISource 54179->54181 54185 7ff7591759de 54179->54185 54183 7ff7591a5fb0 _Strcoll 8 API calls 54181->54183 54187 7ff7591759c1 54183->54187 54189 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54185->54189 54186->54179 54787 7ff75918b390 85 API calls _Strcoll 54186->54787 54187->53981 54189->54165 54344 7ff75916a672 54343->54344 54344->54344 54345 7ff759158620 86 API calls 54344->54345 54346 7ff7591697d7 54345->54346 54346->53985 54346->53986 54346->53989 54348 7ff759191208 _Strcoll 83 API calls 54347->54348 54349 7ff75918b7b5 54348->54349 54350 7ff7591992a7 54349->54350 54355 7ff7591991c6 54349->54355 55020 7ff7591a6468 8 API calls std::_Locinfo::_Locinfo_ctor 54350->55020 54352 7ff7591992ac 54353 7ff7591a5fb0 _Strcoll 8 API calls 54354 7ff7591698d7 54353->54354 54354->54001 54355->54353 54357 7ff7591695a6 ProcessCodePage 54356->54357 55021 7ff7591901a4 54357->55021 54361 7ff75912f1f9 54360->54361 54362 7ff75912e345 6 API calls 54360->54362 54363 7ff75912f227 54361->54363 54364 7ff75912f21e FreeLibrary 54361->54364 54362->54361 54370 7ff75912e706 ISource 54362->54370 54365 7ff7591a5fb0 _Strcoll 8 API calls 54363->54365 54364->54363 54366 7ff75912f236 54365->54366 54366->54021 54367 7ff7591a5fd8 85 API calls std::_Facet_Register 54367->54370 54368 7ff759164b00 87 API calls 54368->54370 54369 7ff759135700 85 API calls 54369->54370 54370->54361 54370->54367 54370->54368 54370->54369 54371 7ff759131650 85 API calls 54370->54371 54372 7ff759135430 85 API calls 54370->54372 54373 7ff7591366b0 85 API calls 54370->54373 54374 7ff75912f2b0 54370->54374 54375 7ff75912f2b6 54370->54375 54378 7ff75912f2bc 54370->54378 54380 7ff75912f2c2 54370->54380 54381 7ff75912f2c8 54370->54381 54385 7ff75912f25c 54370->54385 54386 7ff759133340 85 API calls 54370->54386 54387 7ff75912f2ce 54370->54387 54389 7ff75912f2d4 54370->54389 54391 7ff75912f257 54370->54391 54396 7ff75912f2aa 54370->54396 55033 7ff75914bd30 85 API calls 2 library calls 54370->55033 54371->54370 54372->54370 54373->54370 54377 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54374->54377 54379 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54375->54379 54377->54375 54382 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54378->54382 54379->54378 54383 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54380->54383 54384 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54381->54384 54382->54380 54383->54381 54384->54387 54392 7ff759137390 85 API calls 54385->54392 54386->54370 54388 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54387->54388 54388->54389 54390 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54389->54390 54394 7ff75912f2da 54390->54394 54393 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54391->54393 54395 7ff75912f282 54392->54395 54393->54385 54397 7ff759137460 85 API calls 54395->54397 54398 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54396->54398 54399 7ff75912f297 54397->54399 54398->54374 54400 7ff7591a85d8 Concurrency::cancel_current_task 2 API calls 54399->54400 54400->54396 54401->53973 54402->53978 54404 7ff75917431a 54403->54404 54405 7ff759174379 54403->54405 54406 7ff759164b00 87 API calls 54404->54406 54408 7ff7591a5fb0 _Strcoll 8 API calls 54405->54408 54407 7ff759174329 54406->54407 54407->54405 54789 7ff759181de4 90 API calls 54407->54789 54410 7ff7591743f1 54408->54410 54411 7ff7591738e0 54410->54411 54790 7ff75916cfa0 54411->54790 54415 7ff759173983 54417 7ff759173aac 54415->54417 54418 7ff7591739b5 ISource memcpy_s 54415->54418 54416 7ff7591739d1 54419 7ff7591a5fb0 _Strcoll 8 API calls 54416->54419 54420 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54417->54420 54418->54416 54421 7ff7591653a0 125 API calls 54418->54421 54422 7ff759173a93 54419->54422 54423 7ff759173ab1 54420->54423 54424 7ff759173a12 54421->54424 54422->54163 54803 7ff759165490 124 API calls 2 library calls 54424->54803 54426 7ff759173a39 54427 7ff7591311e0 85 API calls 54426->54427 54428 7ff759173a46 54427->54428 54429 7ff759121740 83 API calls 54428->54429 54429->54416 54431 7ff759173bf9 memcpy_s 54430->54431 54432 7ff7591a5fd8 std::_Facet_Register 85 API calls 54431->54432 54433 7ff759173c63 54432->54433 54434 7ff759173ca8 EnumDisplayDevicesW 54433->54434 54440 7ff759173d69 54434->54440 54442 7ff759173cc5 ISource 54434->54442 54435 7ff759164b00 87 API calls 54435->54442 54444 7ff759133ad0 85 API calls 54440->54444 54446 7ff759173d71 54440->54446 54441 7ff759173d31 EnumDisplayDevicesW 54441->54440 54441->54442 54442->54435 54442->54441 54445 7ff759173eaf 54442->54445 54824 7ff75917bbc0 85 API calls 3 library calls 54442->54824 54444->54440 54447 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54445->54447 54818 7ff75913d140 54446->54818 54448 7ff759173eb4 54447->54448 54785->54163 54786->54176 54787->54186 54789->54407 54804 7ff75916b3c0 54790->54804 54793 7ff75916cfed 54795 7ff759127630 85 API calls 54793->54795 54802 7ff75916d107 54793->54802 54796 7ff75916d05e 54795->54796 54797 7ff75916d0c7 ISource 54796->54797 54799 7ff75916d102 54796->54799 54798 7ff7591a5fb0 _Strcoll 8 API calls 54797->54798 54800 7ff75916d0ec GetVolumeInformationW 54798->54800 54801 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54799->54801 54800->54415 54800->54418 54801->54802 54811 7ff75916b1d0 85 API calls Concurrency::cancel_current_task 54802->54811 54803->54426 54805 7ff75916b43f 54804->54805 54808 7ff75916b420 54804->54808 54805->54808 54816 7ff7591384f0 85 API calls 6 library calls 54805->54816 54810 7ff75916b555 54808->54810 54812 7ff7591db5a4 GetCurrentDirectoryW 54808->54812 54817 7ff7591384f0 85 API calls 6 library calls 54808->54817 54810->54793 54813 7ff7591db5b6 54812->54813 54814 7ff7591db5c5 GetLastError 54812->54814 54813->54814 54815 7ff7591db5ba 54813->54815 54814->54815 54815->54808 54816->54808 54817->54808 54821 7ff75913d157 ISource 54818->54821 54820 7ff75913d1a7 54822 7ff759183bc4 _invalid_parameter_noinfo_noreturn 83 API calls 54820->54822 54821->54820 54825 7ff759143660 85 API calls 6 library calls 54821->54825 54823 7ff75913d1bf 54822->54823 54824->54442 54825->54820 55020->54352 55022 7ff7591901df 55021->55022 55023 7ff7591901ca 55021->55023 55022->55023 55025 7ff7591901e4 55022->55025 55030 7ff759188590 11 API calls memcpy_s 55023->55030 55032 7ff75918baf8 85 API calls _fread_nolock 55025->55032 55026 7ff7591901cf 55031 7ff759183ba4 83 API calls _invalid_parameter_noinfo 55026->55031 55029 7ff7591695c6 55029->54017 55030->55026 55031->55029 55032->55029 55033->54370

                                                                  Executed Functions

                                                                  Function 00007FF759174D10 Relevance: 63.9, APIs: 33, Strings: 2, Instructions: 2660timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$GlobalInformationMemoryStatusTimeZone
                                                                  • String ID: %d-%m-%Y, %H:%M:%S$[UTC
                                                                  • API String ID: 3879215917-1656529043
                                                                  • Opcode ID: 007bacec43bf8442acc4a51b7d892edd5634294ffc0104361aac2e1d405d84e4
                                                                  • Instruction ID: 4d0097e63e71ccb69fc58587a8550b058b548c9248382df1dc58582232b2332f
                                                                  • Opcode Fuzzy Hash: 007bacec43bf8442acc4a51b7d892edd5634294ffc0104361aac2e1d405d84e4
                                                                  • Instruction Fuzzy Hash: 2A53C233A18BD589EB20DF64E8402EDB7B1F789798F844225EA9D17B99DF38D540C350
                                                                  Function 00007FF75914D2B0 Relevance: 57.4, APIs: 26, Strings: 6, Instructions: 1378COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 620 7ff75914d2b0-7ff75914d94e call 7ff75911fc20 call 7ff75911fab0 628 7ff75914d950-7ff75914d957 620->628 628->628 629 7ff75914d959-7ff759151917 call 7ff75913f090 call 7ff75911ff50 call 7ff759121230 call 7ff759120980 call 7ff759183bc4 * 3 call 7ff759120910 call 7ff759183bc4 call 7ff759133500 call 7ff759137390 call 7ff759137460 call 7ff7591a85d8 call 7ff759183bc4 * 2 call 7ff75911f6b0 call 7ff759120800 call 7ff759120910 call 7ff759120980 call 7ff759183bc4 call 7ff759120910 * 2 call 7ff759183bc4 call 7ff759133500 call 7ff759137390 call 7ff759137460 call 7ff7591a85d8 call 7ff759183bc4 call 7ff759120800 call 7ff75911f6b0 call 7ff759183bc4 call 7ff759120980 call 7ff759183bc4 * 3 call 7ff759120910 call 7ff759183bc4 call 7ff759133500 call 7ff759137390 call 7ff759137460 call 7ff7591a85d8 call 7ff759183bc4 * 2 call 7ff75911f6b0 call 7ff759120800 call 7ff759120910 call 7ff759120980 call 7ff759120910 * 4 call 7ff75911f6b0 call 7ff759120910 * 3 call 7ff75911f6b0 call 7ff759183bc4 * 3 call 7ff75916d660 call 7ff7591edb10 GetModuleFileNameW 628->629 759 7ff759151920-7ff759151929 629->759 759->759 760 7ff75915192b-7ff759151b3e call 7ff759127630 759->760 763 7ff759151b41-7ff759151b4a 760->763 763->763 764 7ff759151b4c-7ff759151ddd call 7ff759127630 call 7ff7591278c0 call 7ff759135da0 763->764 774 7ff759151de0-7ff759151de9 764->774 774->774 775 7ff759151deb-7ff75915207e call 7ff759127630 call 7ff7591278c0 call 7ff759135da0 774->775 785 7ff759152081-7ff75915208a 775->785 785->785 786 7ff75915208c-7ff759152560 call 7ff759127630 call 7ff75911fbe0 call 7ff759135da0 785->786 799 7ff759152563-7ff75915256c 786->799 799->799 800 7ff75915256e-7ff75915281d call 7ff759127630 call 7ff7591278c0 call 7ff759135da0 799->800 810 7ff759152820-7ff759152829 800->810 810->810 811 7ff75915282b-7ff759152ad0 call 7ff759127630 call 7ff7591278c0 call 7ff759135da0 810->811 821 7ff759152ad3-7ff759152adc 811->821 821->821 822 7ff759152ade-7ff759152ceb call 7ff759127630 call 7ff7591278c0 call 7ff759135da0 821->822 832 7ff759152cf0-7ff759152cf9 822->832 832->832 833 7ff759152cfb-7ff759153027 call 7ff759127630 call 7ff7591278c0 call 7ff759135da0 832->833 843 7ff759153030-7ff759153038 833->843 843->843 844 7ff75915303a-7ff759153c7f call 7ff759127630 call 7ff7591278c0 call 7ff759135da0 call 7ff75911f6b0 call 7ff75914ccd0 call 7ff759121230 call 7ff759120980 call 7ff759120910 call 7ff759183bc4 call 7ff759120910 call 7ff759183bc4 843->844 873 7ff759153c85-7ff759153c89 844->873 874 7ff759153f42-7ff759153f6e call 7ff7591a5fb0 844->874 875 7ff759153c90-7ff759153d8b call 7ff75913f090 call 7ff75911ff50 call 7ff759121230 873->875 887 7ff759153f84-7ff759153fa4 call 7ff759120980 call 7ff759183bc4 * 2 875->887 888 7ff759153d91-7ff759153e72 call 7ff75913f090 call 7ff75911ff50 call 7ff759121230 875->888 901 7ff759153fa5-7ff759153faa call 7ff759183bc4 887->901 906 7ff759153e87-7ff759153e89 888->906 907 7ff759153e74-7ff759153e77 888->907 908 7ff759153fab-7ff759153fb0 call 7ff759183bc4 901->908 910 7ff759153e8f-7ff759153e97 906->910 911 7ff759153f6f-7ff759153f83 call 7ff759120980 906->911 909 7ff759153e79-7ff759153e80 call 7ff759153240 907->909 907->910 909->906 915 7ff759153e99-7ff759153eaf 910->915 916 7ff759153ecf-7ff759153ee8 910->916 911->887 921 7ff759153eca call 7ff7591a5fd0 915->921 922 7ff759153eb1-7ff759153ec4 915->922 917 7ff759153eea-7ff759153f00 916->917 918 7ff759153f20-7ff759153f3c 916->918 924 7ff759153f1b call 7ff7591a5fd0 917->924 925 7ff759153f02-7ff759153f15 917->925 918->874 918->875 921->916 922->901 922->921 924->918 925->908 925->924
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                  • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                                  • API String ID: 3645842244-1862120484
                                                                  • Opcode ID: 38f6435d5c4f103796c93540da24862deabf6792b336eb1dbb538c525db28cf3
                                                                  • Instruction ID: b6fc2d0042977efe4e96890430a3007aa2015c1e2fc2b21b10d84f00fff123c5
                                                                  • Opcode Fuzzy Hash: 38f6435d5c4f103796c93540da24862deabf6792b336eb1dbb538c525db28cf3
                                                                  • Instruction Fuzzy Hash: 99E23872918BC985EA709F19F8802AAF3B0F788784F545225EACD57B59EF3CD254CB10
                                                                  Function 00007FF7591731C0 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 227windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                                  • String ID:
                                                                  • API String ID: 3214587331-3916222277
                                                                  • Opcode ID: 4570f9383e84002ac9607ad730a0e941a27e690350746800c8a63a8a9ddeccf0
                                                                  • Instruction ID: b66afcd40f7b35811f1b775e601dc3c487967152c8cbea10ae5a2e82e11615ad
                                                                  • Opcode Fuzzy Hash: 4570f9383e84002ac9607ad730a0e941a27e690350746800c8a63a8a9ddeccf0
                                                                  • Instruction Fuzzy Hash: 5DB13F62A08BC186E760EF21F4543AAB7B5FB99780F848535DA8D43B55DF3CD485CB10
                                                                  Function 00007FF7591B3180 Relevance: 43.1, APIs: 9, Strings: 15, Instructions: 1071COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 967 7ff7591b3180-7ff7591b31e3 call 7ff7591aef50 970 7ff7591b3269-7ff7591b3294 call 7ff75915c9e0 967->970 971 7ff7591b31e9-7ff7591b31f8 967->971 978 7ff7591b3297-7ff7591b32e8 970->978 973 7ff7591b31fa 971->973 974 7ff7591b31fd-7ff7591b3214 971->974 973->974 976 7ff7591b3231 974->976 977 7ff7591b3216-7ff7591b321d 974->977 980 7ff7591b3234-7ff7591b3267 call 7ff7591ed470 * 3 976->980 977->976 979 7ff7591b321f-7ff7591b3222 977->979 981 7ff7591b32ea-7ff7591b3315 978->981 982 7ff7591b3317-7ff7591b3339 call 7ff7591389d0 978->982 983 7ff7591b3224-7ff7591b3227 979->983 984 7ff7591b3229-7ff7591b322f 979->984 980->978 987 7ff7591b333e-7ff7591b3382 call 7ff7591bae00 981->987 982->987 983->980 984->980 994 7ff7591b3384-7ff7591b3398 987->994 995 7ff7591b33b8-7ff7591b33da 987->995 996 7ff7591b33b3 call 7ff7591a5fd0 994->996 997 7ff7591b339a-7ff7591b33ad 994->997 999 7ff7591b3410-7ff7591b3450 call 7ff7591b99f0 call 7ff7591653a0 995->999 1000 7ff7591b33dc-7ff7591b33f0 995->1000 996->995 997->996 1001 7ff7591b44af-7ff7591b44b4 call 7ff759183bc4 997->1001 1016 7ff7591b3452-7ff7591b3456 999->1016 1017 7ff7591b34a4-7ff7591b34e9 call 7ff759133850 call 7ff759121740 999->1017 1003 7ff7591b33f2-7ff7591b3405 1000->1003 1004 7ff7591b340b call 7ff7591a5fd0 1000->1004 1007 7ff7591b44b5-7ff7591b44ba call 7ff759183bc4 1001->1007 1003->1004 1003->1007 1004->999 1015 7ff7591b44bb-7ff7591b44c0 call 7ff759183bc4 1007->1015 1025 7ff7591b44c1-7ff7591b44c6 call 7ff759183bc4 1015->1025 1020 7ff7591b3460-7ff7591b34a2 call 7ff7591b07d0 call 7ff759134ae0 call 7ff759139d50 call 7ff7591342e0 1016->1020 1032 7ff7591b34ef-7ff7591b3517 1017->1032 1033 7ff7591b3573-7ff7591b3590 call 7ff75915c9e0 1017->1033 1020->1017 1036 7ff7591b44c7-7ff7591b44cc call 7ff759183bc4 1025->1036 1037 7ff7591b3534 1032->1037 1038 7ff7591b3519-7ff7591b3520 1032->1038 1041 7ff7591b3595-7ff7591b35e6 1033->1041 1055 7ff7591b44cd-7ff7591b44d2 call 7ff759183bc4 1036->1055 1039 7ff7591b3537-7ff7591b3571 call 7ff7591ed470 * 3 1037->1039 1038->1037 1043 7ff7591b3522-7ff7591b3525 1038->1043 1039->1041 1046 7ff7591b3615-7ff7591b3637 call 7ff7591389d0 1041->1046 1047 7ff7591b35e8-7ff7591b3613 1041->1047 1049 7ff7591b3527-7ff7591b352a 1043->1049 1050 7ff7591b352c-7ff7591b3532 1043->1050 1053 7ff7591b363c-7ff7591b3692 call 7ff7591bae00 1046->1053 1047->1053 1049->1039 1050->1039 1062 7ff7591b3694-7ff7591b36a8 1053->1062 1063 7ff7591b36c8-7ff7591b36ea 1053->1063 1064 7ff7591b44d3-7ff7591b44d8 call 7ff759183bc4 1055->1064 1066 7ff7591b36c3 call 7ff7591a5fd0 1062->1066 1067 7ff7591b36aa-7ff7591b36bd 1062->1067 1069 7ff7591b3720-7ff7591b372a 1063->1069 1070 7ff7591b36ec-7ff7591b3700 1063->1070 1079 7ff7591b44d9-7ff7591b44df call 7ff759183bc4 1064->1079 1066->1063 1067->1015 1067->1066 1076 7ff7591b3730-7ff7591b37be call 7ff75913a020 call 7ff7591bae00 1069->1076 1077 7ff7591b37c3-7ff7591b37d5 call 7ff7591bc600 1069->1077 1074 7ff7591b3702-7ff7591b3715 1070->1074 1075 7ff7591b371b call 7ff7591a5fd0 1070->1075 1074->1025 1074->1075 1075->1069 1092 7ff7591b446b-7ff7591b44a8 call 7ff7591b1380 call 7ff7591a5fb0 1076->1092 1085 7ff7591b3870-7ff7591b3887 call 7ff7591b1590 1077->1085 1086 7ff7591b37db-7ff7591b386b call 7ff75913a020 call 7ff7591bae00 1077->1086 1097 7ff7591b3891-7ff7591b38af call 7ff7591653a0 1085->1097 1098 7ff7591b3889-7ff7591b388c 1085->1098 1086->1092 1104 7ff7591b38b1-7ff7591b38c1 1097->1104 1105 7ff7591b38fc-7ff7591b3952 call 7ff7591350c0 call 7ff759133850 call 7ff75916a650 1097->1105 1098->1092 1104->1105 1113 7ff7591b3970-7ff7591b3990 call 7ff7591389d0 1105->1113 1114 7ff7591b3954-7ff7591b3963 1105->1114 1118 7ff7591b3993-7ff7591b39e9 call 7ff7591bae00 1113->1118 1115 7ff7591b3965 1114->1115 1116 7ff7591b3968-7ff7591b396e 1114->1116 1115->1116 1116->1118 1122 7ff7591b3a1f-7ff7591b3a41 1118->1122 1123 7ff7591b39eb-7ff7591b39ff 1118->1123 1126 7ff7591b3a43-7ff7591b3a57 1122->1126 1127 7ff7591b3a78-7ff7591b3a8d call 7ff759121740 1122->1127 1124 7ff7591b3a01-7ff7591b3a14 1123->1124 1125 7ff7591b3a1a call 7ff7591a5fd0 1123->1125 1124->1036 1124->1125 1125->1122 1129 7ff7591b3a72-7ff7591b3a77 call 7ff7591a5fd0 1126->1129 1130 7ff7591b3a59-7ff7591b3a6c 1126->1130 1135 7ff7591b3a8f-7ff7591b3a91 1127->1135 1136 7ff7591b3ab9-7ff7591b3ac4 1127->1136 1129->1127 1130->1055 1130->1129 1135->1136 1137 7ff7591b3a93-7ff7591b3ab7 1135->1137 1138 7ff7591b3ac8-7ff7591b3af0 call 7ff7591bbc80 1136->1138 1137->1138 1141 7ff7591b3af6-7ff7591b3b78 call 7ff75913a020 call 7ff7591bae00 1138->1141 1142 7ff7591b3b7d-7ff7591b3bb2 call 7ff7591af450 call 7ff7591bbef0 1138->1142 1151 7ff7591b4455-7ff7591b445c 1141->1151 1152 7ff7591b3c56-7ff7591b3c6f 1142->1152 1153 7ff7591b3bb8-7ff7591b3c51 call 7ff75913a020 call 7ff7591bae00 1142->1153 1151->1092 1155 7ff7591b445e-7ff7591b446a call 7ff7591b1380 1151->1155 1156 7ff7591b3c71-7ff7591b3c97 call 7ff7591ac0e0 1152->1156 1157 7ff7591b3c9c-7ff7591b3d30 call 7ff7591aed10 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 1152->1157 1167 7ff7591b444a-7ff7591b4454 call 7ff7591b1380 1153->1167 1155->1092 1156->1157 1175 7ff7591b3d32-7ff7591b3d46 1157->1175 1176 7ff7591b3d66-7ff7591b3d88 1157->1176 1167->1151 1177 7ff7591b3d61 call 7ff7591a5fd0 1175->1177 1178 7ff7591b3d48-7ff7591b3d5b 1175->1178 1179 7ff7591b3d8a-7ff7591b3d9e 1176->1179 1180 7ff7591b3dbe-7ff7591b3de5 call 7ff7591b4890 1176->1180 1177->1176 1178->1064 1178->1177 1182 7ff7591b3da0-7ff7591b3db3 1179->1182 1183 7ff7591b3db9 call 7ff7591a5fd0 1179->1183 1187 7ff7591b3def-7ff7591b3ffb call 7ff7591aef50 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 call 7ff7591326c0 * 2 call 7ff7591aee90 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 call 7ff7591326c0 * 2 call 7ff7591b99f0 call 7ff7591aed10 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 call 7ff7591326c0 * 2 1180->1187 1188 7ff7591b3de7-7ff7591b3dea 1180->1188 1182->1079 1182->1183 1183->1180 1241 7ff7591b4001-7ff7591b4016 call 7ff7591653a0 1187->1241 1242 7ff7591b4105-7ff7591b439e call 7ff7591aed10 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 call 7ff7591326c0 * 2 call 7ff7591b8220 call 7ff75913b2f0 call 7ff75913b330 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 call 7ff7591326c0 * 2 call 7ff75911dff0 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 call 7ff7591326c0 * 2 call 7ff7591bc960 call 7ff7591b8220 call 7ff7591b1380 1187->1242 1189 7ff7591b43cf-7ff7591b43d2 1188->1189 1189->1167 1191 7ff7591b43d4-7ff7591b43da 1189->1191 1194 7ff7591b43f4-7ff7591b442a 1191->1194 1195 7ff7591b43dc 1191->1195 1198 7ff7591b4441-7ff7591b4449 call 7ff7591a5fd0 1194->1198 1199 7ff7591b442c-7ff7591b443f 1194->1199 1197 7ff7591b43e0-7ff7591b43f2 call 7ff7591afc60 1195->1197 1197->1194 1198->1167 1199->1198 1202 7ff7591b44a9-7ff7591b44ae call 7ff759183bc4 1199->1202 1202->1001 1248 7ff7591b4020-7ff7591b4060 call 7ff7591b07d0 call 7ff759134ae0 call 7ff759139d50 call 7ff7591342e0 1241->1248 1315 7ff7591b43c2-7ff7591b43ce call 7ff7591b1380 1242->1315 1316 7ff7591b43a0-7ff7591b43a4 1242->1316 1265 7ff7591b4062-7ff7591b4100 call 7ff759133850 call 7ff759121740 call 7ff75916a650 call 7ff759133ad0 call 7ff7591bae00 call 7ff7591326c0 * 2 1248->1265 1265->1242 1315->1189 1316->1315 1317 7ff7591b43a6-7ff7591b43ba 1316->1317 1320 7ff7591b43c1 1317->1320 1320->1315
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: one$Chosen detour scheme: $Hook instructions: $Hook size: $Original function:$Prologue offset: $Prologue to overwrite:$Trampoline Jmp Tbl:$Trampoline:$UNKNOWN$failed$ions$m_fnAddress: $m_trampoline: $m_trampolineSz:
                                                                  • API String ID: 3668304517-2571529286
                                                                  • Opcode ID: 3ccd86010bd4db3d21a5f95ce0cbf476ba86f1419509c969db7480cc75890916
                                                                  • Instruction ID: 35de525def3eb1a2ec2640a213432e797e67ec7de9c08f31091ac702c7b045c5
                                                                  • Opcode Fuzzy Hash: 3ccd86010bd4db3d21a5f95ce0cbf476ba86f1419509c969db7480cc75890916
                                                                  • Instruction Fuzzy Hash: FFB29762A18BD185EB21EF34E8413EDB372FB95788F845232DA4D07696DF78E685C310
                                                                  Function 00007FF7591B2000 Relevance: 41.2, APIs: 9, Strings: 14, Instructions: 900COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $, [$AsmJit error: $AsmTK error: $Translation address: $Translation:$], $invalid map<K, T> key$lea rsp, [rsp - 0x80]$mov $mov [$pop $push $ret
                                                                  • API String ID: 0-682514236
                                                                  • Opcode ID: 2ec50bdac201dc851adf0de9c64dfe710cdd040a4f0a2fe34fcc99ef2f03135e
                                                                  • Instruction ID: eae884ee69f75220ef7e6899a8412374a90c7692adc6c8065a0636bb55a9d5de
                                                                  • Opcode Fuzzy Hash: 2ec50bdac201dc851adf0de9c64dfe710cdd040a4f0a2fe34fcc99ef2f03135e
                                                                  • Instruction Fuzzy Hash: 9F92B662A08BD585EF21EF34E8403EDA372FB55388F845631DA5C4BA9ADF78D685C310
                                                                  Function 00007FF7591B4530 Relevance: 36.5, APIs: 12, Strings: 8, Instructions: 1457COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                  • String ID: Instructions needing entry:$Instructions needing relocation:$Instructions needing translation:$Jmp To Prol:$Original function:$Trampoline address: $jmp$m_fnAddress:
                                                                  • API String ID: 3936042273-1617887432
                                                                  • Opcode ID: f3f86b5cb0a87ddbe915c5c4f3e8896dc128ce3eb568e54f2f2d22fbfba82f04
                                                                  • Instruction ID: 4fce1737c222fd6f777ebdbe9a220d9c0d9e23e9674b7b3e9bf661139b7d68c6
                                                                  • Opcode Fuzzy Hash: f3f86b5cb0a87ddbe915c5c4f3e8896dc128ce3eb568e54f2f2d22fbfba82f04
                                                                  • Instruction Fuzzy Hash: CBE2AE62A08BD189EF20EF64E4443EDA372EB55798F885232DA5D07BDADF78D584C310
                                                                  Function 00007FF75912E240 Relevance: 35.9, APIs: 17, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2174 7ff75912e240-7ff75912e33f LoadLibraryA 2175 7ff75912f200-7ff75912f20a 2174->2175 2176 7ff75912e345-7ff75912e700 GetProcAddress * 6 2174->2176 2178 7ff75912f219-7ff75912f21c 2175->2178 2179 7ff75912f20c-7ff75912f20e 2175->2179 2176->2175 2177 7ff75912e706-7ff75912e709 2176->2177 2177->2175 2182 7ff75912e70f-7ff75912e712 2177->2182 2180 7ff75912f227-7ff75912f256 call 7ff7591a5fb0 2178->2180 2181 7ff75912f21e-7ff75912f221 FreeLibrary 2178->2181 2179->2178 2181->2180 2182->2175 2184 7ff75912e718-7ff75912e71b 2182->2184 2184->2175 2187 7ff75912e721-7ff75912e724 2184->2187 2187->2175 2188 7ff75912e72a-7ff75912e72d 2187->2188 2188->2175 2189 7ff75912e733-7ff75912e741 2188->2189 2190 7ff75912e745-7ff75912e747 2189->2190 2190->2175 2191 7ff75912e74d-7ff75912e759 2190->2191 2191->2175 2192 7ff75912e75f-7ff75912e768 2191->2192 2193 7ff75912e770-7ff75912e78b 2192->2193 2195 7ff75912f1e7-7ff75912f1f3 2193->2195 2196 7ff75912e791-7ff75912e7af 2193->2196 2195->2193 2197 7ff75912f1f9 2195->2197 2196->2195 2199 7ff75912e7b5-7ff75912e7c7 2196->2199 2197->2175 2200 7ff75912e7cd 2199->2200 2201 7ff75912f1d3-7ff75912f1e2 2199->2201 2202 7ff75912e7d2-7ff75912e823 call 7ff7591a5fd8 2200->2202 2201->2195 2207 7ff75912e829-7ff75912e830 2202->2207 2208 7ff75912eaa2 2202->2208 2207->2208 2209 7ff75912e836-7ff75912e92f call 7ff759164b00 call 7ff759135430 call 7ff759135700 2207->2209 2210 7ff75912eaa4-7ff75912eaab 2208->2210 2235 7ff75912e930-7ff75912e938 2209->2235 2212 7ff75912ed21-7ff75912ed5d 2210->2212 2213 7ff75912eab1-7ff75912eab8 2210->2213 2220 7ff75912eff7-7ff75912eff9 2212->2220 2221 7ff75912ed63-7ff75912ed71 2212->2221 2213->2212 2215 7ff75912eabe-7ff75912ebab call 7ff759164b00 call 7ff759135430 call 7ff759135700 2213->2215 2247 7ff75912ebb2-7ff75912ebba 2215->2247 2227 7ff75912efff-7ff75912f128 call 7ff759138050 call 7ff759131650 call 7ff759138050 call 7ff759131650 call 7ff759133cf0 call 7ff7591a5fd8 call 7ff75914bd30 2220->2227 2228 7ff75912f1a5-7ff75912f1bb call 7ff759130a30 2220->2228 2225 7ff75912ed77-7ff75912ed7e 2221->2225 2226 7ff75912eff0-7ff75912eff3 2221->2226 2225->2226 2233 7ff75912ed84-7ff75912ee78 call 7ff759164b00 call 7ff759135430 call 7ff759135700 2225->2233 2226->2220 2231 7ff75912eff5 2226->2231 2317 7ff75912f12a-7ff75912f12c 2227->2317 2318 7ff75912f134-7ff75912f147 call 7ff759133340 2227->2318 2242 7ff75912f1c1-7ff75912f1cc 2228->2242 2243 7ff75912e7d0 2228->2243 2231->2220 2264 7ff75912ee80-7ff75912ee87 2233->2264 2235->2235 2240 7ff75912e93a-7ff75912e994 call 7ff759138050 call 7ff7591366b0 call 7ff759133cf0 2235->2240 2270 7ff75912e9c7-7ff75912e9f1 2240->2270 2271 7ff75912e996-7ff75912e9a7 2240->2271 2242->2201 2243->2202 2247->2247 2251 7ff75912ebbc-7ff75912ec15 call 7ff759138050 call 7ff7591366b0 call 7ff759133cf0 2247->2251 2289 7ff75912ec17-7ff75912ec28 2251->2289 2290 7ff75912ec48-7ff75912ec72 2251->2290 2264->2264 2268 7ff75912ee89-7ff75912eee2 call 7ff759138050 call 7ff7591366b0 call 7ff759133cf0 2264->2268 2328 7ff75912ef15-7ff75912ef3e 2268->2328 2329 7ff75912eee4-7ff75912eef5 2268->2329 2280 7ff75912ea29-7ff75912ea4f 2270->2280 2281 7ff75912e9f3-7ff75912ea07 2270->2281 2276 7ff75912e9a9-7ff75912e9bc 2271->2276 2277 7ff75912e9c2 call 7ff7591a5fd0 2271->2277 2276->2277 2287 7ff75912f2b1-7ff75912f2b6 call 7ff759183bc4 2276->2287 2277->2270 2285 7ff75912ea87-7ff75912eaa0 2280->2285 2286 7ff75912ea51-7ff75912ea65 2280->2286 2282 7ff75912ea09-7ff75912ea1c 2281->2282 2283 7ff75912ea22-7ff75912ea27 call 7ff7591a5fd0 2281->2283 2282->2283 2292 7ff75912f2b7-7ff75912f2bc call 7ff759183bc4 2282->2292 2283->2280 2285->2210 2298 7ff75912ea67-7ff75912ea7a 2286->2298 2299 7ff75912ea80-7ff75912ea85 call 7ff7591a5fd0 2286->2299 2287->2292 2300 7ff75912ec2a-7ff75912ec3d 2289->2300 2301 7ff75912ec43 call 7ff7591a5fd0 2289->2301 2295 7ff75912ecaa-7ff75912ecd0 2290->2295 2296 7ff75912ec74-7ff75912ec88 2290->2296 2310 7ff75912f2bd-7ff75912f2c2 call 7ff759183bc4 2292->2310 2312 7ff75912ed08-7ff75912ed1a 2295->2312 2313 7ff75912ecd2-7ff75912ece6 2295->2313 2307 7ff75912ec8a-7ff75912ec9d 2296->2307 2308 7ff75912eca3-7ff75912eca8 call 7ff7591a5fd0 2296->2308 2298->2299 2298->2310 2299->2285 2300->2301 2315 7ff75912f2c3-7ff75912f2c8 call 7ff759183bc4 2300->2315 2301->2290 2307->2308 2319 7ff75912f2c9-7ff75912f2ce call 7ff759183bc4 2307->2319 2308->2295 2310->2315 2312->2212 2321 7ff75912ece8-7ff75912ecfb 2313->2321 2322 7ff75912ed01-7ff75912ed06 call 7ff7591a5fd0 2313->2322 2315->2319 2330 7ff75912f25d-7ff75912f2aa call 7ff759133500 call 7ff759137390 call 7ff759137460 call 7ff7591a85d8 2317->2330 2331 7ff75912f132 2317->2331 2342 7ff75912f14b-7ff75912f157 2318->2342 2334 7ff75912f2cf-7ff75912f2d4 call 7ff759183bc4 2319->2334 2321->2322 2321->2334 2322->2312 2343 7ff75912ef40-7ff75912ef54 2328->2343 2344 7ff75912ef74-7ff75912ef9a 2328->2344 2339 7ff75912eef7-7ff75912ef0a 2329->2339 2340 7ff75912ef10 call 7ff7591a5fd0 2329->2340 2370 7ff75912f2ab-7ff75912f2b0 call 7ff759183bc4 2330->2370 2331->2342 2348 7ff75912f2d5-7ff75912f2da call 7ff759183bc4 2334->2348 2339->2340 2339->2348 2340->2328 2353 7ff75912f159-7ff75912f17c 2342->2353 2354 7ff75912f17e-7ff75912f188 call 7ff75913c9e0 2342->2354 2351 7ff75912ef6f call 7ff7591a5fd0 2343->2351 2352 7ff75912ef56-7ff75912ef69 2343->2352 2356 7ff75912ef9c-7ff75912efb0 2344->2356 2357 7ff75912efd0-7ff75912efe9 2344->2357 2351->2344 2352->2351 2359 7ff75912f257-7ff75912f25c call 7ff759183bc4 2352->2359 2361 7ff75912f18d-7ff75912f19e call 7ff759133cf0 2353->2361 2354->2361 2364 7ff75912efcb call 7ff7591a5fd0 2356->2364 2365 7ff75912efb2-7ff75912efc5 2356->2365 2357->2226 2359->2330 2361->2228 2364->2357 2365->2364 2365->2370 2370->2287
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$AddressProc$Library$FreeLoad
                                                                  • String ID: cannot use push_back() with $system$vault
                                                                  • API String ID: 2463004387-1741236777
                                                                  • Opcode ID: 05d2e61f9fa580f84d7d12ca1f246b1bc00d86d634c62b345fbc85d4ed68ddb5
                                                                  • Instruction ID: bff5f9dd34cef20bc381437dd4f2f812d257756acf3b76df93fa3e2f14e08a41
                                                                  • Opcode Fuzzy Hash: 05d2e61f9fa580f84d7d12ca1f246b1bc00d86d634c62b345fbc85d4ed68ddb5
                                                                  • Instruction Fuzzy Hash: 4F926C32609BC589EB609F25E8843EDB3B4F749798F544226EB9C47B99EF39D644C300
                                                                  Function 00007FF7591B4890 Relevance: 34.4, APIs: 12, Strings: 7, Instructions: 1164COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Instructions needing entry:$Instructions needing relocation:$Instructions needing translation:$Jmp To Prol:$Original function:$Trampoline address: $m_fnAddress:
                                                                  • API String ID: 0-38338247
                                                                  • Opcode ID: 26f5bcde2b71b93b35c110bb7241ee112181efc3a198ccf69ac9b6c280090035
                                                                  • Instruction ID: 0da7631c31818809533b0479af82a397136037a640b4e22868a98ef441fa7c15
                                                                  • Opcode Fuzzy Hash: 26f5bcde2b71b93b35c110bb7241ee112181efc3a198ccf69ac9b6c280090035
                                                                  • Instruction Fuzzy Hash: 3DC29E22A08BD589EF20EF24E4443EDA372FB55798F985232DA5D07B9ADF78D584C310
                                                                  Function 00007FF759127AA0 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 797fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2817 7ff759127aa0-7ff759127b6f call 7ff7591edb10 call 7ff7591278c0 call 7ff759135ee0 2824 7ff759127b71 2817->2824 2825 7ff759127b74-7ff759127bbf FindFirstFileW call 7ff759132490 * 2 2817->2825 2824->2825 2830 7ff7591283b8-7ff7591283c3 2825->2830 2831 7ff759127bc5 2825->2831 2832 7ff7591283ce 2830->2832 2833 7ff7591283c5 2830->2833 2834 7ff759127bd0-7ff759127be4 2831->2834 2835 7ff75912838b-7ff7591283b7 call 7ff7591a5fb0 2832->2835 2833->2832 2836 7ff759127c08-7ff759127c13 2834->2836 2837 7ff759127be6-7ff759127be9 2834->2837 2839 7ff759128356-7ff75912836e FindNextFileW 2836->2839 2841 7ff759127c19-7ff759127c3a 2836->2841 2838 7ff759127bef-7ff759127bf2 2837->2838 2837->2839 2838->2836 2842 7ff759127bf4-7ff759127bf7 2838->2842 2839->2834 2845 7ff759128374-7ff75912837f 2839->2845 2844 7ff759127c40-7ff759127c49 2841->2844 2842->2836 2846 7ff759127bf9-7ff759127c02 2842->2846 2844->2844 2847 7ff759127c4b-7ff759127cf9 call 7ff759127630 call 7ff75911ff50 call 7ff759120180 call 7ff759132490 call 7ff75911fbe0 2844->2847 2845->2835 2848 7ff759128381-7ff75912838a 2845->2848 2846->2836 2846->2839 2860 7ff759127d00-7ff759127d03 2847->2860 2848->2835 2861 7ff759127d09-7ff759127d1b call 7ff759135da0 2860->2861 2862 7ff759127da4-7ff759127db0 2860->2862 2872 7ff759127d1d-7ff759127d29 2861->2872 2873 7ff759127d96-7ff759127d9f 2861->2873 2864 7ff759127dfc-7ff759127e4b call 7ff75911fc20 call 7ff75911fbe0 2862->2864 2865 7ff759127db2-7ff759127dd4 2862->2865 2884 7ff759127e97-7ff759127ebf 2864->2884 2885 7ff759127e4d-7ff759127e6f 2864->2885 2868 7ff759127df7 call 7ff7591a5fd0 2865->2868 2869 7ff759127dd6-7ff759127df1 2865->2869 2868->2864 2869->2868 2874 7ff7591283d5-7ff7591283da call 7ff759183bc4 2869->2874 2876 7ff759127d2b-7ff759127d4d 2872->2876 2877 7ff759127d75-7ff759127d91 2872->2877 2873->2860 2889 7ff7591283db-7ff7591283e0 call 7ff759183bc4 2874->2889 2880 7ff759127d70 call 7ff7591a5fd0 2876->2880 2881 7ff759127d4f-7ff759127d6a 2876->2881 2882 7ff759127f5b-7ff759127f6d call 7ff759120180 2877->2882 2880->2877 2881->2880 2887 7ff7591283d0 call 7ff759183bc4 2881->2887 2882->2839 2894 7ff759127ec6-7ff759127ec9 2884->2894 2890 7ff759127e92 call 7ff7591a5fd0 2885->2890 2891 7ff759127e71-7ff759127e8c 2885->2891 2887->2874 2900 7ff7591283e1 call 7ff759183bc4 2889->2900 2890->2884 2891->2889 2891->2890 2897 7ff759127f80-7ff759127f8c 2894->2897 2898 7ff759127ecf-7ff759127ee1 call 7ff759135da0 2894->2898 2901 7ff759127fd8-7ff759127ffc 2897->2901 2902 7ff759127f8e-7ff759127fb0 2897->2902 2914 7ff759127ee7-7ff759127ef3 2898->2914 2915 7ff759127f72-7ff759127f7b 2898->2915 2911 7ff7591283e6-7ff7591283eb call 7ff759183bc4 2900->2911 2908 7ff75912801e-7ff75912802e call 7ff75916d1d0 2901->2908 2909 7ff759127ffe-7ff759128001 2901->2909 2905 7ff759127fb2-7ff759127fcd 2902->2905 2906 7ff759127fd3 call 7ff7591a5fd0 2902->2906 2905->2906 2905->2911 2906->2901 2925 7ff759128047-7ff75912804a 2908->2925 2926 7ff759128030-7ff759128042 call 7ff759120180 2908->2926 2909->2908 2910 7ff759128003-7ff75912800f call 7ff759127aa0 2909->2910 2923 7ff759128014-7ff759128019 2910->2923 2929 7ff7591283ec-7ff759128416 call 7ff75911f6b0 2911->2929 2916 7ff759127f3f-7ff759127f53 2914->2916 2917 7ff759127ef5-7ff759127f17 2914->2917 2915->2894 2916->2882 2921 7ff759127f3a call 7ff7591a5fd0 2917->2921 2922 7ff759127f19-7ff759127f34 2917->2922 2921->2916 2922->2900 2922->2921 2928 7ff759128349-7ff759128351 call 7ff759120180 2923->2928 2931 7ff75912831c-7ff759128321 2925->2931 2932 7ff759128050-7ff75912805f call 7ff759127180 2925->2932 2926->2839 2928->2839 2941 7ff759128418-7ff759128426 2929->2941 2942 7ff759128445-7ff759128461 2929->2942 2931->2928 2932->2931 2940 7ff759128065-7ff759128083 call 7ff75916ceb0 2932->2940 2951 7ff759128089-7ff7591280eb call 7ff759133590 call 7ff75911fab0 2940->2951 2952 7ff75912830e-7ff75912831b call 7ff759123a40 2940->2952 2944 7ff759128428-7ff75912843b 2941->2944 2945 7ff759128440 call 7ff7591a5fd0 2941->2945 2946 7ff75912848f-7ff7591284a7 2942->2946 2947 7ff759128463-7ff759128470 2942->2947 2953 7ff7591284a8-7ff7591284ad call 7ff759183bc4 2944->2953 2954 7ff75912843d 2944->2954 2945->2942 2949 7ff75912848a call 7ff7591a5fd0 2947->2949 2950 7ff759128472-7ff759128485 2947->2950 2949->2946 2956 7ff759128487 2950->2956 2957 7ff7591284ae-7ff75912850f call 7ff759183bc4 2950->2957 2970 7ff7591280ed 2951->2970 2971 7ff7591280f0-7ff7591281e4 call 7ff759135430 call 7ff759135700 call 7ff759138050 call 7ff759131650 call 7ff759133cf0 call 7ff7591326c0 * 2 2951->2971 2952->2931 2953->2957 2954->2945 2956->2949 2972 7ff75912873f-7ff75912876b call 7ff7591a5fb0 2957->2972 2973 7ff759128515-7ff75912851c 2957->2973 2970->2971 2971->2929 3030 7ff7591281ea-7ff7591282ea call 7ff759145210 call 7ff759138050 call 7ff759131650 call 7ff759133cf0 call 7ff7591327f0 call 7ff759131650 call 7ff759131570 2971->3030 2976 7ff759128520-7ff759128536 2973->2976 2979 7ff759128538 2976->2979 2980 7ff75912853b-7ff75912858a call 7ff75913f090 call 7ff75911ff50 2976->2980 2979->2980 2989 7ff75912858c-7ff7591285a3 2980->2989 2990 7ff7591285c3-7ff75912860a call 7ff759121230 2980->2990 2992 7ff7591285be call 7ff7591a5fd0 2989->2992 2993 7ff7591285a5-7ff7591285b8 2989->2993 3002 7ff7591286dd-7ff7591286df 2990->3002 3003 7ff759128610-7ff759128613 2990->3003 2992->2990 2993->2992 2996 7ff759128787-7ff7591287d6 call 7ff759183bc4 call 7ff759174a60 2993->2996 3023 7ff7591287d8 2996->3023 3024 7ff7591287f3-7ff7591287fb 2996->3024 3004 7ff759128772-7ff759128786 call 7ff759120980 3002->3004 3005 7ff7591286e5-7ff7591286ed 3002->3005 3003->3005 3008 7ff759128619-7ff75912862b call 7ff75916ceb0 3003->3008 3004->2996 3009 7ff759128721-7ff759128739 3005->3009 3010 7ff7591286ef-7ff759128705 3005->3010 3026 7ff759128631-7ff7591286d1 call 7ff759145210 call 7ff7591327f0 call 7ff759131650 call 7ff7591327f0 call 7ff759131650 call 7ff759133cf0 3008->3026 3027 7ff7591286d2-7ff7591286db call 7ff759123a40 3008->3027 3009->2972 3009->2976 3015 7ff759128707-7ff75912871a 3010->3015 3016 7ff75912871c call 7ff7591a5fd0 3010->3016 3015->3016 3021 7ff75912876c-7ff759128771 call 7ff759183bc4 3015->3021 3016->3009 3021->3004 3029 7ff7591287e0-7ff7591287e5 call 7ff759127aa0 3023->3029 3031 7ff7591287fd-7ff759128805 3024->3031 3032 7ff759128864-7ff759128880 call 7ff75916c490 call 7ff759127aa0 3024->3032 3026->3027 3027->3005 3045 7ff7591287ea-7ff7591287f1 3029->3045 3089 7ff7591282ef-7ff75912830d call 7ff759133cf0 3030->3089 3039 7ff759128807-7ff759128816 call 7ff759120180 3031->3039 3040 7ff75912881d-7ff759128833 3031->3040 3059 7ff759128885-7ff759128895 3032->3059 3061 7ff759128818 3039->3061 3048 7ff75912884e-7ff75912885f call 7ff7591a5fd0 3040->3048 3049 7ff759128835-7ff759128848 3040->3049 3045->3024 3045->3029 3048->3032 3049->3048 3050 7ff759128905-7ff75912890a call 7ff759183bc4 3049->3050 3064 7ff7591288ca-7ff7591288fe call 7ff7591a5fb0 3059->3064 3065 7ff759128897-7ff7591288ae 3059->3065 3061->3040 3068 7ff7591288b0-7ff7591288c3 3065->3068 3069 7ff7591288c5 call 7ff7591a5fd0 3065->3069 3068->3069 3073 7ff7591288ff-7ff759128904 call 7ff759183bc4 3068->3073 3069->3064 3073->3050 3089->2952
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileFind$FirstNext
                                                                  • String ID: content$exists$filename
                                                                  • API String ID: 4266024580-1949714836
                                                                  • Opcode ID: 1695b9e4f29f96d3cc302258a962b42ccbc65fc78b56339fecc86d30533bbb36
                                                                  • Instruction ID: a85fc2bfccb0b6079dba3a2a118e2fc8cd759215cc6f73e015f464844e5ccb96
                                                                  • Opcode Fuzzy Hash: 1695b9e4f29f96d3cc302258a962b42ccbc65fc78b56339fecc86d30533bbb36
                                                                  • Instruction Fuzzy Hash: CC827F62A08BD691EE20EF25F4443EEA371FB84794F984231E69D07AA9DF7CD581C710
                                                                  Function 00007FF759154200 Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 599COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 3092 7ff759154200-7ff759154af8 call 7ff759121230 * 2 3100 7ff759154afe-7ff759154ec9 call 7ff75911fc20 call 7ff75911fab0 call 7ff759157010 call 7ff75916ceb0 call 7ff759123a40 3092->3100 3101 7ff759154f12-7ff759154f3c call 7ff7591a5fb0 3092->3101 3117 7ff759154efb-7ff759154f0b 3100->3117 3118 7ff759154ecb-7ff759154edf 3100->3118 3117->3101 3119 7ff759154ef6 call 7ff7591a5fd0 3118->3119 3120 7ff759154ee1-7ff759154ef4 3118->3120 3119->3117 3120->3119 3121 7ff759154f3d-7ff75915551d call 7ff759183bc4 call 7ff759133500 call 7ff759137390 call 7ff759137460 call 7ff7591a85d8 call 7ff759120910 * 3 call 7ff759183bc4 * 4 call 7ff759120910 call 7ff759183bc4 * 2 call 7ff75911f6b0 call 7ff759183bc4 call 7ff759120910 call 7ff759183bc4 * 2 call 7ff75911f6b0 call 7ff75911fc20 call 7ff75911fab0 3120->3121 3171 7ff759155520-7ff759155527 3121->3171 3171->3171 3172 7ff759155529-7ff759155728 call 7ff75913f090 call 7ff75911ff50 call 7ff759120180 3171->3172 3179 7ff759155730-7ff759155738 3172->3179 3179->3179 3180 7ff75915573a-7ff7591557d9 call 7ff759138050 call 7ff75913f090 call 7ff75911ff50 call 7ff75916c5e0 3179->3180 3188 7ff7591557de-7ff759155b0a call 7ff759120180 * 2 call 7ff7591329b0 3180->3188 3195 7ff759155b10-7ff759155b17 3188->3195 3195->3195 3196 7ff759155b19-7ff759155b47 call 7ff7591370f0 3195->3196 3199 7ff759155b4d-7ff759155b5c call 7ff759121190 3196->3199 3200 7ff7591564e3-7ff7591564ee 3196->3200 3199->3200 3209 7ff759155b62-7ff759155c0e 3199->3209 3201 7ff7591564f0-7ff7591564fa 3200->3201 3202 7ff759156522-7ff759156542 3200->3202 3201->3202 3204 7ff7591564fc 3201->3204 3205 7ff759156544-7ff75915654d 3202->3205 3206 7ff759156561-7ff7591565e4 call 7ff759123a40 call 7ff7591326c0 call 7ff759120180 call 7ff7591326c0 call 7ff7591a5fb0 3202->3206 3210 7ff759156504-7ff759156507 3204->3210 3205->3206 3217 7ff75915654f-7ff759156560 3205->3217 3209->3200 3212 7ff7591565f7-7ff759156676 call 7ff75911f6b0 call 7ff759120980 call 7ff759120910 call 7ff759183bc4 call 7ff759153fc0 3209->3212 3210->3202 3213 7ff759156509-7ff759156520 3210->3213 3213->3210 3217->3206
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                                                  • API String ID: 0-2713369562
                                                                  • Opcode ID: 4ddf6a19af2319216cee83245caa5fa330ade87ad66d8756843333efb6e909ff
                                                                  • Instruction ID: 598654a1b491a771ea6329142958b79db5fb48db620659b034665e871dfd7cf3
                                                                  • Opcode Fuzzy Hash: 4ddf6a19af2319216cee83245caa5fa330ade87ad66d8756843333efb6e909ff
                                                                  • Instruction Fuzzy Hash: 78522932509BC595EA71AF19F8813EAF3A4FB89780F545225DACC43B59EF38D194CB10
                                                                  Function 00007FF7591DB5E0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 3236 7ff7591db5e0-7ff7591db620 3237 7ff7591db635-7ff7591db63e 3236->3237 3238 7ff7591db622-7ff7591db629 3236->3238 3239 7ff7591db640-7ff7591db643 3237->3239 3240 7ff7591db65a-7ff7591db65c 3237->3240 3238->3237 3241 7ff7591db62b-7ff7591db630 3238->3241 3239->3240 3243 7ff7591db645-7ff7591db64d 3239->3243 3244 7ff7591db8b2 3240->3244 3245 7ff7591db662-7ff7591db666 3240->3245 3242 7ff7591db8b4-7ff7591db8da call 7ff7591a5fb0 3241->3242 3247 7ff7591db653-7ff7591db656 3243->3247 3248 7ff7591db64f-7ff7591db651 3243->3248 3244->3242 3249 7ff7591db66c-7ff7591db66f 3245->3249 3250 7ff7591db73d-7ff7591db764 call 7ff7591db9b4 3245->3250 3247->3240 3248->3240 3248->3247 3253 7ff7591db683-7ff7591db695 GetFileAttributesExW 3249->3253 3254 7ff7591db671-7ff7591db679 3249->3254 3260 7ff7591db786-7ff7591db78f 3250->3260 3261 7ff7591db766-7ff7591db76f 3250->3261 3257 7ff7591db6e8-7ff7591db6f7 3253->3257 3258 7ff7591db697-7ff7591db6a0 GetLastError 3253->3258 3254->3253 3256 7ff7591db67b-7ff7591db67d 3254->3256 3256->3250 3256->3253 3259 7ff7591db6fb-7ff7591db6fd 3257->3259 3258->3242 3262 7ff7591db6a6-7ff7591db6b8 FindFirstFileW 3258->3262 3263 7ff7591db6ff-7ff7591db707 3259->3263 3264 7ff7591db709-7ff7591db737 3259->3264 3267 7ff7591db843-7ff7591db84c 3260->3267 3268 7ff7591db795-7ff7591db7ad GetFileInformationByHandleEx 3260->3268 3265 7ff7591db77f-7ff7591db781 3261->3265 3266 7ff7591db771-7ff7591db779 CloseHandle 3261->3266 3269 7ff7591db6c5-7ff7591db6e6 FindClose 3262->3269 3270 7ff7591db6ba-7ff7591db6c0 GetLastError 3262->3270 3263->3250 3263->3264 3264->3244 3264->3250 3265->3242 3266->3265 3271 7ff7591db8f5-7ff7591db8fa call 7ff759190bd0 3266->3271 3272 7ff7591db89b-7ff7591db89d 3267->3272 3273 7ff7591db84e-7ff7591db862 GetFileInformationByHandleEx 3267->3273 3274 7ff7591db7d5-7ff7591db7ee 3268->3274 3275 7ff7591db7af-7ff7591db7bb GetLastError 3268->3275 3269->3259 3270->3242 3296 7ff7591db8fb-7ff7591db900 call 7ff759190bd0 3271->3296 3281 7ff7591db89f-7ff7591db8a3 3272->3281 3282 7ff7591db8db-7ff7591db8df 3272->3282 3277 7ff7591db864-7ff7591db870 GetLastError 3273->3277 3278 7ff7591db888-7ff7591db898 3273->3278 3274->3267 3283 7ff7591db7f0-7ff7591db7f4 3274->3283 3279 7ff7591db7ce-7ff7591db7d0 3275->3279 3280 7ff7591db7bd-7ff7591db7c8 CloseHandle 3275->3280 3277->3279 3289 7ff7591db876-7ff7591db881 CloseHandle 3277->3289 3278->3272 3279->3242 3280->3279 3290 7ff7591db907-7ff7591db90f call 7ff759190bd0 3280->3290 3281->3244 3291 7ff7591db8a5-7ff7591db8b0 CloseHandle 3281->3291 3286 7ff7591db8e1-7ff7591db8ec CloseHandle 3282->3286 3287 7ff7591db8ee-7ff7591db8f3 3282->3287 3284 7ff7591db7f6-7ff7591db810 GetFileInformationByHandleEx 3283->3284 3285 7ff7591db83c 3283->3285 3292 7ff7591db833-7ff7591db83a 3284->3292 3293 7ff7591db812-7ff7591db81e GetLastError 3284->3293 3295 7ff7591db840 3285->3295 3286->3271 3286->3287 3287->3242 3297 7ff7591db883 3289->3297 3298 7ff7591db901-7ff7591db906 call 7ff759190bd0 3289->3298 3291->3244 3291->3271 3292->3295 3293->3279 3299 7ff7591db820-7ff7591db82b CloseHandle 3293->3299 3295->3267 3296->3298 3297->3279 3298->3290 3299->3296 3303 7ff7591db831 3299->3303 3303->3279
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                  • String ID:
                                                                  • API String ID: 2398595512-0
                                                                  • Opcode ID: 85049687b5dde28f65619eec6ecb9dcc7cc2f377e42605e75442889216d79f68
                                                                  • Instruction ID: 474d934389ecca90989a082e72f737e3436becbe0174a347f5615bdc17f5dc5d
                                                                  • Opcode Fuzzy Hash: 85049687b5dde28f65619eec6ecb9dcc7cc2f377e42605e75442889216d79f68
                                                                  • Instruction Fuzzy Hash: 8C917E31A48B5246FFA4AF25B500679A2B5AF84BB4F9C0335EA7E476D4DF2CE5018720
                                                                  Function 00007FF759124A50 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 369registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID: directory_iterator::directory_iterator$exists$status
                                                                  • API String ID: 71445658-3429586796
                                                                  • Opcode ID: e5264a72e81408a58a012c8a1cbb6d37a5e9ce24cbcada9c2242042ab7c6cb9c
                                                                  • Instruction ID: a34d4cc4626ef0839bcecf3032fa7fe5e6db020fdad80ad28903294a22c94cfd
                                                                  • Opcode Fuzzy Hash: e5264a72e81408a58a012c8a1cbb6d37a5e9ce24cbcada9c2242042ab7c6cb9c
                                                                  • Instruction Fuzzy Hash: 55122832905BC48AEB719F39EC803E973A4F749798F555325EA9C1BB99EF749290C300
                                                                  Function 00007FF75912D6E0 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 671COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 3506 7ff75912d6e0-7ff75912d74a CredEnumerateA 3507 7ff75912e16c-7ff75912e19b call 7ff7591a5fb0 3506->3507 3508 7ff75912d750-7ff75912d759 3506->3508 3509 7ff75912e15f-7ff75912e166 CredFree 3508->3509 3510 7ff75912d75f-7ff75912d777 3508->3510 3509->3507 3512 7ff75912d780-7ff75912d7d2 call 7ff7591a5fd8 3510->3512 3516 7ff75912d7d8-7ff75912d7fe 3512->3516 3517 7ff75912da1d-7ff75912da24 3512->3517 3518 7ff75912d800-7ff75912d808 3516->3518 3519 7ff75912dc79-7ff75912dc80 3517->3519 3520 7ff75912da2a-7ff75912da4e 3517->3520 3518->3518 3521 7ff75912d80a-7ff75912d8c7 call 7ff759138050 call 7ff759135430 call 7ff759135700 3518->3521 3522 7ff75912dec7-7ff75912deca 3519->3522 3523 7ff75912dc86-7ff75912dd6f call 7ff759138050 call 7ff759135430 call 7ff759135700 3519->3523 3524 7ff75912da50-7ff75912da58 3520->3524 3553 7ff75912d8d0-7ff75912d8d8 3521->3553 3525 7ff75912ded0-7ff75912df5a 3522->3525 3526 7ff75912e143-7ff75912e159 call 7ff759130a30 3522->3526 3554 7ff75912dd70-7ff75912dd78 3523->3554 3524->3524 3529 7ff75912da5a-7ff75912db19 call 7ff759138050 call 7ff759135430 call 7ff759135700 3524->3529 3530 7ff75912df60-7ff75912df68 3525->3530 3526->3509 3526->3512 3559 7ff75912db20-7ff75912db28 3529->3559 3530->3530 3535 7ff75912df6a-7ff75912e01b call 7ff759138050 call 7ff759131650 3530->3535 3556 7ff75912e020-7ff75912e028 3535->3556 3553->3553 3557 7ff75912d8da-7ff75912d933 call 7ff759138050 call 7ff7591366b0 call 7ff759133cf0 3553->3557 3554->3554 3558 7ff75912dd7a-7ff75912ddd3 call 7ff759138050 call 7ff7591366b0 call 7ff759133cf0 3554->3558 3556->3556 3563 7ff75912e02a-7ff75912e0c8 call 7ff759138050 call 7ff759131650 call 7ff759133cf0 call 7ff7591a5fd8 call 7ff75914bd30 3556->3563 3585 7ff75912d935-7ff75912d946 3557->3585 3586 7ff75912d966-7ff75912d989 3557->3586 3587 7ff75912ddd5-7ff75912dde6 3558->3587 3588 7ff75912de06-7ff75912de26 3558->3588 3559->3559 3562 7ff75912db2a-7ff75912db83 call 7ff759138050 call 7ff7591366b0 call 7ff759133cf0 3559->3562 3595 7ff75912db85-7ff75912db96 3562->3595 3596 7ff75912dbb6-7ff75912dbdc 3562->3596 3657 7ff75912e0ca-7ff75912e0cc 3563->3657 3658 7ff75912e0d4-7ff75912e0e9 call 7ff759133340 3563->3658 3591 7ff75912d948-7ff75912d95b 3585->3591 3592 7ff75912d961 call 7ff7591a5fd0 3585->3592 3597 7ff75912d98b-7ff75912d99c 3586->3597 3598 7ff75912d9bc-7ff75912d9d4 3586->3598 3593 7ff75912dde8-7ff75912ddfb 3587->3593 3594 7ff75912de01 call 7ff7591a5fd0 3587->3594 3599 7ff75912de28-7ff75912de3c 3588->3599 3600 7ff75912de5c-7ff75912de7e 3588->3600 3591->3592 3606 7ff75912e1f6-7ff75912e1fb call 7ff759183bc4 3591->3606 3592->3586 3593->3594 3607 7ff75912e21a-7ff75913688d call 7ff759183bc4 3593->3607 3594->3588 3608 7ff75912db98-7ff75912dbab 3595->3608 3609 7ff75912dbb1 call 7ff7591a5fd0 3595->3609 3612 7ff75912dbde-7ff75912dbf2 3596->3612 3613 7ff75912dc12-7ff75912dc33 3596->3613 3614 7ff75912d9b7 call 7ff7591a5fd0 3597->3614 3615 7ff75912d99e-7ff75912d9b1 3597->3615 3601 7ff75912da08-7ff75912da1a 3598->3601 3602 7ff75912d9d6-7ff75912d9e8 3598->3602 3616 7ff75912de57 call 7ff7591a5fd0 3599->3616 3617 7ff75912de3e-7ff75912de51 3599->3617 3603 7ff75912deb2-7ff75912dec5 3600->3603 3604 7ff75912de80-7ff75912de92 3600->3604 3601->3517 3618 7ff75912d9ea-7ff75912d9fd 3602->3618 3619 7ff75912da03 call 7ff7591a5fd0 3602->3619 3603->3525 3620 7ff75912dead call 7ff7591a5fd0 3604->3620 3621 7ff75912de94-7ff75912dea7 3604->3621 3631 7ff75912e1fc-7ff75912e201 call 7ff759183bc4 3606->3631 3664 7ff7591368c1-7ff7591368d4 3607->3664 3665 7ff75913688f 3607->3665 3608->3609 3626 7ff75912e208-7ff75912e20d call 7ff759183bc4 3608->3626 3609->3596 3629 7ff75912dc0d call 7ff7591a5fd0 3612->3629 3630 7ff75912dbf4-7ff75912dc07 3612->3630 3622 7ff75912dc35-7ff75912dc46 3613->3622 3623 7ff75912dc66-7ff75912dc76 3613->3623 3614->3598 3615->3614 3615->3631 3616->3600 3617->3616 3632 7ff75912e19c-7ff75912e1a1 call 7ff759183bc4 3617->3632 3618->3619 3636 7ff75912e202-7ff75912e207 call 7ff759183bc4 3618->3636 3619->3601 3620->3603 3621->3620 3637 7ff75912e1f0-7ff75912e1f5 call 7ff759183bc4 3621->3637 3638 7ff75912dc48-7ff75912dc5b 3622->3638 3639 7ff75912dc61 call 7ff7591a5fd0 3622->3639 3623->3519 3647 7ff75912e20e-7ff75912e213 call 7ff759183bc4 3626->3647 3629->3613 3630->3629 3630->3647 3631->3636 3663 7ff75912e1a2-7ff75912e1ef call 7ff759133500 call 7ff759137390 call 7ff759137460 call 7ff7591a85d8 3632->3663 3636->3626 3637->3606 3638->3639 3651 7ff75912e214-7ff75912e219 call 7ff759183bc4 3638->3651 3639->3623 3647->3651 3651->3607 3657->3663 3666 7ff75912e0d2 3657->3666 3672 7ff75912e0ed-7ff75912e0f9 3658->3672 3663->3637 3671 7ff759136890-7ff7591368bf call 7ff759138d20 call 7ff759142d50 call 7ff7591a5fd0 3665->3671 3666->3672 3671->3664 3676 7ff75912e0fb-7ff75912e11a 3672->3676 3677 7ff75912e11c-7ff75912e126 call 7ff75913c9e0 3672->3677 3678 7ff75912e12b-7ff75912e139 call 7ff759133cf0 3676->3678 3677->3678 3678->3526
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Cred$EnumerateFree
                                                                  • String ID: cannot use push_back() with
                                                                  • API String ID: 1347986415-4122110429
                                                                  • Opcode ID: fbcc9960ac331cd7b5ad62ef94e6243cf707cdddad4eaf96dd9412e6c6daf901
                                                                  • Instruction ID: ee822a06c72400f72046d8f426ed4a55cfd6ac9b86995ce6b6a4aad85e3d632c
                                                                  • Opcode Fuzzy Hash: fbcc9960ac331cd7b5ad62ef94e6243cf707cdddad4eaf96dd9412e6c6daf901
                                                                  • Instruction Fuzzy Hash: D4628272A08BD589EB209F25E8403EDB771F749798F944225EAAC17B99DF38D284C710
                                                                  Function 00007FF75917C9C0 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 410COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 3694 7ff75917c9c0-7ff75917ca05 3695 7ff75917ca0b-7ff75917ca35 call 7ff7591edb10 3694->3695 3696 7ff75917ccd1-7ff75917cd0b call 7ff759180320 call 7ff75917d460 3694->3696 3701 7ff75917ca37-7ff75917ca40 3695->3701 3702 7ff75917ca44-7ff75917ca7d call 7ff759157e10 call 7ff75917f450 call 7ff75917d460 3695->3702 3705 7ff75917cd10-7ff75917cd16 3696->3705 3701->3702 3736 7ff75917cc14-7ff75917cc1b 3702->3736 3737 7ff75917ca83-7ff75917cb08 call 7ff759138050 call 7ff759157f70 call 7ff75915b810 call 7ff7591584f0 3702->3737 3708 7ff75917cd1c-7ff75917cd9b call 7ff759138050 call 7ff759157f70 call 7ff75915b810 call 7ff7591584f0 3705->3708 3709 7ff75917cea7-7ff75917ceab 3705->3709 3761 7ff75917cfeb-7ff75917d007 call 7ff759156fd0 call 7ff7591a85d8 3708->3761 3762 7ff75917cda1-7ff75917cda9 3708->3762 3712 7ff75917cf79-7ff75917cf80 3709->3712 3713 7ff75917ceb1-7ff75917cf0e call 7ff759133340 call 7ff759133cf0 3709->3713 3715 7ff75917cf4d-7ff75917cf78 call 7ff7591a5fb0 3712->3715 3716 7ff75917cf82-7ff75917cf97 3712->3716 3713->3715 3739 7ff75917cf10-7ff75917cf25 3713->3739 3721 7ff75917cf3c-7ff75917cf48 call 7ff7591a5fd0 3716->3721 3722 7ff75917cf99-7ff75917cfac 3716->3722 3721->3715 3729 7ff75917cfae 3722->3729 3730 7ff75917cfb6-7ff75917cfbb call 7ff759183bc4 3722->3730 3729->3721 3748 7ff75917cfbc-7ff75917cfd8 call 7ff759156fd0 call 7ff7591a85d8 3730->3748 3742 7ff75917cc1d-7ff75917cc63 call 7ff759133340 3736->3742 3743 7ff75917cc65-7ff75917cc68 3736->3743 3737->3748 3789 7ff75917cb0e-7ff75917cb16 3737->3789 3739->3721 3747 7ff75917cf27-7ff75917cf3a 3739->3747 3757 7ff75917ccb0-7ff75917ccbf call 7ff759133cf0 3742->3757 3745 7ff75917cc6a-7ff75917ccab call 7ff759133340 3743->3745 3746 7ff75917ccc0-7ff75917cccc call 7ff759157c30 3743->3746 3745->3757 3746->3715 3747->3721 3747->3730 3779 7ff75917cfd9-7ff75917cfde call 7ff759183bc4 3748->3779 3757->3746 3780 7ff75917d008-7ff75917d00d call 7ff759183bc4 3761->3780 3768 7ff75917cddc-7ff75917ce21 call 7ff7591a7f18 * 2 3762->3768 3769 7ff75917cdab-7ff75917cdbc 3762->3769 3792 7ff75917ce55-7ff75917ce68 3768->3792 3793 7ff75917ce23-7ff75917ce35 3768->3793 3774 7ff75917cdbe-7ff75917cdd1 3769->3774 3775 7ff75917cdd7 call 7ff7591a5fd0 3769->3775 3774->3775 3774->3780 3775->3768 3797 7ff75917cfdf-7ff75917cfe4 call 7ff759183bc4 3779->3797 3796 7ff75917d00e-7ff75917d013 call 7ff759183bc4 3780->3796 3794 7ff75917cb4a-7ff75917cb90 call 7ff7591a7f18 * 2 3789->3794 3795 7ff75917cb18-7ff75917cb2a 3789->3795 3800 7ff75917ce9c-7ff75917cea2 3792->3800 3801 7ff75917ce6a-7ff75917ce7c 3792->3801 3798 7ff75917ce37-7ff75917ce4a 3793->3798 3799 7ff75917ce50 call 7ff7591a5fd0 3793->3799 3823 7ff75917cbc3-7ff75917cbd5 3794->3823 3824 7ff75917cb92-7ff75917cba3 3794->3824 3802 7ff75917cb2c-7ff75917cb3f 3795->3802 3803 7ff75917cb45 call 7ff7591a5fd0 3795->3803 3817 7ff75917cfe5-7ff75917cfea call 7ff759183bc4 3797->3817 3798->3796 3798->3799 3799->3792 3800->3709 3808 7ff75917ce7e-7ff75917ce91 3801->3808 3809 7ff75917ce97 call 7ff7591a5fd0 3801->3809 3802->3779 3802->3803 3803->3794 3808->3809 3815 7ff75917cfb0-7ff75917cfb5 call 7ff759183bc4 3808->3815 3809->3800 3815->3730 3817->3761 3827 7ff75917cc09-7ff75917cc0f 3823->3827 3828 7ff75917cbd7-7ff75917cbe9 3823->3828 3825 7ff75917cbbe call 7ff7591a5fd0 3824->3825 3826 7ff75917cba5-7ff75917cbb8 3824->3826 3825->3823 3826->3797 3826->3825 3827->3736 3830 7ff75917cbeb-7ff75917cbfe 3828->3830 3831 7ff75917cc04 call 7ff7591a5fd0 3828->3831 3830->3817 3830->3831 3831->3827
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
                                                                  • String ID: value
                                                                  • API String ID: 1346393832-494360628
                                                                  • Opcode ID: 1619d6d474f31fb53aedb52b761491993b205f07f8ed022c08ddbe75d6a52ee1
                                                                  • Instruction ID: dac61b1878a1eadfccb32571bdbfcc87b56a5ef267b87aa081548490992e9117
                                                                  • Opcode Fuzzy Hash: 1619d6d474f31fb53aedb52b761491993b205f07f8ed022c08ddbe75d6a52ee1
                                                                  • Instruction Fuzzy Hash: 75028222A18BD185EF00EF74E4402ADA771EB857A4F985231FAAD03BDADF2CD585C750
                                                                  Function 00007FF7591696D0 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 413COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 3833 7ff7591696d0-7ff759169703 call 7ff7591a6c70 call 7ff75916cde0 3838 7ff759169705-7ff759169728 call 7ff75916d120 call 7ff7591786e0 call 7ff759132490 ExitProcess 3833->3838 3839 7ff75916972f-7ff7591697e1 call 7ff759179910 * 2 call 7ff7591756a0 call 7ff75916a650 3833->3839 3854 7ff759169815-7ff75916984c OpenMutexA 3839->3854 3855 7ff7591697e3-7ff7591697f5 3839->3855 3858 7ff75916984e-7ff759169853 ExitProcess 3854->3858 3859 7ff75916985a-7ff759169948 CreateMutexExA call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918b7a0 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918ad04 call 7ff7591b81c0 3854->3859 3856 7ff7591697f7-7ff75916980a 3855->3856 3857 7ff759169810 call 7ff7591a5fd0 3855->3857 3856->3857 3860 7ff759169ee9-7ff759169eee call 7ff759183bc4 3856->3860 3857->3854 3887 7ff75916994a-7ff75916994f ExitProcess 3859->3887 3888 7ff759169956-7ff759169dba call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff759169580 call 7ff7591b81c0 call 7ff75912e240 call 7ff75912f2e0 call 7ff75912f890 call 7ff7591305c0 call 7ff75912d6e0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918b598 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff7591695d0 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff759169630 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff7591881b8 call 7ff7591b81c0 call 7ff7591b00a0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918b230 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918b180 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff759181db8 call 7ff7591b81c0 call 7ff7591284c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918ac78 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918ac90 call 7ff7591b81c0 call 7ff7591edb10 call 7ff7591af940 call 7ff7591b3180 call 7ff75918ac4c call 7ff7591b81c0 call 7ff7591b00a0 call 7ff759168b70 3859->3888 3868 7ff759169eef-7ff759169ef4 call 7ff759183bc4 3860->3868 4020 7ff759169dce-7ff759169dd5 3888->4020 4021 7ff759169dbc-7ff759169dc8 ReleaseMutex CloseHandle 3888->4021 4022 7ff759169ddd-7ff759169e01 call 7ff7591b00a0 * 3 4020->4022 4023 7ff759169dd7-7ff759169ddc call 7ff759169f00 4020->4023 4021->4020 4031 7ff759169e06-7ff759169e83 call 7ff7591b00a0 * 8 4022->4031 4023->4022 4048 7ff759169e85-7ff759169e97 4031->4048 4049 7ff759169eb3-7ff759169ee8 call 7ff7591a5fb0 4031->4049 4050 7ff759169eae call 7ff7591a5fd0 4048->4050 4051 7ff759169e99-7ff759169eac 4048->4051 4050->4049 4051->3868 4051->4050
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Process$ExitOpenToken$CloseCurrentFileHandleInformationInitializeModuleMutexName
                                                                  • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                  • API String ID: 3348294976-3768118664
                                                                  • Opcode ID: 199beb2f2dfcb68d3d562edd111b9bd2447c991b0721510d36a9b4e8f30c3d03
                                                                  • Instruction ID: be48257d5947eba3285dc33e1a808e5060e72757964bb025c95945794eb62934
                                                                  • Opcode Fuzzy Hash: 199beb2f2dfcb68d3d562edd111b9bd2447c991b0721510d36a9b4e8f30c3d03
                                                                  • Instruction Fuzzy Hash: 24122F21A1D996A1EE20FF61F4512E9E376FFD5380FC80532E18D469AADF2CE905C760
                                                                  Function 00007FF759172890 Relevance: 16.9, APIs: 11, Instructions: 408networkfileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 4055 7ff759172890-7ff759172a2e 4056 7ff759172a30-7ff759172a37 4055->4056 4056->4056 4057 7ff759172a39-7ff759172a6c call 7ff759138050 InternetOpenA 4056->4057 4060 7ff759172b05-7ff759172b1c 4057->4060 4061 7ff759172a72-7ff759172a88 4057->4061 4063 7ff759172b1e 4060->4063 4064 7ff759172b21-7ff759172b48 InternetOpenUrlA 4060->4064 4062 7ff759172a90-7ff759172a98 4061->4062 4065 7ff759172acb-7ff759172b04 call 7ff7591a5fb0 4062->4065 4066 7ff759172a9a-7ff759172aab 4062->4066 4063->4064 4067 7ff759172b79-7ff759172ba4 HttpQueryInfoW 4064->4067 4068 7ff759172b4a-7ff759172b74 4064->4068 4071 7ff759172aad-7ff759172ac0 4066->4071 4072 7ff759172ac6 call 7ff7591a5fd0 4066->4072 4069 7ff759172ba6-7ff759172bda 4067->4069 4070 7ff759172bdf-7ff759172c3a HttpQueryInfoW 4067->4070 4068->4062 4069->4070 4076 7ff759172c3c-7ff759172c52 call 7ff7591883d4 4070->4076 4077 7ff759172c68-7ff759172c7e InternetQueryDataAvailable 4070->4077 4071->4072 4074 7ff759172f05-7ff759172f0a call 7ff759183bc4 4071->4074 4072->4065 4088 7ff759172f0b-7ff759172f10 call 7ff75911df10 4074->4088 4076->4077 4092 7ff759172c54-7ff759172c63 call 7ff759137f00 4076->4092 4083 7ff759172e63-7ff759172eb6 InternetCloseHandle 4077->4083 4084 7ff759172c84-7ff759172c89 4077->4084 4091 7ff759172ebf-7ff759172ec8 4083->4091 4087 7ff759172c90-7ff759172c96 4084->4087 4087->4083 4089 7ff759172c9c-7ff759172cb6 4087->4089 4094 7ff759172d29-7ff759172d41 InternetReadFile 4089->4094 4095 7ff759172cb8-7ff759172cbe 4089->4095 4091->4065 4096 7ff759172ece-7ff759172edf 4091->4096 4092->4077 4103 7ff759172e1d-7ff759172e24 4094->4103 4104 7ff759172d47-7ff759172d4c 4094->4104 4099 7ff759172cec-7ff759172cef call 7ff7591a5fd8 4095->4099 4100 7ff759172cc0-7ff759172cc7 4095->4100 4096->4072 4101 7ff759172ee5-7ff759172ef8 4096->4101 4113 7ff759172cf4-7ff759172d24 call 7ff7591edb10 4099->4113 4100->4088 4105 7ff759172ccd-7ff759172cd8 call 7ff7591a5fd8 4100->4105 4101->4074 4107 7ff759172efa 4101->4107 4103->4083 4109 7ff759172e26-7ff759172e37 4103->4109 4104->4103 4108 7ff759172d52-7ff759172d5d 4104->4108 4117 7ff759172eff-7ff759172f04 call 7ff759183bc4 4105->4117 4125 7ff759172cde-7ff759172cea 4105->4125 4107->4072 4114 7ff759172d8f-7ff759172da9 call 7ff7591389d0 4108->4114 4115 7ff759172d5f-7ff759172d8d call 7ff7591ed470 4108->4115 4110 7ff759172e39-7ff759172e4c 4109->4110 4111 7ff759172e52-7ff759172e5f call 7ff7591a5fd0 4109->4111 4110->4111 4110->4117 4111->4083 4113->4094 4128 7ff759172daa-7ff759172db1 4114->4128 4115->4128 4117->4074 4125->4113 4130 7ff759172db3-7ff759172dc4 4128->4130 4131 7ff759172df4 4128->4131 4132 7ff759172dc6-7ff759172dd9 4130->4132 4133 7ff759172ddf-7ff759172df2 call 7ff7591a5fd0 4130->4133 4134 7ff759172df6-7ff759172e0c InternetQueryDataAvailable 4131->4134 4132->4117 4132->4133 4133->4134 4134->4083 4136 7ff759172e0e-7ff759172e18 4134->4136 4136->4087
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Internet$Query$AvailableDataHttpInfoOpen_invalid_parameter_noinfo_noreturn$CloseConcurrency::cancel_current_taskFileHandleRead
                                                                  • String ID:
                                                                  • API String ID: 1352168858-0
                                                                  • Opcode ID: ec3456ac992806f8490612d3919b847c0d567006da67147138721cadd16efd14
                                                                  • Instruction ID: 64f3a5490c4a9d612c31f1aa36bd528db90ad006e377ac5a607c7033bf049c7b
                                                                  • Opcode Fuzzy Hash: ec3456ac992806f8490612d3919b847c0d567006da67147138721cadd16efd14
                                                                  • Instruction Fuzzy Hash: DF02AE32A18B9186EB10DF69F8403AEB7B4FB89794F540625EE9C17B98DF38D481C710
                                                                  Function 00007FF75912F2E0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 328processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 4138 7ff75912f2e0-7ff75912f358 CreateToolhelp32Snapshot call 7ff7591edb10 call 7ff7591312b0 4143 7ff75912f35e-7ff75912f374 Process32FirstW 4138->4143 4144 7ff75912f571-7ff75912f58d call 7ff7591311e0 4138->4144 4143->4144 4145 7ff75912f37a 4143->4145 4150 7ff75912f7d7-7ff75912f7ec CloseHandle 4144->4150 4151 7ff75912f593-7ff75912f5be call 7ff759135430 4144->4151 4147 7ff75912f380-7ff75912f39a call 7ff759164b00 4145->4147 4159 7ff75912f39c 4147->4159 4160 7ff75912f39f-7ff75912f3ca call 7ff75913b4f0 call 7ff7591350c0 4147->4160 4153 7ff75912f81e-7ff75912f872 call 7ff759121740 call 7ff7591a5fb0 4150->4153 4154 7ff75912f7ee-7ff75912f802 4150->4154 4156 7ff75912f5c3-7ff75912f67a call 7ff759135700 4151->4156 4157 7ff75912f819 call 7ff7591a5fd0 4154->4157 4158 7ff75912f804-7ff75912f817 4154->4158 4174 7ff75912f680-7ff75912f688 4156->4174 4157->4153 4158->4157 4163 7ff75912f873-7ff75912f878 call 7ff759183bc4 4158->4163 4159->4160 4178 7ff75912f3d0-7ff75912f3f7 4160->4178 4176 7ff75912f879-7ff75912f87e call 7ff759183bc4 4163->4176 4174->4174 4177 7ff75912f68a-7ff75912f72f call 7ff759138050 call 7ff759131650 4174->4177 4186 7ff75912f87f-7ff75912f884 call 7ff759183bc4 4176->4186 4194 7ff75912f734-7ff75912f73b 4177->4194 4178->4178 4181 7ff75912f3f9-7ff75912f415 4178->4181 4184 7ff75912f417-7ff75912f429 4181->4184 4185 7ff75912f42b-7ff75912f43d call 7ff759138050 4181->4185 4188 7ff75912f442-7ff75912f4bb call 7ff75913b4f0 call 7ff7591350c0 call 7ff759134ae0 call 7ff759139d50 call 7ff7591342e0 4184->4188 4185->4188 4196 7ff75912f885-7ff75912f88a call 7ff759183bc4 4186->4196 4218 7ff75912f4bd-7ff75912f4cf 4188->4218 4219 7ff75912f4ef-7ff75912f50d 4188->4219 4194->4194 4197 7ff75912f73d-7ff75912f793 call 7ff759138050 call 7ff759131650 call 7ff759133cf0 4194->4197 4213 7ff75912f795-7ff75912f7a6 4197->4213 4214 7ff75912f7c6-7ff75912f7d3 4197->4214 4216 7ff75912f7a8-7ff75912f7bb 4213->4216 4217 7ff75912f7c1 call 7ff7591a5fd0 4213->4217 4214->4150 4216->4176 4216->4217 4217->4214 4221 7ff75912f4ea call 7ff7591a5fd0 4218->4221 4222 7ff75912f4d1-7ff75912f4e4 4218->4222 4223 7ff75912f50f-7ff75912f523 4219->4223 4224 7ff75912f543-7ff75912f56b Process32NextW 4219->4224 4221->4219 4222->4186 4222->4221 4226 7ff75912f53e call 7ff7591a5fd0 4223->4226 4227 7ff75912f525-7ff75912f538 4223->4227 4224->4144 4224->4147 4226->4224 4227->4196 4227->4226
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                  • String ID: [PID:
                                                                  • API String ID: 1946380282-2210602247
                                                                  • Opcode ID: b3b1c53ecf6a850687b54bd6122f76093b8db61cd60b1428289ca85680724f14
                                                                  • Instruction ID: 0df47b4c27ac227f53fcd4f44cbe7eda6caee7a7b28c99e3a7ecb86a8509448c
                                                                  • Opcode Fuzzy Hash: b3b1c53ecf6a850687b54bd6122f76093b8db61cd60b1428289ca85680724f14
                                                                  • Instruction Fuzzy Hash: 6BE1B332A18BC585EB20EF25E4803EDB7B5F7897A4F944225EA9D07B99DF38D244C710
                                                                  Function 00007FF75912F890 Relevance: 15.7, APIs: 10, Instructions: 715COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: 8cf1e2e3a877cd24a2da459ec217a2ba60981e1f9362bf8b9eea48fa588f7ec2
                                                                  • Instruction ID: 72c5b787d876e3af6e0ef2fc72a28d0cf1dc21084796902b8332a480a4fe7c0d
                                                                  • Opcode Fuzzy Hash: 8cf1e2e3a877cd24a2da459ec217a2ba60981e1f9362bf8b9eea48fa588f7ec2
                                                                  • Instruction Fuzzy Hash: 72728F72A18BD989EB20DF69E8403ADB3B5F788798F544325EA9C17B99DF38D140C710
                                                                  Function 00007FF75916C5E0 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 451fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: File$PointerReadSize_invalid_parameter_noinfo_noreturn
                                                                  • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                  • API String ID: 2478245620-15404121
                                                                  • Opcode ID: d7d13687def4016a941bf1933e12be48d524e9cd5fcb599fca2ca1a1f8848f3a
                                                                  • Instruction ID: c633540733360c7bd870d331fbc4bda3bc0b7bb428f394aaa28165acf23e3630
                                                                  • Opcode Fuzzy Hash: d7d13687def4016a941bf1933e12be48d524e9cd5fcb599fca2ca1a1f8848f3a
                                                                  • Instruction Fuzzy Hash: C4322532A08BD589EB20DF24E8803ED77B1FB85748F988226DB4D47A99EF78D544C750
                                                                  Function 00007FF75919A588 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A5CD
                                                                    • Part of subcall function 00007FF759199C34: _invalid_parameter_noinfo.LIBCMT ref: 00007FF759199C48
                                                                    • Part of subcall function 00007FF7591947C0: RtlFreeHeap.NTDLL(?,?,FFFFFFFFF0B8480A,00007FF75919F1B2,?,?,?,00007FF75919F52F,?,?,00000000,00007FF75919D281,?,?,00007FF7591A366E,00007FF75919D1B3), ref: 00007FF7591947D6
                                                                    • Part of subcall function 00007FF7591947C0: GetLastError.KERNEL32(?,?,FFFFFFFFF0B8480A,00007FF75919F1B2,?,?,?,00007FF75919F52F,?,?,00000000,00007FF75919D281,?,?,00007FF7591A366E,00007FF75919D1B3), ref: 00007FF7591947E0
                                                                    • Part of subcall function 00007FF759183BF4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF759183BA3,?,?,?,?,?,00007FF759183A8E), ref: 00007FF759183BFD
                                                                    • Part of subcall function 00007FF759183BF4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF759183BA3,?,?,?,?,?,00007FF759183A8E), ref: 00007FF759183C22
                                                                    • Part of subcall function 00007FF7591A31D4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7591A311F
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A5BC
                                                                    • Part of subcall function 00007FF759199C94: _invalid_parameter_noinfo.LIBCMT ref: 00007FF759199CA8
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A832
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A843
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A854
                                                                  • GetTimeZoneInformation.KERNEL32(00007FF75919AB44), ref: 00007FF75919A87B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                  • API String ID: 4070488512-239921721
                                                                  • Opcode ID: 09ada61799f9e34989d6b846d1425fa5122a705a702ae65f731ec7cff66c12f5
                                                                  • Instruction ID: b1677a54eec19c37ad1f016b481e4d0aad4edce9a5dc9c56984861ca1858162b
                                                                  • Opcode Fuzzy Hash: 09ada61799f9e34989d6b846d1425fa5122a705a702ae65f731ec7cff66c12f5
                                                                  • Instruction Fuzzy Hash: BAD1AF26A0826286FF64BF25E8515B9A7B2FF84794FCC8135EA0D47685DF3CE446C360
                                                                  Function 00007FF7591E2268 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                  • String ID:
                                                                  • API String ID: 1617910340-0
                                                                  • Opcode ID: 88c67a62c97e9640d8f824194156037d4643487aa4b8d57f45b5f64436b2e6ec
                                                                  • Instruction ID: d77f577d21d7c63062e0e2ea86591d500158f140f199c8572f9950c4ffec21bc
                                                                  • Opcode Fuzzy Hash: 88c67a62c97e9640d8f824194156037d4643487aa4b8d57f45b5f64436b2e6ec
                                                                  • Instruction Fuzzy Hash: E3C1C332B14A5186EF50EF65D4902ACBB71F749B98B891639DF2E5B794CF38D051C310
                                                                  Function 00007FF7591756A0 Relevance: 10.7, APIs: 4, Strings: 1, Instructions: 1985COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentProfile
                                                                  • String ID: %d-%m-%Y, %H:%M:%S
                                                                  • API String ID: 2104809126-3495478971
                                                                  • Opcode ID: 7ec3947b1576f89eb4bf083a6752bce0deca2ca537ef56e87aad6f50fee9c44c
                                                                  • Instruction ID: d11b854322a68236e4d677c0f880d0cb50406a3c18b441c5b69748a2a0ce7f17
                                                                  • Opcode Fuzzy Hash: 7ec3947b1576f89eb4bf083a6752bce0deca2ca537ef56e87aad6f50fee9c44c
                                                                  • Instruction Fuzzy Hash: 59239E33A18BD589EB20DF64E8402EDB7B5F789788F844225EA8D17B59EF38D640C750
                                                                  Function 00007FF75919A804 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A832
                                                                    • Part of subcall function 00007FF759199C94: _invalid_parameter_noinfo.LIBCMT ref: 00007FF759199CA8
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A843
                                                                    • Part of subcall function 00007FF759199C34: _invalid_parameter_noinfo.LIBCMT ref: 00007FF759199C48
                                                                  • _get_daylight.LIBCMT ref: 00007FF75919A854
                                                                    • Part of subcall function 00007FF759199C64: _invalid_parameter_noinfo.LIBCMT ref: 00007FF759199C78
                                                                    • Part of subcall function 00007FF7591947C0: RtlFreeHeap.NTDLL(?,?,FFFFFFFFF0B8480A,00007FF75919F1B2,?,?,?,00007FF75919F52F,?,?,00000000,00007FF75919D281,?,?,00007FF7591A366E,00007FF75919D1B3), ref: 00007FF7591947D6
                                                                    • Part of subcall function 00007FF7591947C0: GetLastError.KERNEL32(?,?,FFFFFFFFF0B8480A,00007FF75919F1B2,?,?,?,00007FF75919F52F,?,?,00000000,00007FF75919D281,?,?,00007FF7591A366E,00007FF75919D1B3), ref: 00007FF7591947E0
                                                                  • GetTimeZoneInformation.KERNEL32(00007FF75919AB44), ref: 00007FF75919A87B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                  • API String ID: 3458911817-239921721
                                                                  • Opcode ID: 1d54ad7d994230515202f367153890dc5f42ca7bd2fd500aa621977fc25ffad9
                                                                  • Instruction ID: ae16b6d7c94b8ccea083d496e08f9c0210033b5a7dff5a23036b05c8655e15b9
                                                                  • Opcode Fuzzy Hash: 1d54ad7d994230515202f367153890dc5f42ca7bd2fd500aa621977fc25ffad9
                                                                  • Instruction Fuzzy Hash: D0518D32A0866286FB50FF25E8815A9F7B2FB48784FCC4135EA4D47695DF3CE4428760
                                                                  Function 00007FF759173EC0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 268COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: cores
                                                                  • API String ID: 3668304517-2370456839
                                                                  • Opcode ID: 0220d059ab561a04e2f7a07c1bbfb59cec5a6b68bb6c96023436828c929fb959
                                                                  • Instruction ID: ead905298f4cf6cb17cfba7b2f850b278fec0b3067b707ddc3fdc31e8d715c1e
                                                                  • Opcode Fuzzy Hash: 0220d059ab561a04e2f7a07c1bbfb59cec5a6b68bb6c96023436828c929fb959
                                                                  • Instruction Fuzzy Hash: 60C1E563E18B8186FB10DF78E4403ACB772E7993A8F545325EA9C12ADADF78D581C350
                                                                  Function 00007FF759179910 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                  • String ID:
                                                                  • API String ID: 3038321057-0
                                                                  • Opcode ID: 8ce77bd8c96780d8ce51cbf27ba3336efb55788d0aa1b2300ace07bcdbe83e4b
                                                                  • Instruction ID: 80284571803a89c78b0392294011813326b921b987ba151500a1a7649621aa88
                                                                  • Opcode Fuzzy Hash: 8ce77bd8c96780d8ce51cbf27ba3336efb55788d0aa1b2300ace07bcdbe83e4b
                                                                  • Instruction Fuzzy Hash: 9C214C32618B8182F7509F12F44436AF3B1FB88B90F998135EA8E47B58DF7CD9458B50
                                                                  Function 00007FF7591BDBC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 431COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Cpp_errorExclusiveLockThrow_std::_$AcquireCurrentReleaseThread
                                                                  • String ID: PLH
                                                                  • API String ID: 3715443949-3073785353
                                                                  • Opcode ID: 194f42d5ca84793d6f8092bc43aa08e6ddaec95eeb91ffeb0a26ce8f79bc2a51
                                                                  • Instruction ID: 4cddfbd99d580831c9d06ca4de169a5cce40b5513586e91414110f4f603dcde4
                                                                  • Opcode Fuzzy Hash: 194f42d5ca84793d6f8092bc43aa08e6ddaec95eeb91ffeb0a26ce8f79bc2a51
                                                                  • Instruction Fuzzy Hash: 4402E0B6A09BA082EF68AF15E550128B3B6FB48BD0B9D8031DB9D47794DF3CD891C750
                                                                  Function 00007FF759121B70 Relevance: 4.8, APIs: 3, Instructions: 344COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: be52d5859a54412bc85759e63806bac1250deae1596b2059aa4a3538819d764e
                                                                  • Instruction ID: f3bfb038cddece3a010ecba3412c14d454e816fae75315ef33c813d98397f083
                                                                  • Opcode Fuzzy Hash: be52d5859a54412bc85759e63806bac1250deae1596b2059aa4a3538819d764e
                                                                  • Instruction Fuzzy Hash: F1F16172A09B8889EB209F69E44039DB7B4F788798F544325EEDC56B99EF7CD190C700
                                                                  Function 00007FF759122260 Relevance: 4.8, APIs: 3, Instructions: 336COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b7b8316ca7f89444fccc97d15d47cd3c975deaabdac9190525369719b579a9fa
                                                                  • Instruction ID: 9bea1e464ef269320abd1871b1378383e5b09522cf0c898bf1af89264bff0eac
                                                                  • Opcode Fuzzy Hash: b7b8316ca7f89444fccc97d15d47cd3c975deaabdac9190525369719b579a9fa
                                                                  • Instruction Fuzzy Hash: 1FF14172A08B848AEB209F69E44039DB7B5F788798F544325EEDC57B99EF7CD1908700
                                                                  Function 00007FF7591699C3 Relevance: 3.3, APIs: 2, Instructions: 251synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00007FF75912F2E0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF75912F32A
                                                                    • Part of subcall function 00007FF75912F2E0: Process32FirstW.KERNEL32 ref: 00007FF75912F36C
                                                                    • Part of subcall function 00007FF75912D6E0: CredEnumerateA.ADVAPI32 ref: 00007FF75912D742
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44A9
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44AF
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44B5
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44BB
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44C1
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44C7
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44CD
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44D3
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44D9
                                                                    • Part of subcall function 00007FF75918AC90: GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF75918ACA4
                                                                  • ReleaseMutex.KERNEL32 ref: 00007FF759169DBF
                                                                  • CloseHandle.KERNEL32 ref: 00007FF759169DC8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Time$CloseCreateCredEnumerateFileFirstHandleMutexProcess32ReleaseSnapshotSystemToolhelp32
                                                                  • String ID:
                                                                  • API String ID: 2954792532-0
                                                                  • Opcode ID: 7895ce43db69ecbcdfcd3645df6b442c92a242c4517328c9574893a3d5b3afe6
                                                                  • Instruction ID: 6889602a55a93f3dd38ea9137617e576527cfb3ed2bf6fbc6d4538011dbe67c1
                                                                  • Opcode Fuzzy Hash: 7895ce43db69ecbcdfcd3645df6b442c92a242c4517328c9574893a3d5b3afe6
                                                                  • Instruction Fuzzy Hash: 31C1BC21A19996A1EE20FF61F4512F9D376FFD1340FC85432E18E469AA9F2CEA05C760
                                                                  Function 00007FF759164DB0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CryptDataFreeLocalUnprotect
                                                                  • String ID:
                                                                  • API String ID: 1561624719-0
                                                                  • Opcode ID: 5b4fbf053442e25310b53dca1c7b2668b3ec911186700120499bd6f4c1eedf9a
                                                                  • Instruction ID: 21f6e6b1607e1614c98513ccc9bbd3937ea2a830811d682cd03dad412ce4b255
                                                                  • Opcode Fuzzy Hash: 5b4fbf053442e25310b53dca1c7b2668b3ec911186700120499bd6f4c1eedf9a
                                                                  • Instruction Fuzzy Hash: 54414832A18B90CAE7209F74E4403AD77A4F75878CF485239EA8D06E8ADF79D564C354
                                                                  Function 00007FF759174A60 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: DriveLogicalStrings
                                                                  • String ID:
                                                                  • API String ID: 2022863570-0
                                                                  • Opcode ID: f6ef34cfcb41f3052617f1b5c8a5d3e54f7dd10a2ea138f4be8893bf6e9d4fff
                                                                  • Instruction ID: 334318495c24559df7e5d50f486261236b61dbbecda4ae71167b7ebf0309b03e
                                                                  • Opcode Fuzzy Hash: f6ef34cfcb41f3052617f1b5c8a5d3e54f7dd10a2ea138f4be8893bf6e9d4fff
                                                                  • Instruction Fuzzy Hash: FE41B232A18B8182E710DF20E4803AEB775FB94788F545225EA8C23A69DF7CE5D1D740
                                                                  Function 00007FF7591737A0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: NameUser
                                                                  • String ID:
                                                                  • API String ID: 2645101109-0
                                                                  • Opcode ID: 0c2110f803cbe5af6d23293a590b4dbbdb5d8d4f5a89538c0093553484e9bea2
                                                                  • Instruction ID: 2b2611feeccd68896b79225270c12ccc325d64e3335fd8b9aad0803dfefe1a06
                                                                  • Opcode Fuzzy Hash: 0c2110f803cbe5af6d23293a590b4dbbdb5d8d4f5a89538c0093553484e9bea2
                                                                  • Instruction Fuzzy Hash: 3E01883251C78282EB60DF11F4413A9F3B4FB98788F845135E68D42649DFBCD595CB40
                                                                  Function 00007FF7591CC4B0 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7591CCE94,00000001,?,?,00007FF7591CCC81), ref: 00007FF7591CC4C4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 31276548-0
                                                                  • Opcode ID: 6d2310d077955d8aea653d85a9e0a070073bd4ce5a7b7d11e752ffe5c3d7ecfc
                                                                  • Instruction ID: 06febc702d849e5b6ea1320429f35a60b1b51d989848716a08c9b4257832d8bc
                                                                  • Opcode Fuzzy Hash: 6d2310d077955d8aea653d85a9e0a070073bd4ce5a7b7d11e752ffe5c3d7ecfc
                                                                  • Instruction Fuzzy Hash: 93F0EC31B187468BEB88DB1DA855229B7E5F789700F844139EA4EC3794DF7CE8128B50
                                                                  Function 00007FF759135430 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF7591354B9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                  • API String ID: 0-1713319389
                                                                  • Opcode ID: 8703bcf897a27782d48fff385ec9f2f5ba8ce20dd7dcf58d6ef2ee578fa5f6dc
                                                                  • Instruction ID: 936ec41a11ccd62231b3358932f29d9038d38509acde13d1f518ad5d18c218ae
                                                                  • Opcode Fuzzy Hash: 8703bcf897a27782d48fff385ec9f2f5ba8ce20dd7dcf58d6ef2ee578fa5f6dc
                                                                  • Instruction Fuzzy Hash: 8A41F56361D6E44ADB02CF39901127DBFB2D366F89B5CC162DBD887746DA2DD206CB20
                                                                  Function 00007FF75916D260 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 250networkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 3374 7ff75916d260-7ff75916d2b7 call 7ff759172f20 3377 7ff75916d2fd-7ff75916d3e1 call 7ff759145210 call 7ff759138050 call 7ff759131650 call 7ff759138050 call 7ff759131650 call 7ff759133cf0 WSAStartup 3374->3377 3378 7ff75916d2b9-7ff75916d2c1 3374->3378 3391 7ff75916d4a8 3377->3391 3410 7ff75916d3e7-7ff75916d40b socket 3377->3410 3380 7ff75916d2c5-7ff75916d2cd 3378->3380 3382 7ff75916d2d2-7ff75916d2e2 3380->3382 3383 7ff75916d2cf 3380->3383 3385 7ff75916d2f4-7ff75916d2fb 3382->3385 3386 7ff75916d2e4-7ff75916d2ee call 7ff7591edeb0 3382->3386 3383->3382 3385->3377 3385->3380 3386->3385 3386->3391 3394 7ff75916d4aa-7ff75916d4b2 3391->3394 3396 7ff75916d4e5-7ff75916d529 call 7ff7591a5fb0 3394->3396 3397 7ff75916d4b4-7ff75916d4c5 3394->3397 3400 7ff75916d4c7-7ff75916d4da 3397->3400 3401 7ff75916d4e0 call 7ff7591a5fd0 3397->3401 3400->3401 3404 7ff75916d64f-7ff75916d654 call 7ff759183bc4 3400->3404 3401->3396 3411 7ff75916d655-7ff75916d65a call 7ff759183bc4 3404->3411 3412 7ff75916d411-7ff75916d43e htons 3410->3412 3413 7ff75916d4a2 WSACleanup 3410->3413 3415 7ff75916d54d-7ff75916d57e call 7ff75916c490 call 7ff759132500 3412->3415 3416 7ff75916d444-7ff75916d454 call 7ff75917b6e0 3412->3416 3413->3391 3430 7ff75916d5b6-7ff75916d5d3 call 7ff75916c490 3415->3430 3431 7ff75916d580-7ff75916d596 3415->3431 3422 7ff75916d459-7ff75916d486 inet_pton connect 3416->3422 3423 7ff75916d456 3416->3423 3425 7ff75916d48c-7ff75916d493 3422->3425 3426 7ff75916d52a-7ff75916d534 3422->3426 3423->3422 3425->3416 3429 7ff75916d495-7ff75916d49c closesocket 3425->3429 3426->3415 3428 7ff75916d536-7ff75916d53f 3426->3428 3433 7ff75916d544-7ff75916d54c call 7ff759133970 3428->3433 3434 7ff75916d541 3428->3434 3429->3413 3438 7ff75916d5d8-7ff75916d5fc call 7ff759132500 3430->3438 3435 7ff75916d598-7ff75916d5ab 3431->3435 3436 7ff75916d5b1 call 7ff7591a5fd0 3431->3436 3433->3415 3434->3433 3435->3411 3435->3436 3436->3430 3443 7ff75916d5fe-7ff75916d614 3438->3443 3444 7ff75916d638-7ff75916d644 3438->3444 3445 7ff75916d62b-7ff75916d630 call 7ff7591a5fd0 3443->3445 3446 7ff75916d616-7ff75916d629 3443->3446 3444->3394 3445->3444 3446->3445 3447 7ff75916d649-7ff75916d64e call 7ff759183bc4 3446->3447 3447->3404
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                  • String ID: ><>$geo$system
                                                                  • API String ID: 2440148987-2232953017
                                                                  • Opcode ID: d4dff7520a3afc50201f499a3a0ed83a1c9e52c987558fa1ea5baea3b14e913a
                                                                  • Instruction ID: afba9c7b0547bf5f5520058ad97e89564cbac9355d904cbbb47517f0497a4384
                                                                  • Opcode Fuzzy Hash: d4dff7520a3afc50201f499a3a0ed83a1c9e52c987558fa1ea5baea3b14e913a
                                                                  • Instruction Fuzzy Hash: 1CC19362F09B9295FB00EF64E4402ACB372EB44798F895236DA5C1BAD9DF7CE546C310
                                                                  Function 00007FF75916C1B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 3452 7ff75916c1b0-7ff75916c1eb call 7ff75916bf30 3455 7ff75916c1ed-7ff75916c1fc EnterCriticalSection 3452->3455 3456 7ff75916c22c 3452->3456 3457 7ff75916c1fe-7ff75916c220 GdiplusStartup 3455->3457 3458 7ff75916c250-7ff75916c26a LeaveCriticalSection GdipGetImageEncodersSize 3455->3458 3459 7ff75916c231-7ff75916c24f call 7ff7591a5fb0 3456->3459 3457->3458 3460 7ff75916c222-7ff75916c226 LeaveCriticalSection 3457->3460 3458->3456 3462 7ff75916c26c-7ff75916c27f 3458->3462 3460->3456 3464 7ff75916c2bb-7ff75916c2c9 call 7ff75918ac44 3462->3464 3465 7ff75916c281-7ff75916c28a call 7ff75916bcc0 3462->3465 3470 7ff75916c2cb-7ff75916c2ce 3464->3470 3471 7ff75916c2d0-7ff75916c2da 3464->3471 3472 7ff75916c28c-7ff75916c296 3465->3472 3473 7ff75916c2b8 3465->3473 3476 7ff75916c2de 3470->3476 3471->3476 3474 7ff75916c298 3472->3474 3475 7ff75916c2a2-7ff75916c2b6 call 7ff7591a6c70 3472->3475 3473->3464 3474->3475 3478 7ff75916c2e1-7ff75916c2e4 3475->3478 3476->3478 3480 7ff75916c2e6-7ff75916c2eb 3478->3480 3481 7ff75916c2f0-7ff75916c2fe GdipGetImageEncoders 3478->3481 3482 7ff75916c45e-7ff75916c461 3480->3482 3483 7ff75916c449-7ff75916c44e 3481->3483 3484 7ff75916c304-7ff75916c30d 3481->3484 3485 7ff75916c463-7ff75916c467 3482->3485 3486 7ff75916c484-7ff75916c486 3482->3486 3483->3482 3487 7ff75916c33f 3484->3487 3488 7ff75916c30f-7ff75916c31d 3484->3488 3490 7ff75916c470-7ff75916c482 call 7ff759182f90 3485->3490 3486->3459 3491 7ff75916c346-7ff75916c356 3487->3491 3489 7ff75916c320-7ff75916c32b 3488->3489 3492 7ff75916c32d-7ff75916c332 3489->3492 3493 7ff75916c338-7ff75916c33d 3489->3493 3490->3486 3495 7ff75916c358-7ff75916c369 3491->3495 3496 7ff75916c36f-7ff75916c38b 3491->3496 3492->3493 3497 7ff75916c3ed-7ff75916c3f1 3492->3497 3493->3487 3493->3489 3495->3483 3495->3496 3499 7ff75916c38d-7ff75916c3e6 GdipCreateBitmapFromScan0 GdipSaveImageToStream 3496->3499 3500 7ff75916c3f8-7ff75916c437 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 3496->3500 3497->3491 3501 7ff75916c3e8-7ff75916c3eb 3499->3501 3502 7ff75916c3f6 3499->3502 3503 7ff75916c439 3500->3503 3504 7ff75916c450-7ff75916c45d GdipDisposeImage 3500->3504 3505 7ff75916c43c-7ff75916c443 GdipDisposeImage 3501->3505 3502->3504 3503->3505 3504->3482 3505->3483
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                  • String ID: &
                                                                  • API String ID: 1703174404-3042966939
                                                                  • Opcode ID: ee4d62d479441ac8687bbf56f85e9b5e7d012d309e883670cf16dba04190e65e
                                                                  • Instruction ID: a60f1cc36c6eb1e6f19c0ae99dfa16a59f83b45dd982705402c657d48a121b6e
                                                                  • Opcode Fuzzy Hash: ee4d62d479441ac8687bbf56f85e9b5e7d012d309e883670cf16dba04190e65e
                                                                  • Instruction Fuzzy Hash: E191A232A04B9289EB10EF61E8405B8B7B4FB58798F898136DA4D47B94DF3CE585C390
                                                                  Function 00007FF759177AD0 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                  • String ID:
                                                                  • API String ID: 3299295986-0
                                                                  • Opcode ID: ac7f17f62b0b4b4372e261901ae0ae280e2f32aacd8c1b6a651c7a63f9ba0fb0
                                                                  • Instruction ID: f7030cc40a10260e1eb6d4b0884bc5b1dcf04878d253c8edbcf2b4db34346f86
                                                                  • Opcode Fuzzy Hash: ac7f17f62b0b4b4372e261901ae0ae280e2f32aacd8c1b6a651c7a63f9ba0fb0
                                                                  • Instruction Fuzzy Hash: 7A515032B08A528AFB54DFA0E4545ADB3B1FB48748F98453ADE0D67B94DF38E806C750
                                                                  Function 00007FF759123A40 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 220COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                  • API String ID: 3668304517-3429737954
                                                                  • Opcode ID: abf46c4bcc37c826b541a3eec46f1496ce407cd581ecc481a2a2dbd3f5772e1c
                                                                  • Instruction ID: 3c8b188fe0230c81f37b398766d85e5fdd79e9075a04270d585d785e5df206e4
                                                                  • Opcode Fuzzy Hash: abf46c4bcc37c826b541a3eec46f1496ce407cd581ecc481a2a2dbd3f5772e1c
                                                                  • Instruction Fuzzy Hash: ADA1BF62F08B95C9FF01EF75E0403EC63B1EB49B48F885225EA5D22A99EF39D190C354
                                                                  Function 00007FF7591B83D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53librarymemoryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: AddressAlloc2CurrentInfoLibraryLoadProcProcessSystemVirtual
                                                                  • String ID: VirtualAlloc2$kernelbase.dll
                                                                  • API String ID: 3240720159-1188699709
                                                                  • Opcode ID: 938162ec5529eeba8205653a98cfbd1f6f15b8febfdf609c6d8605836a059b36
                                                                  • Instruction ID: 1f4598d8485df47e9739b45134a2f02f07efe5b2bb2fd12610a1e9d840266f64
                                                                  • Opcode Fuzzy Hash: 938162ec5529eeba8205653a98cfbd1f6f15b8febfdf609c6d8605836a059b36
                                                                  • Instruction Fuzzy Hash: B4212736A09B8182EB10CF11F444369B7B0FB88B90F98422AEB8D03B64DF7CD595CB00
                                                                  Function 00007FF759196860 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 5f0b478f29d8ffc612cbfcf804fef0a23c1ee2bddfe9812612c20999c88c8e7a
                                                                  • Instruction ID: b3789d1f4da12e3fc25af97de22420da8d990a610daa399c136671f741f1cd3e
                                                                  • Opcode Fuzzy Hash: 5f0b478f29d8ffc612cbfcf804fef0a23c1ee2bddfe9812612c20999c88c8e7a
                                                                  • Instruction Fuzzy Hash: 03C1A122A08B9681EE607F15A4402BDFAB2FB81BC0F9D4131EA5E03795DF7DE8558371
                                                                  Function 00007FF75916DD50 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 371networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturnsend
                                                                  • String ID: exists$ios_base::badbit set
                                                                  • API String ID: 1659112300-2074760687
                                                                  • Opcode ID: 6c36c8f859000d88029b81b96894c101117fa5a7005d8a2cf2a454c639a71651
                                                                  • Instruction ID: c2ddb73951755757f46f328b022c47f01babeed6cb6b374ef87803d07f5ea570
                                                                  • Opcode Fuzzy Hash: 6c36c8f859000d88029b81b96894c101117fa5a7005d8a2cf2a454c639a71651
                                                                  • Instruction Fuzzy Hash: 9D024E72A196D291EE60EF14F4843EAE370FB85784F844232DA8D53AA9DF3CD545CB50
                                                                  Function 00007FF75916C010 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                  • String ID:
                                                                  • API String ID: 4268643673-0
                                                                  • Opcode ID: 553be29db5892d5f49380c82de3d8774b7a2741da7bcb8a2912f674bad50868d
                                                                  • Instruction ID: e996ba33fe0dec067fe383f2974bcf88f7f9c928fccd305e3fadbd526c660231
                                                                  • Opcode Fuzzy Hash: 553be29db5892d5f49380c82de3d8774b7a2741da7bcb8a2912f674bad50868d
                                                                  • Instruction Fuzzy Hash: 1A113D32916B5181EB50AF65E850029B378FB48F64B984236D65D076A4CF38D997C750
                                                                  Function 00007FF75916E236 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 136networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF75916E357
                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF75916E35D
                                                                    • Part of subcall function 00007FF7591A85D8: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,-728320C5349B87FA,00007FF7591DC402), ref: 00007FF7591A8628
                                                                    • Part of subcall function 00007FF7591A85D8: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,-728320C5349B87FA,00007FF7591DC402), ref: 00007FF7591A8669
                                                                  • send.WS2_32 ref: 00007FF75916E488
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ExceptionFileHeaderRaisesend
                                                                  • String ID: exists$ios_base::badbit set
                                                                  • API String ID: 2551022557-2074760687
                                                                  • Opcode ID: c2ed9d43995441ba27536c602e0a3a90baa6752a13320ebdcca74d58982504d5
                                                                  • Instruction ID: f00c993c028051417984177bb8d350ad2d06aeb396128e061ab25bf8e55cb40f
                                                                  • Opcode Fuzzy Hash: c2ed9d43995441ba27536c602e0a3a90baa6752a13320ebdcca74d58982504d5
                                                                  • Instruction Fuzzy Hash: 07513E72A19AC291EE20EF15F4842EAF3B1FB84794F885132DA4D43B99DF2CD545CB50
                                                                  Function 00007FF759174740 Relevance: 7.6, APIs: 5, Instructions: 104registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: EnumOpen
                                                                  • String ID:
                                                                  • API String ID: 3231578192-0
                                                                  • Opcode ID: 1e9b86084d8bdee174a8be27c829b56ee5a173848a60e4e3bac61f26fc4f4335
                                                                  • Instruction ID: 2d851a6fc9321d36248d82b56162b711cd6122f5302f963970570fc43f7d0d8c
                                                                  • Opcode Fuzzy Hash: 1e9b86084d8bdee174a8be27c829b56ee5a173848a60e4e3bac61f26fc4f4335
                                                                  • Instruction Fuzzy Hash: 22419136A04B9286FB10AF61F8402AEB375FB4479CF641225EE5C13A94CF7CD596D700
                                                                  Function 00007FF7591ABFA0 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Process$MemoryRead$CurrentErrorLastQueryVirtual
                                                                  • String ID:
                                                                  • API String ID: 2584129402-0
                                                                  • Opcode ID: 79c4906e68a013e8855fbbcd168ab546a4d40a596eb9804f0652fb9c821ebf06
                                                                  • Instruction ID: 3c255a24dee30dae498c9bcc9c82101993eb29d44ba4cb6324b68e2d61f9a868
                                                                  • Opcode Fuzzy Hash: 79c4906e68a013e8855fbbcd168ab546a4d40a596eb9804f0652fb9c821ebf06
                                                                  • Instruction Fuzzy Hash: E6214F25A08B9582EE60AF22E90476AE3B8FB55FC0F8C4032DE5D47B55CF3CE9458794
                                                                  Function 00007FF75916D660 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: exists$ios_base::badbit set
                                                                  • API String ID: 3668304517-2074760687
                                                                  • Opcode ID: 41b82dd2b689f8583e17054bfdf6b135f84e963cbfde7bcdaff525c02ecf0b66
                                                                  • Instruction ID: 2e28f93776d4768c03abc2b0d58a74bd7b61ef710d2b9d463e15b8cb3c3e0dad
                                                                  • Opcode Fuzzy Hash: 41b82dd2b689f8583e17054bfdf6b135f84e963cbfde7bcdaff525c02ecf0b66
                                                                  • Instruction Fuzzy Hash: 2AF12872A1DAD691EE60EF14F4843EAA371FB85784F844232DA8D42AA9DF3CD505CB50
                                                                  Function 00007FF7591B07D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 199COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: -> $]:
                                                                  • API String ID: 3668304517-2558318465
                                                                  • Opcode ID: 644e26a75d1a01a509a3dc31230f03793f7bae3800d2eec28f08da11f10119bf
                                                                  • Instruction ID: 34de1a21e3ccb0780c29263ed09a0dbd693caee96a06bb048823b5dd6575ad08
                                                                  • Opcode Fuzzy Hash: 644e26a75d1a01a509a3dc31230f03793f7bae3800d2eec28f08da11f10119bf
                                                                  • Instruction Fuzzy Hash: F191B272614B9585EF10EF39E4903ADB772EB85B94F889132EA0E077A9CF38D441C390
                                                                  Function 00007FF75916A6D0 Relevance: 6.3, APIs: 4, Instructions: 284COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 3936042273-0
                                                                  • Opcode ID: cd467df561d73d2d9cd7e4891e485177b125e069401d81a8920392dce6881d70
                                                                  • Instruction ID: 55dbad8c67293cd7afb90d655fba606568833b82bae34b11de69e1581cda70a8
                                                                  • Opcode Fuzzy Hash: cd467df561d73d2d9cd7e4891e485177b125e069401d81a8920392dce6881d70
                                                                  • Instruction Fuzzy Hash: EFB19262A18B9585EF10AF25E4403ADA375FB847A4F984231EAAC07BD9DF3CD545C710
                                                                  Function 00007FF759137F00 Relevance: 6.2, APIs: 4, Instructions: 192COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: 9d1a35e1284dd0ede8f9f2931e4e084eecdb9e54a8de56f8ee8e1b43c527c036
                                                                  • Instruction ID: 26a8ecb0fafd6e43d883f88bf4ed7a190803f1aa11d5782dcfb033108302e971
                                                                  • Opcode Fuzzy Hash: 9d1a35e1284dd0ede8f9f2931e4e084eecdb9e54a8de56f8ee8e1b43c527c036
                                                                  • Instruction Fuzzy Hash: B251A362B09B6A95FE25BF11B5003B9E275AB04BE4F9C0631DA6D077D5DF3CE5828310
                                                                  Function 00007FF75916CDE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                  • String ID:
                                                                  • API String ID: 215268677-0
                                                                  • Opcode ID: 0133e95664c9947a1615fea2e98d0114d1399641e70fc236894421ad937b8905
                                                                  • Instruction ID: 6e982244075e3ef64b1d541c9f1166c5262264f64f2511f96aadc14fcaae69f5
                                                                  • Opcode Fuzzy Hash: 0133e95664c9947a1615fea2e98d0114d1399641e70fc236894421ad937b8905
                                                                  • Instruction Fuzzy Hash: 5C112C32A19B8182EB50AF11F44031AB6B5FB88B80F995136EB8D47B68CF3CD415CB50
                                                                  Function 00007FF759131CE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-3916222277
                                                                  • Opcode ID: 7cdde82261053f353be9a4dea2225443be9669019ebd1b596cf1781a00150bc6
                                                                  • Instruction ID: 4a5fe8e73e8a69af68307b19b0b7a40f9d588dc2cecacf823ed32ffabf284515
                                                                  • Opcode Fuzzy Hash: 7cdde82261053f353be9a4dea2225443be9669019ebd1b596cf1781a00150bc6
                                                                  • Instruction Fuzzy Hash: A5515C72B08B5996EF159F2AE25426CB3B0FB48B94F984531DB5D43BA0CF39E461C310
                                                                  Function 00007FF7591B96C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID: nop
                                                                  • API String ID: 73155330-258488684
                                                                  • Opcode ID: 963a0ee2195fdb65848c24764c6cbeae62cb47b9b1e34926af7401fb864fe669
                                                                  • Instruction ID: ce1ef5dae87d58e751d29f723ccc4334a09bbd7616cb46b3281b5e223d65c6c9
                                                                  • Opcode Fuzzy Hash: 963a0ee2195fdb65848c24764c6cbeae62cb47b9b1e34926af7401fb864fe669
                                                                  • Instruction Fuzzy Hash: D6318122B0979551EE10EF15F04427DA2B6EB44BE8F980631DA6E07BC9DF3CE8528750
                                                                  Function 00007FF759173AC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                  • API String ID: 3702945584-1787575317
                                                                  • Opcode ID: 10f3d5730bacd1f619464e985ebce9310f6794da947c255d442cd5462389d98d
                                                                  • Instruction ID: b0c766e4be84dc7334ed8b4c74f61548f79fb3e7a90c333d2a63895bf9b556a3
                                                                  • Opcode Fuzzy Hash: 10f3d5730bacd1f619464e985ebce9310f6794da947c255d442cd5462389d98d
                                                                  • Instruction Fuzzy Hash: 86116A32608B8182EB209F21F4403AAF3B4FB99788F944226EA8C07B59CF7CD555CB50
                                                                  Function 00007FF7591209E0 Relevance: 4.7, APIs: 3, Instructions: 175COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: __std_fs_directory_iterator_open
                                                                  • String ID:
                                                                  • API String ID: 4007087469-0
                                                                  • Opcode ID: d4662e6dd28ab28fd1f8b0485095b868be17f9ef920e149e56f9fc8bc94bc2f5
                                                                  • Instruction ID: 98a6644d8a69c9f913819196f3d4d4b3561c97b5cedb6542e2d507e4cd6651e0
                                                                  • Opcode Fuzzy Hash: d4662e6dd28ab28fd1f8b0485095b868be17f9ef920e149e56f9fc8bc94bc2f5
                                                                  • Instruction Fuzzy Hash: 8361A362F18652C5FF20BF76E4802ECA3B1AB44798F884631EE2E576D5DF79D8818250
                                                                  Function 00007FF75916C490 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: FolderFreeKnownPathTask_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 2444108017-0
                                                                  • Opcode ID: 03c1d143ae1f016aa85a2c83c3734ac7a5810ffa36d58497f4a98336168588a3
                                                                  • Instruction ID: 82b2e410955d0878e8ff2d154745244d3c6656767dd36942cb5a2a61a33a0a3d
                                                                  • Opcode Fuzzy Hash: 03c1d143ae1f016aa85a2c83c3734ac7a5810ffa36d58497f4a98336168588a3
                                                                  • Instruction Fuzzy Hash: F2317572E18B8181EA209F25F44026AF771FB997A4F945325FAAC03AD5DF7CD581CB40
                                                                  Function 00007FF759172F20 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Info$User
                                                                  • String ID:
                                                                  • API String ID: 2017065092-0
                                                                  • Opcode ID: b00e7e739e986762500807f8f5e04299a991fb73d47a4efbdb72625afb2443ee
                                                                  • Instruction ID: 75afe0a642bed5fa44641b08d4c562c382f1a7bbabf538728a2a00a023d56249
                                                                  • Opcode Fuzzy Hash: b00e7e739e986762500807f8f5e04299a991fb73d47a4efbdb72625afb2443ee
                                                                  • Instruction Fuzzy Hash: 3411D032A18B8586EB10AF62F41071EB3B1FB84B84F485235EF8907B19CF3CE5908B44
                                                                  Function 00007FF7591742D0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentProfile
                                                                  • String ID: Unknown
                                                                  • API String ID: 2104809126-1654365787
                                                                  • Opcode ID: 5e6e3afab545b3bfb6ad890ca1e444ec1680c64d6d1187e3566ecc81084f52ea
                                                                  • Instruction ID: 4674f1b9495f5a8c7fd2c6b513c3c672b12fbda8a336a65735bca1c7b32a7db0
                                                                  • Opcode Fuzzy Hash: 5e6e3afab545b3bfb6ad890ca1e444ec1680c64d6d1187e3566ecc81084f52ea
                                                                  • Instruction Fuzzy Hash: DB31B223A2CBC186EB10DF20F5402AAA370FB99744F986225EBCD02A46DF7CD595CB10
                                                                  Function 00007FF75917A0B0 Relevance: 3.3, APIs: 2, Instructions: 319COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 739ae1418abeaeb35aef610425928764e44f1806fdf98d0e20ae2ed4f97bcd2f
                                                                  • Instruction ID: b3af42ca7783378333c8d0aa7968a3ea8be3333162ab7adbeff9694ac94fcd64
                                                                  • Opcode Fuzzy Hash: 739ae1418abeaeb35aef610425928764e44f1806fdf98d0e20ae2ed4f97bcd2f
                                                                  • Instruction Fuzzy Hash: D1D18E72A08B9585EB10EF25E4403ADB7B0FB89B98F988135EA4D07795DF3CD981C750
                                                                  Function 00007FF7591AFDF0 Relevance: 3.2, APIs: 2, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: 1b30117412136fdea639b524018df9740aa17bb1bcdf76a322087179e852827a
                                                                  • Instruction ID: e0b3650406c67659f5ab40a59ac9851e055dc26bd599a879588dabe0ceaeb05a
                                                                  • Opcode Fuzzy Hash: 1b30117412136fdea639b524018df9740aa17bb1bcdf76a322087179e852827a
                                                                  • Instruction Fuzzy Hash: 29919E22604A9585EF14AF39E0543ACB372EB45FE8F988131DA5D07B9ADF3CD8858390
                                                                  Function 00007FF7591812A0 Relevance: 3.2, APIs: 2, Instructions: 189COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: fd5a8501b7403251c438327642f0845c95d6bfc7be1a6731c41452bd74eeb8af
                                                                  • Instruction ID: 51bfb5de325cc0a44e02260bb76b35a632be22a21acb5004357d079656e6fd19
                                                                  • Opcode Fuzzy Hash: fd5a8501b7403251c438327642f0845c95d6bfc7be1a6731c41452bd74eeb8af
                                                                  • Instruction Fuzzy Hash: 3B619B63B08A6184FE15AE15E24427CE3B1AB01F98F984531DE2D077D5DF3CD846E321
                                                                  Function 00007FF75913CA21 Relevance: 3.2, APIs: 2, Instructions: 173COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: 02357016d991b0669041614c2d6bbfd984dfc9099769fb7f6b763608a691d25f
                                                                  • Instruction ID: 8cb720d23ee7b8bb03cddbd2e1d96a47917df09a2a89c96503f1482482714067
                                                                  • Opcode Fuzzy Hash: 02357016d991b0669041614c2d6bbfd984dfc9099769fb7f6b763608a691d25f
                                                                  • Instruction Fuzzy Hash: 3351B062708BA981ED10EF16B40417AE674FB44BE4FA88A35DEAD177D5DF3CE0928310
                                                                  Function 00007FF759169B7D Relevance: 3.2, APIs: 2, Instructions: 173synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44A9
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44AF
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44B5
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44BB
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44C1
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44C7
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44CD
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44D3
                                                                    • Part of subcall function 00007FF7591B3180: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7591B44D9
                                                                    • Part of subcall function 00007FF75918AC90: GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF75918ACA4
                                                                  • ReleaseMutex.KERNEL32 ref: 00007FF759169DBF
                                                                  • CloseHandle.KERNEL32 ref: 00007FF759169DC8
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Time$CloseFileHandleMutexReleaseSystem
                                                                  • String ID:
                                                                  • API String ID: 1720901652-0
                                                                  • Opcode ID: 34dfd2351be6bedefa9dcd40e7fa1164d23ea18b5c10a7cff022a9e981694011
                                                                  • Instruction ID: f8a8fe7931e827c2d48af5dbc7882319d4f221f9fa12e4518814bc7bb0ff8d1c
                                                                  • Opcode Fuzzy Hash: 34dfd2351be6bedefa9dcd40e7fa1164d23ea18b5c10a7cff022a9e981694011
                                                                  • Instruction Fuzzy Hash: 3081EF21A1D996A1EE20FF61F4512FAD336FFD1340FC85432E18E469AA9F2CE945C760
                                                                  Function 00007FF75917D240 Relevance: 3.2, APIs: 2, Instructions: 157COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: 519950041a37785aba7c92ea2ad4af4fbc7927a04b6b4d80e236ed0b3d606ec2
                                                                  • Instruction ID: ffc04d98975f8fc47f79bf0db26212ce623deac42cd0e2644f9878bd6d0cbc27
                                                                  • Opcode Fuzzy Hash: 519950041a37785aba7c92ea2ad4af4fbc7927a04b6b4d80e236ed0b3d606ec2
                                                                  • Instruction Fuzzy Hash: 4951D166B08B9692EE11AF21E1442ADA370FB14BC4F984635DF6C07792CF38F995D360
                                                                  Function 00007FF75915C9E0 Relevance: 3.1, APIs: 2, Instructions: 136COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: a4f9ad9fb281da46122b0398a0786db245a8c18b24bfbe1e926cb6c9c603b537
                                                                  • Instruction ID: 3f377f7587adaef9e0d043b9e17883e4cd94c043337ff9a1866cd5c2bbdd1c5b
                                                                  • Opcode Fuzzy Hash: a4f9ad9fb281da46122b0398a0786db245a8c18b24bfbe1e926cb6c9c603b537
                                                                  • Instruction Fuzzy Hash: F351DEA270AB9192EE10EF25E0442ADA371FB08BD8F994632EEAD07785DF3CD545C350
                                                                  Function 00007FF759138820 Relevance: 3.1, APIs: 2, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: 0625e2a57b2940f18aecb30958d785381e2e5ab939295e65a8d30287c75f6061
                                                                  • Instruction ID: 0819d76b08ed80b310b847eadc5e153407928b8cf8629b3fc4204746e5f81192
                                                                  • Opcode Fuzzy Hash: 0625e2a57b2940f18aecb30958d785381e2e5ab939295e65a8d30287c75f6061
                                                                  • Instruction Fuzzy Hash: 4441AE62B08BA685EE10AF12B4042ADA771FB49BD4F980675DFAD0B7C5DF3CE4418350
                                                                  Function 00007FF7591738E0 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: InformationVolume_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 4269842375-0
                                                                  • Opcode ID: daf7d35b7e190df96b7e5e99b91db70cc726afa20a62cf2b8c819ebe6e2caca5
                                                                  • Instruction ID: 9d31db219c89e21995c2bba37c058af19ed926cbecf26a4934d9ec7fcdc64a03
                                                                  • Opcode Fuzzy Hash: daf7d35b7e190df96b7e5e99b91db70cc726afa20a62cf2b8c819ebe6e2caca5
                                                                  • Instruction Fuzzy Hash: EC51AF33E18B9189EB10DF68E4403ADB3B4FB89788F944221EB8C53A99DF78D585C750
                                                                  Function 00007FF7591389D0 Relevance: 3.1, APIs: 2, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: f2f6d2dee27b991e442a951bfe8c8af2a4e38b6cfd175bab8ff4242bc59d175e
                                                                  • Instruction ID: bd8a2294326bf76dbfcbeb571b94de86eeceabf68cae42399544d5c5d7ef4484
                                                                  • Opcode Fuzzy Hash: f2f6d2dee27b991e442a951bfe8c8af2a4e38b6cfd175bab8ff4242bc59d175e
                                                                  • Instruction Fuzzy Hash: 2F41D3A2B0976685FE11BF16B4043A9E271AB04BD4F9C4631DE6D0B7C9DF3CE5418320
                                                                  Function 00007FF7591386B0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: b25afc3407e316d0a1ac23ada3eac79bbc304c6b9082724a0b3c479f452ea344
                                                                  • Instruction ID: d9b3338124868f5cbcd892a8aab2e2154f6e0525f00f3943a2f1a9f69503623f
                                                                  • Opcode Fuzzy Hash: b25afc3407e316d0a1ac23ada3eac79bbc304c6b9082724a0b3c479f452ea344
                                                                  • Instruction Fuzzy Hash: CC31BF62B097A695EE10AF16B544369E276AB04BD4F9C0631DE6D0BBC5DF3CE041C360
                                                                  Function 00007FF7591327F0 Relevance: 3.1, APIs: 2, Instructions: 93COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 2371198981-0
                                                                  • Opcode ID: a2a7ade0f6edcc97cde3f6362f44c01b02e4d2e372d71427fb8b2e04ca0224a3
                                                                  • Instruction ID: 959c478aceb76c0fb612c4c3fbd1d5912a813b6e9bb916e72bd5b0f2f731daec
                                                                  • Opcode Fuzzy Hash: a2a7ade0f6edcc97cde3f6362f44c01b02e4d2e372d71427fb8b2e04ca0224a3
                                                                  • Instruction Fuzzy Hash: B921B162E09B6641EE19BF15B100378A2B0AB54BA4F684B31DA7C07BD5EF38D5D29350
                                                                  Function 00007FF7591825CC Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 4db28ec5cc50d85a6b518035f2d6b552d0c87938a9db18554e7d210b234c6b03
                                                                  • Instruction ID: 469632a6bf50c8eec70ba7b7fc1872df6fcf23815ffe18be9aa58b5be5a8fb26
                                                                  • Opcode Fuzzy Hash: 4db28ec5cc50d85a6b518035f2d6b552d0c87938a9db18554e7d210b234c6b03
                                                                  • Instruction Fuzzy Hash: 6B318D62A18A5282FE51FF14F4501B9E371AB95B90FEC0931E90E4B3D1EF3CE0059321
                                                                  Function 00007FF759169DAD Relevance: 3.1, APIs: 2, Instructions: 71synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandleMutexRelease
                                                                  • String ID:
                                                                  • API String ID: 4207627910-0
                                                                  • Opcode ID: aa5fa85fa8e728178b044d037fe6a01179fd1bc850dc1ee6fe869c6e3a1823c8
                                                                  • Instruction ID: ae393466aa0226915f4d0c061f6ac2a3bdc0bf97f2b55c5504f96e2e49b5f608
                                                                  • Opcode Fuzzy Hash: aa5fa85fa8e728178b044d037fe6a01179fd1bc850dc1ee6fe869c6e3a1823c8
                                                                  • Instruction Fuzzy Hash: 07310B22A1D5D551EE30BF64F5513F9D222AFC1390FC91631E69E82AEADF2CE9848710
                                                                  Function 00007FF75916AB30 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID:
                                                                  • API String ID: 47109696-0
                                                                  • Opcode ID: 0ffc730ecf2342cc06a5aca2ef89bfa28c2d566f0630244351f65dc329e80760
                                                                  • Instruction ID: 484083defd240672c3fe23d5ca4616b2f4cb08b697449f221758d732912b7c4e
                                                                  • Opcode Fuzzy Hash: 0ffc730ecf2342cc06a5aca2ef89bfa28c2d566f0630244351f65dc329e80760
                                                                  • Instruction Fuzzy Hash: 70219E22B19A9145FE90AF21F8402BAE375EF99BD4F9C5131EA4D43B99DF2CD481C710
                                                                  Function 00007FF759196DD0 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF759196DBC,?,?,?,?,00000000,00007FF759196EC5), ref: 00007FF759196E1C
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00007FF759196DBC,?,?,?,?,00000000,00007FF759196EC5), ref: 00007FF759196E26
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastPointer
                                                                  • String ID:
                                                                  • API String ID: 2976181284-0
                                                                  • Opcode ID: fa5c7f9d9058102a339b1f8801f6c71374a1739474c7be3f72ee9b3e1220e4dc
                                                                  • Instruction ID: 2d37193e6d2018f12cfe7a46df5021f8b7e75e37a69a12da23c20fe1865f34f6
                                                                  • Opcode Fuzzy Hash: fa5c7f9d9058102a339b1f8801f6c71374a1739474c7be3f72ee9b3e1220e4dc
                                                                  • Instruction Fuzzy Hash: 31119D62A18B9181EE50AF25F504069E672AB85BF4F984331EA7D077E9CF3CE4118750
                                                                  Function 00007FF7591A5FD8 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                  • String ID:
                                                                  • API String ID: 1173176844-0
                                                                  • Opcode ID: 700c0b634ef59ceaedef228731b8f5f3f8ef2add7014226fde75a431e4dcd748
                                                                  • Instruction ID: 997fbd8b8f1442bbed8f32fe89e3b440af0fd5fc5b712e32770c1f9e2c0f4494
                                                                  • Opcode Fuzzy Hash: 700c0b634ef59ceaedef228731b8f5f3f8ef2add7014226fde75a431e4dcd748
                                                                  • Instruction Fuzzy Hash: E8E0EC41E0D22746FD283D713A0607980640F197B0E9C1B30ED7D046C7EF2CA89551F4
                                                                  Function 00007FF7591947C0 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlFreeHeap.NTDLL(?,?,FFFFFFFFF0B8480A,00007FF75919F1B2,?,?,?,00007FF75919F52F,?,?,00000000,00007FF75919D281,?,?,00007FF7591A366E,00007FF75919D1B3), ref: 00007FF7591947D6
                                                                  • GetLastError.KERNEL32(?,?,FFFFFFFFF0B8480A,00007FF75919F1B2,?,?,?,00007FF75919F52F,?,?,00000000,00007FF75919D281,?,?,00007FF7591A366E,00007FF75919D1B3), ref: 00007FF7591947E0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFreeHeapLast
                                                                  • String ID:
                                                                  • API String ID: 485612231-0
                                                                  • Opcode ID: abaf095cda3fb664b3aa4b8c8c2c8800b2f27dab971ce25a3c5a706c4b96f9de
                                                                  • Instruction ID: 25d00dd831b5992d4fbdc479a71d3b7b7e8b430e6d15f935b54e09b0f72b24f0
                                                                  • Opcode Fuzzy Hash: abaf095cda3fb664b3aa4b8c8c2c8800b2f27dab971ce25a3c5a706c4b96f9de
                                                                  • Instruction Fuzzy Hash: 3EE08C11F1921282FF487FF26884035E2B26F88740FCC4874C91D82292EF2CA8424A70
                                                                  Function 00007FF759144090 Relevance: 1.7, APIs: 1, Instructions: 234COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: fd8e0c4108cd1e3927597f560e951c282dd2146de47eb043a29a3e71d64c0dfa
                                                                  • Instruction ID: fdd6150a83b53a2bfebe417df1b33ecb0e343abe8eddfffdb79a6ee3a83122bd
                                                                  • Opcode Fuzzy Hash: fd8e0c4108cd1e3927597f560e951c282dd2146de47eb043a29a3e71d64c0dfa
                                                                  • Instruction Fuzzy Hash: DBB16F73B04A518AEF209F25E0902ACB3B0FB58B58F885632EA5D47B98EF38D555D710
                                                                  Function 00007FF75917B4F0 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: 51208261318c62c483e9bcd2ad2d630718f50dac3a32fa5733b3a02c9623a713
                                                                  • Instruction ID: 700b2119f0a79b35a9e58f4bd1397ffc27322e015d14100f787f9d1a9dd241ac
                                                                  • Opcode Fuzzy Hash: 51208261318c62c483e9bcd2ad2d630718f50dac3a32fa5733b3a02c9623a713
                                                                  • Instruction Fuzzy Hash: 4351E612F08B928AFF119F78E5403BCB375AF54758F885220DF4D26A96DF38E9918354
                                                                  Function 00007FF759194CC0 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: d288ce3a8f59af22e61a658f6af3622335df89bf5086d992f7d666a51fee3126
                                                                  • Instruction ID: 5598b2de0adfc9843ea8d68eaacc9a6283afc6215ac09b6a53ebcd77c32d9c06
                                                                  • Opcode Fuzzy Hash: d288ce3a8f59af22e61a658f6af3622335df89bf5086d992f7d666a51fee3126
                                                                  • Instruction Fuzzy Hash: 3841B4329196224BEE74AF19F540279F3B2EB56B94F982530E69E476D0CF2CE402C761
                                                                  Function 00007FF759173610 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: 86d41cfbe56906a9cd3cde00b6a43299cd1d66e4e06397e6a9af144c57895a4b
                                                                  • Instruction ID: 8c94c61d0906d2cd6364f5f8a4f39d0c4afebf76e3b861586714573df1a469d2
                                                                  • Opcode Fuzzy Hash: 86d41cfbe56906a9cd3cde00b6a43299cd1d66e4e06397e6a9af144c57895a4b
                                                                  • Instruction Fuzzy Hash: AF414932B15B489EEB009FB9E4403AC73B5E74C79CF444625EE9C66B89EF34916483A4
                                                                  Function 00007FF759196740 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: d6a424a1862e252f104d98a22ed7854e0b12ee2544baf2a2213fde03138f9aae
                                                                  • Instruction ID: 127f43054417b1b0a84e2cce601c3b7244b302c155f893f6f578474c9587b110
                                                                  • Opcode Fuzzy Hash: d6a424a1862e252f104d98a22ed7854e0b12ee2544baf2a2213fde03138f9aae
                                                                  • Instruction Fuzzy Hash: 7A31AC22E1862286FB557F15A84137DEAB1AF40BA4F890535EA2D037D2DF7CE4428731
                                                                  Function 00007FF759131EE0 Relevance: 1.6, APIs: 1, Instructions: 77COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: e01a55cb725a310083d2f595ddc2a94c0a647fb3d167e5d0746f9d0ff0537399
                                                                  • Instruction ID: d20cd01ffa9618376bbc27e796ba77113930128daafa00f62e9ee1b8322b08d2
                                                                  • Opcode Fuzzy Hash: e01a55cb725a310083d2f595ddc2a94c0a647fb3d167e5d0746f9d0ff0537399
                                                                  • Instruction Fuzzy Hash: 59311676609B4982EF159F69E05026CB3B9FB48F98B988432DE0D07768DF3CE845C350
                                                                  Function 00007FF7591CCCA0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DeleteCriticalSection.KERNEL32(?,00000000,00007FF7591C323C), ref: 00007FF7591CCD8C
                                                                    • Part of subcall function 00007FF7591CC560: UnmapViewOfFile.KERNEL32 ref: 00007FF7591CC570
                                                                    • Part of subcall function 00007FF7591CC560: UnmapViewOfFile.KERNEL32 ref: 00007FF7591CC581
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: FileUnmapView$CriticalDeleteSection
                                                                  • String ID:
                                                                  • API String ID: 1429322562-0
                                                                  • Opcode ID: 4c0bf50b2a727a2101c6b768742399a8d0290827343191bf247b63edcd83cbbf
                                                                  • Instruction ID: b725cb48fb7b46d95d518c6a2083024abb7d17af429ba9ba311a851efd6667da
                                                                  • Opcode Fuzzy Hash: 4c0bf50b2a727a2101c6b768742399a8d0290827343191bf247b63edcd83cbbf
                                                                  • Instruction Fuzzy Hash: E7312936A18B6186EB10EF22F54006AB7B4FB48B98F881435DF8D07B59DF38E865C754
                                                                  Function 00007FF7591E1B08 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 70bf896b561adad378154b5a9aa75eb806a5c363bda8e4fba91d540825785324
                                                                  • Instruction ID: 582c3d24d7e9d2f19d09b40b6b507f52bf71efc6e84eb0f635aeefbe59456fb5
                                                                  • Opcode Fuzzy Hash: 70bf896b561adad378154b5a9aa75eb806a5c363bda8e4fba91d540825785324
                                                                  • Instruction Fuzzy Hash: CE219532618A428BDF61AF18F540379BAB1EB84B54F984238EB5D4B6D5EF3CD4058B10
                                                                  Function 00007FF7591DFCD4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 61b874b2431c390e4c3ce94b2b4c494386b5c7e2e88d760d95cc96ba2d081e1a
                                                                  • Instruction ID: a3f3ac87a1e1902af91fb0f9adf52a7d0bcaa6b5a72a6ea6e6b8c96073a937c3
                                                                  • Opcode Fuzzy Hash: 61b874b2431c390e4c3ce94b2b4c494386b5c7e2e88d760d95cc96ba2d081e1a
                                                                  • Instruction Fuzzy Hash: C7115E22A2C76181FEA0BF51B40057AE2B0AF85B84F8C4431EE5D47B86DF3CE6519761
                                                                  Function 00007FF759131830 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: b2df9d5378af7644bf44556ef3f368e970deba10919b859e3595f3679306f833
                                                                  • Instruction ID: 9053768d5d3e734afd2596fcbdb416439387145dee60ad22e8e876a554c343b4
                                                                  • Opcode Fuzzy Hash: b2df9d5378af7644bf44556ef3f368e970deba10919b859e3595f3679306f833
                                                                  • Instruction Fuzzy Hash: 57F0A7A2B16B8988EF08AE75E45437CA2B59B08F84F984430CA0C46345EF2CC4918310
                                                                  Function 00007FF759128323 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: 023abc5ec8dec306f4c56b2b1cb79829ee1d5b09c77f80c48eebe4a5235393d5
                                                                  • Instruction ID: 5291c7fcae3c8b2ee076740ddf9f3e86fe3fbda3826d641dd64379f8a842b2ca
                                                                  • Opcode Fuzzy Hash: 023abc5ec8dec306f4c56b2b1cb79829ee1d5b09c77f80c48eebe4a5235393d5
                                                                  • Instruction Fuzzy Hash: 7D01442660CA8180EE70EF52F4542AAE374FB88B94F884032CE8D43B59DF3DD8468B00
                                                                  Function 00007FF759142D68 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: 039b756a34462ec9c9354c6cef394967c077d061809f4352b933bc9947441af2
                                                                  • Instruction ID: 10067aa07ef12dc921fc595b5cb884e0251b17ad0d75bc66daa7334542c6a7d2
                                                                  • Opcode Fuzzy Hash: 039b756a34462ec9c9354c6cef394967c077d061809f4352b933bc9947441af2
                                                                  • Instruction Fuzzy Hash: FBF030A6F0469541FF19AE24E05436DA362DB14F89F984831D70C0EA8AEFBDD8C08291
                                                                  Function 00007FF759182CE4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: bfd1af2436c86cf97cc9b7188a38bc2e51aa77262de0214f2f9b059f75a9b1dc
                                                                  • Instruction ID: c2763d6b7e4b366dc68f51a215a900d7c81cd230bea4c7cfcef317bd0950748c
                                                                  • Opcode Fuzzy Hash: bfd1af2436c86cf97cc9b7188a38bc2e51aa77262de0214f2f9b059f75a9b1dc
                                                                  • Instruction Fuzzy Hash: A9E0ED31A09A1241FF263EA5B14013CF2B09F447F0F984B32EA3C0A2C6DF2C94906222
                                                                  Function 00007FF7591DB4F0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: 53218ea80e347e6865bdeee8b0f03a3a5d87b1e304366d91bc4bbfa512aed3a1
                                                                  • Instruction ID: 1936eb540439a0e4fc0ac5ba1329f467f9aecf3917844a400b034cd753e7519a
                                                                  • Opcode Fuzzy Hash: 53218ea80e347e6865bdeee8b0f03a3a5d87b1e304366d91bc4bbfa512aed3a1
                                                                  • Instruction Fuzzy Hash: 5BC04C15F59612C1FA943F726C8612191B46B58700FC84031C20980151DF5CA1974A21
                                                                  Function 00007FF7591DD0E4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: InfoNativeSystem
                                                                  • String ID:
                                                                  • API String ID: 1721193555-0
                                                                  • Opcode ID: 31ef5172387b0c087c3910bc7c9ebda6b906d006f82425aae53580b4b20e881b
                                                                  • Instruction ID: 75c4d6f8c5739e951e15733cf1a63e229a0d0c73545644a4b0f80e4b8982ed3a
                                                                  • Opcode Fuzzy Hash: 31ef5172387b0c087c3910bc7c9ebda6b906d006f82425aae53580b4b20e881b
                                                                  • Instruction Fuzzy Hash: C1B09226A188C0C3D611FF04E842029B331FB94B08FD00021E28D42628CF2CEA6A8F10
                                                                  Function 00007FF7591CCE70 Relevance: 1.4, APIs: 1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00007FF7591CC4B0: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7591CCE94,00000001,?,?,00007FF7591CCC81), ref: 00007FF7591CC4C4
                                                                  • InitializeCriticalSection.KERNEL32(00000001,?,?,00007FF7591CCC81,?,?,00000000,00007FF7591C31DB,?,?,00000000,00007FF7591AFA01), ref: 00007FF7591CCF40
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalInfoInitializeSectionSystem
                                                                  • String ID:
                                                                  • API String ID: 3396500325-0
                                                                  • Opcode ID: dc4482ca8e0435746fbe169b04928ad9b92026c57d372a0786afd09550947472
                                                                  • Instruction ID: 0f13167b3e71642ec34d96f113c88a137a27c7e1119a85c54f48070ec15193ba
                                                                  • Opcode Fuzzy Hash: dc4482ca8e0435746fbe169b04928ad9b92026c57d372a0786afd09550947472
                                                                  • Instruction Fuzzy Hash: 80419F32A04B958AEB10EF16F54055DFBB8FB64B90B988435DF9943B50DF38E991C710
                                                                  Function 00007FF759194E28 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF7591913E2,?,?,00009576C16D8760,00007FF759188599,?,?,?,?,00007FF759194C7A,?,?,00000000), ref: 00007FF759194E7D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 4292702814-0
                                                                  • Opcode ID: 93459845f911a6eca184272eb9e7dca726b4e6dbea886ee78a2622d72edc0e7b
                                                                  • Instruction ID: e76364879676e0d870fe3811b0d4b15d566c19f98e236ecf3a84ce927ecdeb76
                                                                  • Opcode Fuzzy Hash: 93459845f911a6eca184272eb9e7dca726b4e6dbea886ee78a2622d72edc0e7b
                                                                  • Instruction Fuzzy Hash: D8F06D44B0963281FE547EA17A503B5D2B65F88B80FCC6530C90E867C2EF1CE8814671
                                                                  Function 00007FF75919714C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF759194C61,?,?,00000000,00007FF7591A4FAB,?,?,?,00007FF7591A3397,?,?,?,00007FF7591A328D), ref: 00007FF75919718A
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 4292702814-0
                                                                  • Opcode ID: 4ecfee661c4bf62e861df5f9f5e7a1dae78cf794a289f64c5eca19dba9fd3138
                                                                  • Instruction ID: 03487c07704d2db947977cac1c43baa40010cdd3d37c3a8fb9910849161ba9e2
                                                                  • Opcode Fuzzy Hash: 4ecfee661c4bf62e861df5f9f5e7a1dae78cf794a289f64c5eca19dba9fd3138
                                                                  • Instruction Fuzzy Hash: 58F05815B0926B47FE543EA179406B5D2B15F88BA4FCC0A30DC2F856C2DF2CA8418230
                                                                  Function 00007FF7591CC530 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: FreeVirtual
                                                                  • String ID:
                                                                  • API String ID: 1263568516-0
                                                                  • Opcode ID: dac610213d391720b387916774ff12a690399de04c291ef470cfe5691dd3be78
                                                                  • Instruction ID: 056607c57d41d6795b747dc9b82cc4a01d3074116a26d7bc0949c2b997c6ffcf
                                                                  • Opcode Fuzzy Hash: dac610213d391720b387916774ff12a690399de04c291ef470cfe5691dd3be78
                                                                  • Instruction Fuzzy Hash: 32C04C10B1995042FB8C772B5C5B32690926FCC701FD48439DA0FC2665DD1C99564A10

                                                                  Non-executed Functions

                                                                  Function 00007FF7591B6C00 Relevance: 60.8, APIs: 20, Strings: 14, Instructions: 1262COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: Failed to detect pointer size: $Unexpected register: $Unexpected scratch register: $Unexpected size of immediate: $byte$dword$eax$invalid map<K, T> key$mov$qword$r14$r15$rax$word
                                                                  • API String ID: 3668304517-2329226126
                                                                  • Opcode ID: b58ef5277d2c44e18dcb20cc262d2c2bdccf4d7b2df8462764bdf356cd7069db
                                                                  • Instruction ID: 1a20f73f7b0e53bf7b84c11f50569d420123810ce8ac0348ae47d31ac2cd3c26
                                                                  • Opcode Fuzzy Hash: b58ef5277d2c44e18dcb20cc262d2c2bdccf4d7b2df8462764bdf356cd7069db
                                                                  • Instruction Fuzzy Hash: 57D2C562A18BD585EF21AF24D8443ECA373FB557A8F985231DA6D07ADADF38D580C310
                                                                  Function 00007FF759184EC0 Relevance: 49.1, APIs: 25, Strings: 2, Instructions: 1888COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                  • String ID: $
                                                                  • API String ID: 2880407647-227171996
                                                                  • Opcode ID: 5e39915bf05eb7d447e4c5a4b771afda0dddd5ff4239f102f908e97f1b882645
                                                                  • Instruction ID: 05fa4b839347a34402c43e07559d8a8c83054824ba342b95d8fb6bf34ff489f5
                                                                  • Opcode Fuzzy Hash: 5e39915bf05eb7d447e4c5a4b771afda0dddd5ff4239f102f908e97f1b882645
                                                                  • Instruction Fuzzy Hash: B903D572A142D18FFB759F24E8507EEB7B1FB44388F885135DA0A57B48DB39AA00DB11
                                                                  Function 00007FF759141070 Relevance: 39.9, APIs: 11, Strings: 11, Instructions: 1388COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                  • String ID: #base$#include$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                  • API String ID: 3936042273-1838291449
                                                                  • Opcode ID: dc4b0996f4d560a1900f6aa60d1b3906785f39088b617cb86e705d648385a59c
                                                                  • Instruction ID: f387f4ce90ad3fa22073111dbf8a4c295f6944360e02642357ef066ef0535c62
                                                                  • Opcode Fuzzy Hash: dc4b0996f4d560a1900f6aa60d1b3906785f39088b617cb86e705d648385a59c
                                                                  • Instruction Fuzzy Hash: D2E29372A057D685EF71AF20E9403ECA3B1FB19798F884531DA4D0BA99EF78D685C310
                                                                  Function 00007FF7591682D0 Relevance: 33.7, APIs: 8, Strings: 11, Instructions: 465COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ExecuteShell
                                                                  • String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
                                                                  • API String ID: 4120902618-4093014531
                                                                  • Opcode ID: be63988a5b8f2af6a64ad92dbab525889649630b6bd7050345156fc1b4cf4a77
                                                                  • Instruction ID: 6f608068dbc228162d1ed9a20a91d0cdd68f00227ee07e7cdaaa954340a1b0d8
                                                                  • Opcode Fuzzy Hash: be63988a5b8f2af6a64ad92dbab525889649630b6bd7050345156fc1b4cf4a77
                                                                  • Instruction Fuzzy Hash: 3D22B072E14B9185EB10EF28E4803EDA7B1FB84798F945236EA5D03AA9DF78D584C350
                                                                  Function 00007FF759128B60 Relevance: 31.1, APIs: 15, Strings: 2, Instructions: 1345COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Software$exists
                                                                  • API String ID: 0-2364128853
                                                                  • Opcode ID: 21eb7221288b317c2b462c652c3d4c6b67b3fe8d2c610f7f74298872afd642f5
                                                                  • Instruction ID: 675150c66cf988f2c5083099a76ea473f07dfff6c9611bb3397da646d6d502dc
                                                                  • Opcode Fuzzy Hash: 21eb7221288b317c2b462c652c3d4c6b67b3fe8d2c610f7f74298872afd642f5
                                                                  • Instruction Fuzzy Hash: F1D27F72A04BD58AEF10AF29E4403EDB3B0FB49798F944221EA9D17B99DF79D581C310
                                                                  Function 00007FF7590F7460 Relevance: 30.2, Strings: 24, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
                                                                  • API String ID: 73155330-850610325
                                                                  • Opcode ID: 54d700b9cf3b2f1ca1d9d49bc365dd1e4e44872a710e548b6f8f77ba2ac0658b
                                                                  • Instruction ID: fdc3d573232554c0f0dd2276c37c8cde70d0c52ee37fd2eb5b6a3b1550a8a1a0
                                                                  • Opcode Fuzzy Hash: 54d700b9cf3b2f1ca1d9d49bc365dd1e4e44872a710e548b6f8f77ba2ac0658b
                                                                  • Instruction Fuzzy Hash: BAC1A652D64BCA84FB11EF35D8813F5A372FBEA344F986332A54861856AF68B7C4C340
                                                                  Function 00007FF759177C90 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 351nativelibraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Handle$Query$CloseInformationProcessSystem_invalid_parameter_noinfo_noreturn$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                                  • String ID: File$NtDuplicateObject$ntdll.dll
                                                                  • API String ID: 1269246921-3955674919
                                                                  • Opcode ID: a624ba69bbab064b290267bb95dc78188409e9aeb6f61e2e23a31bd26d907d92
                                                                  • Instruction ID: 15ab5ecd2b53f31557c5e7208c7e40a7e7abbadb818c867c6101f9f4cf758a52
                                                                  • Opcode Fuzzy Hash: a624ba69bbab064b290267bb95dc78188409e9aeb6f61e2e23a31bd26d907d92
                                                                  • Instruction Fuzzy Hash: 95E1C162B18A9289FF00EF65E4503BCA3B1EB44B88F884531DE5D17B99DF3CE9498310
                                                                  Function 00007FF759161F40 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 218COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Initialize_invalid_parameter_noinfo_noreturn
                                                                  • String ID: @
                                                                  • API String ID: 3490963316-2766056989
                                                                  • Opcode ID: e3184df6f98de2c4f70b60a1088b1e91bd73b10e136101af35ae729ded4fa57a
                                                                  • Instruction ID: 699a11f51bc4676c01e27ba8ad4ba86106c7a90717871694bc5f45578d520ebe
                                                                  • Opcode Fuzzy Hash: e3184df6f98de2c4f70b60a1088b1e91bd73b10e136101af35ae729ded4fa57a
                                                                  • Instruction Fuzzy Hash: 01A18922F08A918AFB10EF24E4042ADB771FB88B88F484635DE5E57A98DF3CE555C354
                                                                  Function 00007FF759122C90 Relevance: 23.5, APIs: 8, Strings: 5, Instructions: 747COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                  • API String ID: 2212124024-3429737954
                                                                  • Opcode ID: c10b546fdc0c3b7e801e1a9528fb045b7b360e675c49147f11787a7d32182118
                                                                  • Instruction ID: f7e02b3839ecb119c8b689cc39579c18da1df1ab7165f6c9e3349f9793c5e9b4
                                                                  • Opcode Fuzzy Hash: c10b546fdc0c3b7e801e1a9528fb045b7b360e675c49147f11787a7d32182118
                                                                  • Instruction Fuzzy Hash: 38728072A08BD585EF21AF25E8403EDA370FB89B94F885231DA5D47B99EF38D645C310
                                                                  Function 00007FF7591B1BC0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 370COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: mov rax, $push rax$ret $xchg [rsp], rax
                                                                  • API String ID: 3668304517-2795999732
                                                                  • Opcode ID: 1195ee188e078e44d3601f79d653ee8fda8fc6ecdcce4321e206fd54c07996e0
                                                                  • Instruction ID: e88f241ee4f6966997e3a2617a7064b1375ef06d550608416e8338d10d601cd7
                                                                  • Opcode Fuzzy Hash: 1195ee188e078e44d3601f79d653ee8fda8fc6ecdcce4321e206fd54c07996e0
                                                                  • Instruction Fuzzy Hash: 56E1E062B08A9186FB10EF65E5403ADA372FB05B98F894631DE5C07699DF3CE585C320
                                                                  Function 00007FF75917C090 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 254COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • out_of_range, xrefs: 00007FF75917C102
                                                                  • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF75917C39F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                  • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$out_of_range
                                                                  • API String ID: 1944019136-2497706888
                                                                  • Opcode ID: 6594c139335a1207bc39d654f26e50ae82b368122471accea4e33488c68bf5a0
                                                                  • Instruction ID: f3b69d7210d1804b63fa1fcb2fb96192ac731fe67355fe04179ec04f5107d72d
                                                                  • Opcode Fuzzy Hash: 6594c139335a1207bc39d654f26e50ae82b368122471accea4e33488c68bf5a0
                                                                  • Instruction Fuzzy Hash: F0A1C062F18B9285FB009F64E0413ACA372EB59798F989232EA5D17B99DF3CD585C310
                                                                  Function 00007FF7591BBC80 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 633COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: Original function:$invalid unordered_map<K, T> key$m_fnAddress:
                                                                  • API String ID: 3668304517-1941141636
                                                                  • Opcode ID: 02981d798371a4823a731deade04a4b5622e736bbf8c915eaae5eee91cb6dc46
                                                                  • Instruction ID: d3a7a83314e4c9457d0dfdd44f2a64950379915f7d3cfe215862f38b90c77796
                                                                  • Opcode Fuzzy Hash: 02981d798371a4823a731deade04a4b5622e736bbf8c915eaae5eee91cb6dc46
                                                                  • Instruction Fuzzy Hash: 2B42F263B1969545EE009F69E4443ADA773EB497E4F988232EEAC47BD9DF3CD4808310
                                                                  Function 00007FF7591A0D98 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                  • String ID:
                                                                  • API String ID: 2591520935-0
                                                                  • Opcode ID: d7af4cb43e3a2f5a08089ec48a14d498971702225374197e96c623aa53a81e73
                                                                  • Instruction ID: bda6e804124d31285f4f5cb4842490413b5d0a7bc57bc3d1715f0e6d77340a0e
                                                                  • Opcode Fuzzy Hash: d7af4cb43e3a2f5a08089ec48a14d498971702225374197e96c623aa53a81e73
                                                                  • Instruction Fuzzy Hash: EE713C22B087628AFF50BF71E4506BCA3B0BF46744F884135DA0D53695EF3CA845C7A0
                                                                  Function 00007FF7591BE500 Relevance: 9.3, Strings: 7, Instructions: 525COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 1to16$1to2$1to32$1to4$1to64$1to8$align
                                                                  • API String ID: 0-1990294269
                                                                  • Opcode ID: 478a5ba8a10261c43c710e93d119ad108c814f434cc3ec5caa3a0798475301f4
                                                                  • Instruction ID: 308f753501ff5eb09cf404fd53a5d80a40765a88065768f6239506810809d58e
                                                                  • Opcode Fuzzy Hash: 478a5ba8a10261c43c710e93d119ad108c814f434cc3ec5caa3a0798475301f4
                                                                  • Instruction Fuzzy Hash: E1221762B1C2A286FF60AE25E0507BDA7B3EB45744FC85432DA4E43685DF3CE941CB94
                                                                  Function 00007FF759148150 Relevance: 8.0, APIs: 5, Instructions: 491COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: 6457c21683431f40fc46ce0097663e54508b7ea26b05d588e75e728b20c3ee12
                                                                  • Instruction ID: 8b98e194c7d3d149e89c05a8d502bde82c882424dacaf9919a42d0a4ebc5bbe1
                                                                  • Opcode Fuzzy Hash: 6457c21683431f40fc46ce0097663e54508b7ea26b05d588e75e728b20c3ee12
                                                                  • Instruction Fuzzy Hash: AA12B162F09B5685EE10EF61E0402ADA371EB48B98F984632DF6D17785EF3CE495C350
                                                                  Function 00007FF759169F00 Relevance: 7.9, APIs: 5, Instructions: 391COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ExecuteFileModuleNameShell
                                                                  • String ID:
                                                                  • API String ID: 3435646932-0
                                                                  • Opcode ID: 48b4ddc7bcf3ada09b84498f3bfe3d6f2476c30260f20d24590befa7b6f1312e
                                                                  • Instruction ID: e1f523056ed6f755bc67ed9bc6c7895dd602f74c06b22fa34449783ef5f55f65
                                                                  • Opcode Fuzzy Hash: 48b4ddc7bcf3ada09b84498f3bfe3d6f2476c30260f20d24590befa7b6f1312e
                                                                  • Instruction Fuzzy Hash: 79123C72A29BD48AEB408F29E88169DB3B4F788798F505225FEDD57B58EF38D150C700
                                                                  Function 00007FF7591DDBBC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF7591DDC3F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                  • API String ID: 389471666-631824599
                                                                  • Opcode ID: 054003f83320035adec44d53329f05feb58a978b0ff87314a16bb39900f58930
                                                                  • Instruction ID: 4d592f808d3ec88a032881701db5321cb51f4a737ab0a9a9e1e2e8453cb77d78
                                                                  • Opcode Fuzzy Hash: 054003f83320035adec44d53329f05feb58a978b0ff87314a16bb39900f58930
                                                                  • Instruction Fuzzy Hash: 22114F32A14B5297FB44AF22EA54379B2B4FF44345F884139C64D86A50EF7CF064C720
                                                                  Function 00007FF759142F80 Relevance: 6.4, APIs: 4, Instructions: 439COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 73155330-0
                                                                  • Opcode ID: d0b4d048326b8adc44645d321c1134835be996d6885a44465472921164cc3af2
                                                                  • Instruction ID: f8b5ce62da5b80f2296c6a40870756c2b723241a42038ef650edeb8184946412
                                                                  • Opcode Fuzzy Hash: d0b4d048326b8adc44645d321c1134835be996d6885a44465472921164cc3af2
                                                                  • Instruction Fuzzy Hash: 4602AE62A09B9581EE10AF15F54426DB3B4FB48BE0FA84635DBAD07794EF3CE492C310
                                                                  Function 00007FF759140E80 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 310COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID: conditional not closed
                                                                  • API String ID: 73155330-2481790218
                                                                  • Opcode ID: 1c60a9c5d3a36f4930e48f451563fee15543535cbf0c989a7f65713a5c288c6f
                                                                  • Instruction ID: 94c4aec023c7b8671d6ba8002778490e25751a41e1a8ba6e7542af176282e82b
                                                                  • Opcode Fuzzy Hash: 1c60a9c5d3a36f4930e48f451563fee15543535cbf0c989a7f65713a5c288c6f
                                                                  • Instruction Fuzzy Hash: BED1B032A09BD684EB21DF21E9402FDB7B5FB59784F984136DA4C0BA99EF78D590C310
                                                                  Function 00007FF75919ADF4 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 1286766494-0
                                                                  • Opcode ID: 47d861683341f54d3090551517d3d7bb1a628ba7c8a4dca3f9e571835d33f049
                                                                  • Instruction ID: d84d17d88ac1e9090be2bcf7c9234cc22ee307ed9c1f31c6cdd8104e5b1d246e
                                                                  • Opcode Fuzzy Hash: 47d861683341f54d3090551517d3d7bb1a628ba7c8a4dca3f9e571835d33f049
                                                                  • Instruction Fuzzy Hash: 5C92DF32A0866686EB64AF25A65017EB7BBFB45BC4F884135DB4E07B94DF3CE514C320
                                                                  Function 00007FF7591DB1A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: FormatInfoLocaleMessage
                                                                  • String ID: !x-sys-default-locale
                                                                  • API String ID: 4235545615-2729719199
                                                                  • Opcode ID: d44032de10bca517d3cc3a61524fc6b25f9580e9f75d891d10e8f21147b91806
                                                                  • Instruction ID: c094bcd0862b78f305c9d288f25f984186636b8c6ff27cc488be1fecf879bba4
                                                                  • Opcode Fuzzy Hash: d44032de10bca517d3cc3a61524fc6b25f9580e9f75d891d10e8f21147b91806
                                                                  • Instruction Fuzzy Hash: 0B01A172F0878582FB559F12B54077EA6B6FB85784F884035DA4A46A98DF3CE5048710
                                                                  Function 00007FF7591B89E0 Relevance: 4.9, APIs: 3, Instructions: 407COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 4131450254-0
                                                                  • Opcode ID: 5c9538d139d5618201ef3f36c2fc53709358423821e86ab391ce5bbb4f41cd0a
                                                                  • Instruction ID: 84c33bdff5f7d462f28a8348a48220778d19cef624669b2740e3fbd192e58dd0
                                                                  • Opcode Fuzzy Hash: 5c9538d139d5618201ef3f36c2fc53709358423821e86ab391ce5bbb4f41cd0a
                                                                  • Instruction Fuzzy Hash: CDE1F162A09B6581EE10DF22F550279A7A6EB48FD4F988532EE9D17B98DF3CD841C310
                                                                  Function 00007FF759186DF0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: memcpy_s
                                                                  • String ID:
                                                                  • API String ID: 1502251526-0
                                                                  • Opcode ID: eb07a1fe8bff8429000d82fc6708e1dd14e73367c47fa60bb37c8b50ad77a0f3
                                                                  • Instruction ID: ae838cfb9fdd15026f6a653306b072d771eed4d9df88aacdf1b5bcdd635cc228
                                                                  • Opcode Fuzzy Hash: eb07a1fe8bff8429000d82fc6708e1dd14e73367c47fa60bb37c8b50ad77a0f3
                                                                  • Instruction Fuzzy Hash: 18C1F372B1929687EF24DF59F14466AF7A2F784B84F888134DB4A53B84DB3DE900DB40
                                                                  Function 00007FF759173BA0 Relevance: 4.7, APIs: 3, Instructions: 187COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: DevicesDisplayEnum$_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 2655931952-0
                                                                  • Opcode ID: 93f143aaed34d6efebadf67a529ae19b0810b8c687300852e3dcb61448587e56
                                                                  • Instruction ID: 903138449552467477a122ff1fa95845d11f079a2cd8240c5af2c7cffde0927f
                                                                  • Opcode Fuzzy Hash: 93f143aaed34d6efebadf67a529ae19b0810b8c687300852e3dcb61448587e56
                                                                  • Instruction Fuzzy Hash: 28819E32A18B8586EB20DF25F4447AEB7B4F788798F945225EE9C17B98DF38D581C700
                                                                  Function 00007FF7591BAB70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID: invalid unordered_map<K, T> key
                                                                  • API String ID: 3668304517-353222475
                                                                  • Opcode ID: 3816611a46f99d454c894934d88facfdf03a6d509af848790ad9a93ba470a137
                                                                  • Instruction ID: 8d349cbe0278f3cebf575106d679890fc08cf8f5de6738e07a32ef3b1c7dbb86
                                                                  • Opcode Fuzzy Hash: 3816611a46f99d454c894934d88facfdf03a6d509af848790ad9a93ba470a137
                                                                  • Instruction Fuzzy Hash: 1581D46371466545FF149F21E4213BCA7B6AB88BC8F889132EA9D0BBD8DF3CD9418350
                                                                  Function 00007FF759195418 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: InfoLocale
                                                                  • String ID: GetLocaleInfoEx
                                                                  • API String ID: 2299586839-2904428671
                                                                  • Opcode ID: ccc1f16d2b9fc2463dee01d2f619e68b1c413d3b13c2f6d01cda35fd49cc1089
                                                                  • Instruction ID: 50dfd1ca66cd739b08a39fcc777d92434ce0ef26da9e12079a56ca5fefc26dd0
                                                                  • Opcode Fuzzy Hash: ccc1f16d2b9fc2463dee01d2f619e68b1c413d3b13c2f6d01cda35fd49cc1089
                                                                  • Instruction Fuzzy Hash: 94018F20B08A5185FB84AF56B4005AAE372EF89BD0F9C8036EE4E13B65CF3CE5458790
                                                                  Function 00007FF759198B08 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionRaise_clrfp
                                                                  • String ID:
                                                                  • API String ID: 15204871-0
                                                                  • Opcode ID: a218957482b48b590648b3e16ace9b7ac7afc45119c2de734ba3a03728b764a2
                                                                  • Instruction ID: e55bf1f05fa9d18a3c3c5aeba0a04d765e6b710c3064ef56101c14f68c2f6224
                                                                  • Opcode Fuzzy Hash: a218957482b48b590648b3e16ace9b7ac7afc45119c2de734ba3a03728b764a2
                                                                  • Instruction Fuzzy Hash: 8DB15873600B998BEB55CF29D846368BBF1F744B48F588862DA6E837A8CF39D451C710
                                                                  Function 00007FF7591650D0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CryptProtectData.CRYPT32(?,?,?,?,?,?,?,?,2581848AAB84B8DF,00007FF7591650A8), ref: 00007FF759165128
                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,2581848AAB84B8DF,00007FF7591650A8), ref: 00007FF7591651BA
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CryptDataFreeLocalProtect
                                                                  • String ID:
                                                                  • API String ID: 2714945720-0
                                                                  • Opcode ID: 52960f018f6b1f12d67629b669ec63dfa0ea14dc44592252fcec820f30678a9d
                                                                  • Instruction ID: 58a420a943c613bda95a79795f314479eb7580994186f4f492cb19857316eec8
                                                                  • Opcode Fuzzy Hash: 52960f018f6b1f12d67629b669ec63dfa0ea14dc44592252fcec820f30678a9d
                                                                  • Instruction Fuzzy Hash: 0B415932A18B90CAE7209F74E4403AD77B4F75878CF484239EA8D06E8ADF79E564C754
                                                                  Function 00007FF7591BFB20 Relevance: 3.0, Strings: 2, Instructions: 492COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: abs$rel
                                                                  • API String ID: 0-1867029159
                                                                  • Opcode ID: a473d4a40322626fd3db14bdbe02dfedb8dc11f491bf41f379a2da7ce227cca6
                                                                  • Instruction ID: 76bb4b1ec9df63c41e406327aab8942f0d7128864c330b66a9867c2537d4f15d
                                                                  • Opcode Fuzzy Hash: a473d4a40322626fd3db14bdbe02dfedb8dc11f491bf41f379a2da7ce227cca6
                                                                  • Instruction Fuzzy Hash: 8F121962F186668AFF60AE79D4403BDA3B2EB09748F894035DE4957785CF38D9418B60
                                                                  Function 00007FF75919BE30 Relevance: 2.9, Strings: 2, Instructions: 358COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: a/p$am/pm
                                                                  • API String ID: 0-3206640213
                                                                  • Opcode ID: 9ef95d5893d21d87e11e817d9d394996ef015b18a9a1a9919d769f0bf271b381
                                                                  • Instruction ID: 5efa47dc9b927b1085defeb1727009f41ca711fc69f34768c352b234f3ee2d26
                                                                  • Opcode Fuzzy Hash: 9ef95d5893d21d87e11e817d9d394996ef015b18a9a1a9919d769f0bf271b381
                                                                  • Instruction Fuzzy Hash: 83E1B032E0866285EF64AF65A5545BDA3B6FF11784FDC4132EA8E07684DF3CEA41D320
                                                                  Function 00007FF75915FE70 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: 341a44eef4bf027e22ac0649b1b2f74ac2dd1c03a59da04e6e5f69c7db6cd1f1
                                                                  • Instruction ID: 60fd4d4c67ddf061341804bf64c5be19ba2b81482178b233b9e04c4e21f335af
                                                                  • Opcode Fuzzy Hash: 341a44eef4bf027e22ac0649b1b2f74ac2dd1c03a59da04e6e5f69c7db6cd1f1
                                                                  • Instruction Fuzzy Hash: 03A17B22A19BA989EB00CF7AE4803AC7770F759748F988526DF8D57B55DF38D191C320
                                                                  Function 00007FF75915FB50 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: c3307284c6efabcbe71df6c566b1e1b71424ed86a7ad0a1535a7446ffe1797c8
                                                                  • Instruction ID: 8b703078c4e1e1cbb75792710f982dbde6dd7b4a857f51bd38ea1648379d07a0
                                                                  • Opcode Fuzzy Hash: c3307284c6efabcbe71df6c566b1e1b71424ed86a7ad0a1535a7446ffe1797c8
                                                                  • Instruction Fuzzy Hash: 2BA17B22A19BA999EF00CF69E4803ACB770F759B48F988426CF8D57755DF38D191C360
                                                                  Function 00007FF75915F200 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: 399eb5a60e8f0e2e4bce4a5e7932d4aa62690c71363c3b1c634334a9f2a8f2df
                                                                  • Instruction ID: e1b43052e59990418cb17e982632a5a2d5ab714282923807def1b0cb9b673e68
                                                                  • Opcode Fuzzy Hash: 399eb5a60e8f0e2e4bce4a5e7932d4aa62690c71363c3b1c634334a9f2a8f2df
                                                                  • Instruction Fuzzy Hash: 29A18962B19BA999EF018FAAE4803ACA770F758748F984426CF8D57795DF38D491C320
                                                                  Function 00007FF7591601A0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: d750437385fe57c59689f1d4f4a35045e2006ce76b3b28ef975e9fc8603815c0
                                                                  • Instruction ID: 3d7873c7a9f67a8f961c6b5c461a89a93e0c5b016f35bba913b0362802892c6e
                                                                  • Opcode Fuzzy Hash: d750437385fe57c59689f1d4f4a35045e2006ce76b3b28ef975e9fc8603815c0
                                                                  • Instruction Fuzzy Hash: 1CA17C22B19BA989EB10CF7AE4803ACA770F755748F98442ACF8D53B55DF38D051C310
                                                                  Function 00007FF7591620BE Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: BlanketCreateInstanceProxy_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 2651345351-0
                                                                  • Opcode ID: 7f2d3f72266a1ad56397fe19ef10ec5738d5c2edbc89f2b51367f2cc5b199f66
                                                                  • Instruction ID: b7a0d247a1fafd3f5b423c6f0431aa57b2593ee605a3b5721f13e880badbcff4
                                                                  • Opcode Fuzzy Hash: 7f2d3f72266a1ad56397fe19ef10ec5738d5c2edbc89f2b51367f2cc5b199f66
                                                                  • Instruction Fuzzy Hash: A9018F22F09A958AFB21EF60E4013ADA375BB48758F884536CF4E47A54DF38D485C350
                                                                  Function 00007FF759194ED8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: EnumLocalesSystem
                                                                  • String ID:
                                                                  • API String ID: 2099609381-0
                                                                  • Opcode ID: ed705c37d69ef8013e8692d4cdd39cd770c57f58848f00780f6b4190c1d9d426
                                                                  • Instruction ID: c7a5ddfa92ebc1aa7d2c88cdbe842a712a3eaa3037a40491a4b6d240c89399a8
                                                                  • Opcode Fuzzy Hash: ed705c37d69ef8013e8692d4cdd39cd770c57f58848f00780f6b4190c1d9d426
                                                                  • Instruction Fuzzy Hash: DEF0FB72A04B8182E644AF19F8905A9A3B2EB98B80F986035DA4D87365CF2CD451C610
                                                                  Function 00007FF75918AC90 Relevance: 1.5, APIs: 1, Instructions: 28timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Time$FileSystem
                                                                  • String ID:
                                                                  • API String ID: 2086374402-0
                                                                  • Opcode ID: 059300715565b079a0da65c434dbffadc9a810c62e898f297631b766a843873b
                                                                  • Instruction ID: e7695d33ce5d045fade828e661f78929c7ca8f894a8851d6e48b82a88828b292
                                                                  • Opcode Fuzzy Hash: 059300715565b079a0da65c434dbffadc9a810c62e898f297631b766a843873b
                                                                  • Instruction Fuzzy Hash: 5BF0E2E2B29A8803EE249B19E4143A49291AF5CBF0E449331EE3E0E7C9EF1CD1508700
                                                                  Function 00007FF7590F5DC0 Relevance: 1.0, Instructions: 961COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5fec21f9ddb32210f6b5e969e071971b159482b6e2fd4f4b72927dbf668d3f10
                                                                  • Instruction ID: e877630458cc7252150f2bc5815d4403c93dbe0d3570fca23dbdd8d287dd070b
                                                                  • Opcode Fuzzy Hash: 5fec21f9ddb32210f6b5e969e071971b159482b6e2fd4f4b72927dbf668d3f10
                                                                  • Instruction Fuzzy Hash: 9FC2B272525FC889D7B18F39EC812DD73A8F75878CF109625EB8C5AB19EF3482589348
                                                                  Function 00007FF7591DE4B0 Relevance: .6, Instructions: 579COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b7d4d767bbbaaf6fc642392a77769fc2c7124bc08782bf1337f65d91400a68ab
                                                                  • Instruction ID: 5be65fdcfe3c7a114c587ae8a7ad55c5b1d80859337271ee8b6ce1c256fb8a3e
                                                                  • Opcode Fuzzy Hash: b7d4d767bbbaaf6fc642392a77769fc2c7124bc08782bf1337f65d91400a68ab
                                                                  • Instruction Fuzzy Hash: FD526121D29F66D9F693AF35B811535E334FF563C1F89A733E80E6A650DF2CA4428620
                                                                  Function 00007FF7591492D0 Relevance: .4, Instructions: 361COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f47d2fc46064dab5907b35485465ac6e09d969a0ee3f7e69edd6212c471c0128
                                                                  • Instruction ID: ee16cd5fa99619e674cd437d44dd9457b3d7d3cfa73bf6686c1d7acff1921737
                                                                  • Opcode Fuzzy Hash: f47d2fc46064dab5907b35485465ac6e09d969a0ee3f7e69edd6212c471c0128
                                                                  • Instruction Fuzzy Hash: 73C1E363B286A587EB16CF22E544569B762F7D8FD0B89D131DA4E07B84DB3CD802CB00
                                                                  Function 00007FF759191CB8 Relevance: .4, Instructions: 356COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 4023145424-0
                                                                  • Opcode ID: fc738250f0c9c309bdd893c04d7771f87c9341789a39d89ec59cf125030b0b93
                                                                  • Instruction ID: 9fe6de2f7917a5d7aac766cb9b329903f1c1b59a68c84c6d75dd47dcdf901420
                                                                  • Opcode Fuzzy Hash: fc738250f0c9c309bdd893c04d7771f87c9341789a39d89ec59cf125030b0b93
                                                                  • Instruction Fuzzy Hash: 36E1D326B086A245FF64AF61A5103BAA3B2FF84B88F884431DE4E476D5DF3CE445C320
                                                                  Function 00007FF759162CB0 Relevance: .3, Instructions: 323COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                  • Instruction ID: 3a270257f6d42081221bbb9737dfb24dcd3a95f345ac3b1dc22cd1e2c33ac4db
                                                                  • Opcode Fuzzy Hash: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                                                  • Instruction Fuzzy Hash: 75C1D3B3A146948BE355CF2DD40195D7BE0F398B84F40A629EB56C3B01E778E9A5CF80
                                                                  Function 00007FF7591849B4 Relevance: .3, Instructions: 287COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 58993cc49f4dd608ba7a820bbbd73e261f21bf312b089c0bcad54f873d9ee38f
                                                                  • Instruction ID: 57a1bbaf8a8702c43cbb7dab8290b678d54b09ac484e1651ca544746fb0108f0
                                                                  • Opcode Fuzzy Hash: 58993cc49f4dd608ba7a820bbbd73e261f21bf312b089c0bcad54f873d9ee38f
                                                                  • Instruction Fuzzy Hash: 78916722B1826646FF64AE25B0403B9E6A4BF50788F8D2239DD2E477C4DF3CE405E725
                                                                  Function 00007FF7590F8000 Relevance: .2, Instructions: 203COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf60a5878d10fb45bb922aa4434284bfb4a8850ce500248e9bf54e3d3a20baed
                                                                  • Instruction ID: c8643e2f4eb4bbe1ae4716f5a09f4deb6246c41edba82068a87adb335a9d5fa3
                                                                  • Opcode Fuzzy Hash: bf60a5878d10fb45bb922aa4434284bfb4a8850ce500248e9bf54e3d3a20baed
                                                                  • Instruction Fuzzy Hash: A6B1F532919FC88AD7108F69E8802ADB7B5F7997A8F541325EACC23B59EF78D154C700
                                                                  Function 00007FF75913DDA0 Relevance: .2, Instructions: 187COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 197750e4aaad263fb16452bdc9eff378dcd9ed9655da37c4e9a39dd39b5568c7
                                                                  • Instruction ID: c1e4a665fc9465acc633bb282da4c4f13417908eab6f27bc69275d0056209a08
                                                                  • Opcode Fuzzy Hash: 197750e4aaad263fb16452bdc9eff378dcd9ed9655da37c4e9a39dd39b5568c7
                                                                  • Instruction Fuzzy Hash: D061E626B14B8942DE10CF19E1451A9A375E7697D4F989231EB9D47B48EF7CE180C340
                                                                  Function 00007FF7591E1BCC Relevance: .2, Instructions: 183COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 96dee636877c4981823ff604cc05051f0ce0167f6762f4337eb515c1ee7efdad
                                                                  • Instruction ID: 4c2103d0c167e6d8b5691ae90d21b44fc0cd0515adb827c3f4e2e4256e4fa482
                                                                  • Opcode Fuzzy Hash: 96dee636877c4981823ff604cc05051f0ce0167f6762f4337eb515c1ee7efdad
                                                                  • Instruction Fuzzy Hash: CD61EB22F082B143FF65AD28A554679E9F1BF41360F9C063DE62D8B6C5DF2DD8408720
                                                                  Function 00007FF7591630F0 Relevance: .2, Instructions: 174COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7712bce75c303a6c128dfa0d45a2675bbe9045de200c46ed45cf77d95598a9a8
                                                                  • Instruction ID: 9b3dd04791fdaf4039c7bf41c363684b865c022db6a5ef9dcb62d75043bf4102
                                                                  • Opcode Fuzzy Hash: 7712bce75c303a6c128dfa0d45a2675bbe9045de200c46ed45cf77d95598a9a8
                                                                  • Instruction Fuzzy Hash: 0161C02321E2C48FD30DDF7C589106D7F61D2A7908388469DEA85EBB4BC514C91ACBA6
                                                                  Function 00007FF759188ABC Relevance: .1, Instructions: 145COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                  • Instruction ID: 4ddf1b25b5696cf3f9f1334172ac05e82d4911efd3fc933bfed59aa46906e3cd
                                                                  • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                                                  • Instruction Fuzzy Hash: 6C51C072A18A6186FB249F28E044278F7B4EB84B98FA84171CE5D07794CF3EE843D751
                                                                  Function 00007FF759188CC0 Relevance: .1, Instructions: 145COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                  • Instruction ID: a35554efd79e9c9564a7627c0acd9e59538efff683916a107984d6706b1499be
                                                                  • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                                                  • Instruction Fuzzy Hash: C9518236A1866186FB249F29E040328F7B0EB54B58FA84171CE5D177A4CF3EE843D751
                                                                  Function 00007FF759188EC4 Relevance: .1, Instructions: 145COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                  • Instruction ID: 58075058e8aa461f72d31f993da771795c1aa8b19cf6b2e5ae606e8faab48e9b
                                                                  • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                                                  • Instruction Fuzzy Hash: 95519036A28A6186FB249F29E040238F7B1EB44B58F684171DE4D17794CF3EE843E791
                                                                  Function 00007FF7591A32E0 Relevance: .1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFreeHeapLast
                                                                  • String ID:
                                                                  • API String ID: 485612231-0
                                                                  • Opcode ID: 8c08d7308113fb21a23596271e587e6057e87f3d6b82481ecb8894e85f4e57f2
                                                                  • Instruction ID: 60b1bb17456b5672c562768ac06c2ddc0856509f86b621166e8416c1bb836fd9
                                                                  • Opcode Fuzzy Hash: 8c08d7308113fb21a23596271e587e6057e87f3d6b82481ecb8894e85f4e57f2
                                                                  • Instruction Fuzzy Hash: 3F41E472718A6582FF44DF6AE954169B3A1FB48FC4B99A032EE0D87B58DF3CD4428340
                                                                  Function 00007FF75918F268 Relevance: .1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d3cb59ec0bf7899867bf851bf667cf51092c67ae8703a3e64bec9bc61aabe119
                                                                  • Instruction ID: e1c29a26203506dedd79d1e631130eb8b6897e80df02dc509e25106f30085b88
                                                                  • Opcode Fuzzy Hash: d3cb59ec0bf7899867bf851bf667cf51092c67ae8703a3e64bec9bc61aabe119
                                                                  • Instruction Fuzzy Hash: E9314826B1C13282FEA5BD29B555679D172AF82340EEC8031D80D01B9B8F2EF445F6A3
                                                                  Function 00007FF759161C30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                                                  • String ID:
                                                                  • API String ID: 3925315391-0
                                                                  • Opcode ID: f42cf85e0bce5153215c9d7babbbe699e3c4e8a243701d2dfd245effa3a2a78e
                                                                  • Instruction ID: 9d848b89357f70e1e527061b526221ff4b5e7834389cefbce65b22befc4c9fa3
                                                                  • Opcode Fuzzy Hash: f42cf85e0bce5153215c9d7babbbe699e3c4e8a243701d2dfd245effa3a2a78e
                                                                  • Instruction Fuzzy Hash: F6814A32A19B9182FF50AF25F94426AE3B5FB88B94F844135EE8D47B58DF7CE4058B10
                                                                  Function 00007FF759191208 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Value$ErrorLast$Heap$AllocFree
                                                                  • String ID:
                                                                  • API String ID: 570795689-0
                                                                  • Opcode ID: 7c967122ad4d7ecad4dbaaf56d21964e2454bb0f298830798979b60159b840d5
                                                                  • Instruction ID: 1e44957baca575f31a7c89c0cdf66d916a1ec5a75c695667b7177ee2373e621b
                                                                  • Opcode Fuzzy Hash: 7c967122ad4d7ecad4dbaaf56d21964e2454bb0f298830798979b60159b840d5
                                                                  • Instruction Fuzzy Hash: 9C412920B0C22242FE987F617A51179E2B35F457B4FDC1734E93E5AAC2DF2CB6424220
                                                                  Function 00007FF759120420 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$ApisFile__std_fs_code_page
                                                                  • String ID: ", "$: "
                                                                  • API String ID: 1991941009-747220369
                                                                  • Opcode ID: 0f0a78cabc45884e6da76cca535291b853cf26a0a925827afb0c860ac207dd90
                                                                  • Instruction ID: 987ed5f022210bbe7c496c7d1b837ddc9240087fbf6f1b60daf0ba4c93028a06
                                                                  • Opcode Fuzzy Hash: 0f0a78cabc45884e6da76cca535291b853cf26a0a925827afb0c860ac207dd90
                                                                  • Instruction Fuzzy Hash: B8B1BC62B08B5486FF00EF75E0443ACA371EB45B88F988531EA5E07B99DF39D595C390
                                                                  Function 00007FF759139230 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 1677125601-1405518554
                                                                  • Opcode ID: 88079e8517fec9cfcc7c8ac3f5039ea7a47a817c4aad07439b917c5b4a5cbb2b
                                                                  • Instruction ID: 7aa35c66d1219dac69f951ce76bda57da8b28024dfcc9d622a3786e0c7b9e910
                                                                  • Opcode Fuzzy Hash: 88079e8517fec9cfcc7c8ac3f5039ea7a47a817c4aad07439b917c5b4a5cbb2b
                                                                  • Instruction Fuzzy Hash: 9BA1CE62B0AB458AFF15AFB5E4403ADB3B1EF44B88F884535DA4D1BA89DF38D4518390
                                                                  Function 00007FF759167B00 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name$false$true
                                                                  • API String ID: 164343898-1062449267
                                                                  • Opcode ID: cd099738ed1609ff69ed68634f856e852bd492813bf82195bd31ad29d5933a25
                                                                  • Instruction ID: 44824841a4620cbdc54616103ffd834e08083f0b9ad7a4e71ad47d4964e6ade0
                                                                  • Opcode Fuzzy Hash: cd099738ed1609ff69ed68634f856e852bd492813bf82195bd31ad29d5933a25
                                                                  • Instruction Fuzzy Hash: 7A713C22B09B518AFB11EF70E4502BDB3B6EF84748F8C4539DA4C27A99DF38A411D365
                                                                  Function 00007FF759157FD1 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 273COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ; expected $; last read: '$while parsing
                                                                  • API String ID: 0-2554043419
                                                                  • Opcode ID: 5c7a5fa41691b6bd0e243fa2ad2de8c47fca30c2961104285f8f1e4a3ef8a2f0
                                                                  • Instruction ID: 9a148a058edc8527e50d9bcde8beb7d968f361da8c936f78d19373c0ae7091c5
                                                                  • Opcode Fuzzy Hash: 5c7a5fa41691b6bd0e243fa2ad2de8c47fca30c2961104285f8f1e4a3ef8a2f0
                                                                  • Instruction Fuzzy Hash: 64C1B362F146A199FF00EFA4E4403ED6B72EB007A8F994235DE1D6BAC9DF789485D310
                                                                  Function 00007FF759194F54 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(?,00000000,00007FF7591955FE,?,?,00000030,00007FF75919CB54), ref: 00007FF7591950D0
                                                                  • GetProcAddress.KERNEL32(?,00000000,00007FF7591955FE,?,?,00000030,00007FF75919CB54), ref: 00007FF7591950DC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: AddressFreeLibraryProc
                                                                  • String ID: api-ms-$ext-ms-
                                                                  • API String ID: 3013587201-537541572
                                                                  • Opcode ID: 719561378f0d74617f1bcdbfcfc11508aac42a575313cbdf1355d5b59e53c671
                                                                  • Instruction ID: 0af3be8456e6277f958cca9fb9abca8433256d2d3f8957d8c8df4dff60225db3
                                                                  • Opcode Fuzzy Hash: 719561378f0d74617f1bcdbfcfc11508aac42a575313cbdf1355d5b59e53c671
                                                                  • Instruction Fuzzy Hash: D441D322B1966281FE55EF16B80057AA3B2BF4ABA0F8D4535DD0D97794EF3CF4058360
                                                                  Function 00007FF759168180 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Internet$CloseFileHandleOpenRead
                                                                  • String ID: File Downloader
                                                                  • API String ID: 4038090926-3631955488
                                                                  • Opcode ID: 91e744b22f357f91b51b56f9f413c7a71866174e8c47e92bf1781ef31d06db3a
                                                                  • Instruction ID: 04e7c25869ecc791f8ec71da27bd3d46f345318cb70d426db3d5efd680a9f8ea
                                                                  • Opcode Fuzzy Hash: 91e744b22f357f91b51b56f9f413c7a71866174e8c47e92bf1781ef31d06db3a
                                                                  • Instruction Fuzzy Hash: 5C316E32A19B8186EB509F11F8506AAB374FB88BC4F884035EE8D03B58DF7CE455CB10
                                                                  Function 00007FF7591604A0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 185COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                  • String ID: invalid_iterator
                                                                  • API String ID: 1944019136-2508626007
                                                                  • Opcode ID: c70e24125cf4320abfa5527c06e714ac6e0f4bdbca4e5e6bd150f12c00010374
                                                                  • Instruction ID: 4af7447663318c6052a326982d7653ebf692f23f8d835205786f0366b9818881
                                                                  • Opcode Fuzzy Hash: c70e24125cf4320abfa5527c06e714ac6e0f4bdbca4e5e6bd150f12c00010374
                                                                  • Instruction Fuzzy Hash: 3971C263F19B8184FF00EF75E4403ACA371EB49798F989231EA5C16AD9EF38A585C350
                                                                  Function 00007FF75915DC80 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                  • String ID: out_of_range
                                                                  • API String ID: 1944019136-3053435996
                                                                  • Opcode ID: d136a6ab93a13f93a22ecb7c1c109add31bd963ec3171c0f149cb2b9c5f1fdd7
                                                                  • Instruction ID: 87d586a9fb0b5c90b984327c7b07bfe9bb88cf14ff9b82af58a9026225da48fc
                                                                  • Opcode Fuzzy Hash: d136a6ab93a13f93a22ecb7c1c109add31bd963ec3171c0f149cb2b9c5f1fdd7
                                                                  • Instruction Fuzzy Hash: E171B462F18B8198FF00EF78E4403ACA371EB553A8F859331EA5C16AD9EF789585C350
                                                                  Function 00007FF759138260 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                  • String ID: other_error
                                                                  • API String ID: 1944019136-896093151
                                                                  • Opcode ID: acba0af718f1fb9f5a73f58b4407647d518a2a0c18cf1a1e93d152ec8f62f7af
                                                                  • Instruction ID: 29ab4dd4ba90e9208a514df779d120e3f1858e2b9edda301fc1e82ea12505a01
                                                                  • Opcode Fuzzy Hash: acba0af718f1fb9f5a73f58b4407647d518a2a0c18cf1a1e93d152ec8f62f7af
                                                                  • Instruction Fuzzy Hash: E971A063F18B8589FB00EF74E4403ADA371AB553A8F949231EA6C16AD9EF7CD585C310
                                                                  Function 00007FF759137460 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 168COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                  • String ID: type_error
                                                                  • API String ID: 1944019136-1406221190
                                                                  • Opcode ID: 7c623e4d7ab442162d3450008bd532494879938e6a68c4cf1714a44e76a081a6
                                                                  • Instruction ID: 71de92e9c39bf843c837dcce9f9d458320d9654689d63f3c95b189abe43811cf
                                                                  • Opcode Fuzzy Hash: 7c623e4d7ab442162d3450008bd532494879938e6a68c4cf1714a44e76a081a6
                                                                  • Instruction Fuzzy Hash: B271B363F19B8589FF00EF74E4503ACA371AB55398F989231EA5C16AD9EF38A185C350
                                                                  Function 00007FF75914CAB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
                                                                  • String ID: at line $, column
                                                                  • API String ID: 729085983-191570568
                                                                  • Opcode ID: 3f780ef7e5359a42c46859976d2eda710d51c6f5304ee1e9230b02aa1cf7dc94
                                                                  • Instruction ID: cc1f4dc8f0cabb07a3df523698809211ddeabad253e374f9c61b68db95d957f4
                                                                  • Opcode Fuzzy Hash: 3f780ef7e5359a42c46859976d2eda710d51c6f5304ee1e9230b02aa1cf7dc94
                                                                  • Instruction Fuzzy Hash: 9251B372E0879541EA10AF19F14026EA771FB89BD4F984231EBAC07B96DF7CD5828340
                                                                  Function 00007FF7591A401C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                  • String ID: CONOUT$
                                                                  • API String ID: 3230265001-3130406586
                                                                  • Opcode ID: d64a5614ff09383aec324552889b53812a6c5a93abf77eb905263844d90bf464
                                                                  • Instruction ID: c98a8513f7d37b470b96ce9f2691879b1f05bf7693f1bc19679b01ad7c08608c
                                                                  • Opcode Fuzzy Hash: d64a5614ff09383aec324552889b53812a6c5a93abf77eb905263844d90bf464
                                                                  • Instruction Fuzzy Hash: 26118121A18B4186F790AF12F854339F2B0FB98BE4F881235EA5D87794CF3CE8148754
                                                                  Function 00007FF7591DD110 Relevance: 9.1, APIs: 6, Instructions: 94threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                                                                  • String ID:
                                                                  • API String ID: 184115430-0
                                                                  • Opcode ID: dcaa0c5ec967c3866615ac309e3086bf37bc4396709c5386fc2d1e26bec89594
                                                                  • Instruction ID: 2c3e7ae247d56e70f73bdb8d32b2fac90a3643ede000eeea8bb17fbd4278fa70
                                                                  • Opcode Fuzzy Hash: dcaa0c5ec967c3866615ac309e3086bf37bc4396709c5386fc2d1e26bec89594
                                                                  • Instruction Fuzzy Hash: F3412D7AA0876686EFA4AF14F440339B370FB55B84F884035DA5D42A98DF3CE955CB10
                                                                  Function 00007FF7591B9020 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 251COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                  • String ID: $$/$tter
                                                                  • API String ID: 73155330-4034128088
                                                                  • Opcode ID: d6074e1e23a7ea458cbdc3411ce5e52139f6dd3b86624e2aba97a4002dc31c6c
                                                                  • Instruction ID: cfa8fbc078ada2d5ee92621bf4604a66f96b8d750991a7f23c6341865b586646
                                                                  • Opcode Fuzzy Hash: d6074e1e23a7ea458cbdc3411ce5e52139f6dd3b86624e2aba97a4002dc31c6c
                                                                  • Instruction Fuzzy Hash: 6FB1A122A18BA182EB14EF24F44036DB7B2FB85B94F984235EA9D43B95DF3CD591C350
                                                                  Function 00007FF759127180 Relevance: 7.8, APIs: 5, Instructions: 312COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: a146be0718f4bd72be71e4d597e876e6d7614a783eeef39a4546d8c2212f8fa9
                                                                  • Instruction ID: 3a3c607a404df7cc09da3f2e8afc4bed266f7e2b0c8d6c87d9b0b422f9fa4e75
                                                                  • Opcode Fuzzy Hash: a146be0718f4bd72be71e4d597e876e6d7614a783eeef39a4546d8c2212f8fa9
                                                                  • Instruction Fuzzy Hash: 41D1BF62B087A185FE10AF66F4402AEA771EB457E8F981231EE5D17BD9DF79E4808310
                                                                  Function 00007FF7591781C0 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: EnvironmentInitStringStringsUnicode$Free_invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 1868271193-0
                                                                  • Opcode ID: d1cfb9c678f6b3bfd6e15e9b3720f0f3282dc3bc451fd851657b04b91d9ff4b9
                                                                  • Instruction ID: a4e51887de29797669f2ebc135fb148e19597d85105b6fee72d2242a6b587502
                                                                  • Opcode Fuzzy Hash: d1cfb9c678f6b3bfd6e15e9b3720f0f3282dc3bc451fd851657b04b91d9ff4b9
                                                                  • Instruction Fuzzy Hash: F8518C22A08B9182EB10AF15F48036DB370FB98B94F989221EB9D03B95DF7CE5D1C714
                                                                  Function 00007FF759172FF0 Relevance: 7.6, APIs: 5, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Window$DesktopRect
                                                                  • String ID:
                                                                  • API String ID: 1991322523-0
                                                                  • Opcode ID: fcd7ca55d02a325fb34b73fcd1eeca359179940b2b54e1d205aed709906dea99
                                                                  • Instruction ID: 1d82c359324bcfd382e0233935155460b3c60d7572f60e9f9b6e918a6daf2a67
                                                                  • Opcode Fuzzy Hash: fcd7ca55d02a325fb34b73fcd1eeca359179940b2b54e1d205aed709906dea99
                                                                  • Instruction Fuzzy Hash: 0B418262A1C78641FE20AF28F44536EE361EB857A4F944231EAAD46BD9DF3CE4818650
                                                                  Function 00007FF759191448 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF759183867,?,?,00000000,00007FF759183B02,?,?,?,?,?,00007FF759183A8E), ref: 00007FF759191467
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF759183867,?,?,00000000,00007FF759183B02,?,?,?,?,?,00007FF759183A8E), ref: 00007FF759191486
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF759183867,?,?,00000000,00007FF759183B02,?,?,?,?,?,00007FF759183A8E), ref: 00007FF7591914AE
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF759183867,?,?,00000000,00007FF759183B02,?,?,?,?,?,00007FF759183A8E), ref: 00007FF7591914BF
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF759183867,?,?,00000000,00007FF759183B02,?,?,?,?,?,00007FF759183A8E), ref: 00007FF7591914D0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID:
                                                                  • API String ID: 3702945584-0
                                                                  • Opcode ID: 1676eb1c086681754cdec43adc27aa7b6a61153bc21780dab2384285e321c083
                                                                  • Instruction ID: 2441baf24181a47fd3dc2678456bd7e36d89fc638dad58850c883991f3c7466b
                                                                  • Opcode Fuzzy Hash: 1676eb1c086681754cdec43adc27aa7b6a61153bc21780dab2384285e321c083
                                                                  • Instruction Fuzzy Hash: 5B114720F0C26241FE59BF257A51239E2636F4A7A0ECC5334E82D1B7C6DF2CE5428620
                                                                  Function 00007FF75917EEE0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 300COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task$_invalid_parameter_noinfo_noreturn
                                                                  • String ID: H
                                                                  • API String ID: 4131450254-37590417
                                                                  • Opcode ID: 8d15d4be343cfcc83d1d693c0dcb39653d00ee63b835e551ac0eecf3c45be02d
                                                                  • Instruction ID: 5c52ce1eff8b285853041b8a2eaf02fc19e0136bf0b448256e846ee9237f61c3
                                                                  • Opcode Fuzzy Hash: 8d15d4be343cfcc83d1d693c0dcb39653d00ee63b835e551ac0eecf3c45be02d
                                                                  • Instruction Fuzzy Hash: D7B1D122B15B9682EE10EF65B44066AA3A4FB48BE4F984735EAAD077C4DF38D591C300
                                                                  Function 00007FF7591E0CE8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                  • API String ID: 3215553584-1196891531
                                                                  • Opcode ID: 035adfd8f30b7d3758a11a9300093ffa4a34d8b58ad662a0b6622189a8e9a0c0
                                                                  • Instruction ID: 1c6f1fac78307a043f08ec2f929d07bc4fb80ba42651784283e90176a8a51796
                                                                  • Opcode Fuzzy Hash: 035adfd8f30b7d3758a11a9300093ffa4a34d8b58ad662a0b6622189a8e9a0c0
                                                                  • Instruction Fuzzy Hash: 9481C032E0C62287FF746E35A250278AEB0AB10B44FDD803DEA4A57295CB3DF9419761
                                                                  Function 00007FF75911F1A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 1612978173-1405518554
                                                                  • Opcode ID: 5f073343040d0bdc564ba2085f01554342092d3c436d0d1b1f3e00217c640a7c
                                                                  • Instruction ID: 078125d4a32d27d4e01d54524981c65fb510087a34845b0931675fe6ad16309d
                                                                  • Opcode Fuzzy Hash: 5f073343040d0bdc564ba2085f01554342092d3c436d0d1b1f3e00217c640a7c
                                                                  • Instruction Fuzzy Hash: 5D518822B09B019AFF10EF60E4902BCB3B5EF44748F884439DE4D26A99DF38D515D3A4
                                                                  Function 00007FF75916DB46 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF75916DC67
                                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF75916DC6D
                                                                    • Part of subcall function 00007FF7591A85D8: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,-728320C5349B87FA,00007FF7591DC402), ref: 00007FF7591A8628
                                                                    • Part of subcall function 00007FF7591A85D8: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,-728320C5349B87FA,00007FF7591DC402), ref: 00007FF7591A8669
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ExceptionFileHeaderRaise
                                                                  • String ID: exists$ios_base::badbit set
                                                                  • API String ID: 240014264-2074760687
                                                                  • Opcode ID: 893500fba6649c79879436cc3c2455fd9b9589992b8a15c20b442d189fce4a5f
                                                                  • Instruction ID: 62e504796adb32aa0482d1b784d32c1992a46763c21f28c92b3f8697f3cf6102
                                                                  • Opcode Fuzzy Hash: 893500fba6649c79879436cc3c2455fd9b9589992b8a15c20b442d189fce4a5f
                                                                  • Instruction Fuzzy Hash: 4C410972A19BC695EE60EF14F4842EAB3B1FB84744F848132DA8D43AA9DF3CD545CB50
                                                                  Function 00007FF7591DB240 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: GetTempPath2W$kernel32.dll
                                                                  • API String ID: 1646373207-1846531799
                                                                  • Opcode ID: 1486a03457541e07cc672fa27f6337fb1d4ca800d066eee7c0edc0d6007ce8ef
                                                                  • Instruction ID: 64e6f8b47451a82b82e698b3ea0b3db01e271c3f8b5825767b1ca47f418a83ac
                                                                  • Opcode Fuzzy Hash: 1486a03457541e07cc672fa27f6337fb1d4ca800d066eee7c0edc0d6007ce8ef
                                                                  • Instruction Fuzzy Hash: BFE0ED21B18A0682FE44AF51F988479A331FF48B81F9C5036C90E07334DF2CE5958B10
                                                                  Function 00007FF75916AC40 Relevance: 6.4, APIs: 4, Instructions: 370COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn$FreeString
                                                                  • String ID:
                                                                  • API String ID: 1965679434-0
                                                                  • Opcode ID: a0518215b6139a30e2d0b05b40eab4b103e62f06007231baa91a109bccf00a02
                                                                  • Instruction ID: 522c3f5e184f923495e80beec3ca415aff752766c77f81772d32957eb7876960
                                                                  • Opcode Fuzzy Hash: a0518215b6139a30e2d0b05b40eab4b103e62f06007231baa91a109bccf00a02
                                                                  • Instruction Fuzzy Hash: 0BE1C262F18A958AFF00EFA5E0542ECA3B2EB05798F844531DE1D17BCADF38D5458350
                                                                  Function 00007FF759193AF8 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                  • String ID:
                                                                  • API String ID: 2718003287-0
                                                                  • Opcode ID: fa227f40509e3349170f30eb00e800148d5492ae5e34f4221cfa920054858855
                                                                  • Instruction ID: 0dc1c48c55fb67ef5d9666853d4381b9cf6de9a991857f7030d6b933583add25
                                                                  • Opcode Fuzzy Hash: fa227f40509e3349170f30eb00e800148d5492ae5e34f4221cfa920054858855
                                                                  • Instruction Fuzzy Hash: 74D10432B08A9189EB10DF75E4442ACB7B2FB45B98B884136DE5E97B89DF38D507C350
                                                                  Function 00007FF7591944B8 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF7591944A3,?), ref: 00007FF7591945D4
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF7591944A3,?), ref: 00007FF75919465F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleErrorLastMode
                                                                  • String ID:
                                                                  • API String ID: 953036326-0
                                                                  • Opcode ID: ea0dbdd26401f5cb4a0c0125367f5e5ac445343ac2477cca2c429100b6a00301
                                                                  • Instruction ID: 483cbedae866e86ada296367327088923f2b43df55a2c220e876472d7c9d9664
                                                                  • Opcode Fuzzy Hash: ea0dbdd26401f5cb4a0c0125367f5e5ac445343ac2477cca2c429100b6a00301
                                                                  • Instruction Fuzzy Hash: B691D572B0867185FF54AF65A4402BDABB2BB45B88FD85139DE0E57AC4DF38D442C720
                                                                  Function 00007FF759157C30 Relevance: 6.1, APIs: 4, Instructions: 147COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: 442a3f2e63092959279047d9b46c0cbf53dc3d671d930b4cddfffc36e77c1ecb
                                                                  • Instruction ID: 26eafdcd751259fffde10a7d8cea71938ec9e6e5e73f1397423d5de36693bb74
                                                                  • Opcode Fuzzy Hash: 442a3f2e63092959279047d9b46c0cbf53dc3d671d930b4cddfffc36e77c1ecb
                                                                  • Instruction Fuzzy Hash: FD519D72715B9591EE04DF28E08527CA379FB04F94F984636EA6C07A89DF38D8A1C340
                                                                  Function 00007FF7591329B0 Relevance: 6.1, APIs: 4, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                  • String ID:
                                                                  • API String ID: 3698853521-0
                                                                  • Opcode ID: 80cc20553d9414061597bb60507aa9aa6bd6410c5e84b27eea19aa1e6da68aff
                                                                  • Instruction ID: 2d2b24e277e6e8dbcc6622b85845f92860a79113c612f02f77c3527cf3661bbb
                                                                  • Opcode Fuzzy Hash: 80cc20553d9414061597bb60507aa9aa6bd6410c5e84b27eea19aa1e6da68aff
                                                                  • Instruction Fuzzy Hash: 8A516E22A18B5581EE90FF15F540269B3B4FB84B90F9C5531EA5D07B95DF3CE442C720
                                                                  Function 00007FF759134BC0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                  • String ID:
                                                                  • API String ID: 1168246061-0
                                                                  • Opcode ID: d97067b01ae72d56d3a67cf2b4b141078492a953b35c66c447eaf66f69042bf1
                                                                  • Instruction ID: 5c98d0d8c639e8082a559494d9d7f048c3bcc6ee9f91f43a30e51bb92e55ba4e
                                                                  • Opcode Fuzzy Hash: d97067b01ae72d56d3a67cf2b4b141078492a953b35c66c447eaf66f69042bf1
                                                                  • Instruction Fuzzy Hash: A3418D22A08B5581FF90AF21F450279A774FB88BA4F8C1532EA9D477A5CF3CE4428720
                                                                  Function 00007FF7591DB424 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharErrorLastMultiWide
                                                                  • String ID:
                                                                  • API String ID: 203985260-0
                                                                  • Opcode ID: ff24e7c81d8dd03fcc82aaf7c0397415c41f33d4ac3d30ba58ee66f2e510de4b
                                                                  • Instruction ID: 252e08f87e6d35b3e60e439e2c18f01e765c477a6ae06ac769da6ff429483436
                                                                  • Opcode Fuzzy Hash: ff24e7c81d8dd03fcc82aaf7c0397415c41f33d4ac3d30ba58ee66f2e510de4b
                                                                  • Instruction Fuzzy Hash: 89214D76A18B9587E750DF21E44432EB6B4FB88F94F680139DB8A57B55DF3CD4018B10
                                                                  Function 00007FF7591A7058 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                  • String ID:
                                                                  • API String ID: 2933794660-0
                                                                  • Opcode ID: 066ada9d6ce2bb7bf232f60978bcef186f182671c9b57ade480c1311d2a17256
                                                                  • Instruction ID: a0f0fa8a0f19f1991198ad407f86e225ca52a091b829c9c3b9f337044a9dc28c
                                                                  • Opcode Fuzzy Hash: 066ada9d6ce2bb7bf232f60978bcef186f182671c9b57ade480c1311d2a17256
                                                                  • Instruction Fuzzy Hash: 0E111C22B14B018AFB409F61E8542A873B4F719768F881E31DA6D477A4DF78E1598750
                                                                  Function 00007FF759167D60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 3988782225-1405518554
                                                                  • Opcode ID: 3a79e3869d5329002dfa2b05c04b2981efa5ddd06461e8928ffccf14c62afc19
                                                                  • Instruction ID: 25b963ccbdf594e8eef13c391e261f0c1c6edcdab2e83a050dbf0039684d0567
                                                                  • Opcode Fuzzy Hash: 3a79e3869d5329002dfa2b05c04b2981efa5ddd06461e8928ffccf14c62afc19
                                                                  • Instruction Fuzzy Hash: 5C512632B09A5189FF51EF70E4902BCA3B4EF44748F8C4835EA4D26A99DF38D815D364
                                                                  Function 00007FF759158314 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ; expected $unexpected
                                                                  • API String ID: 0-4241946875
                                                                  • Opcode ID: 5ce981b7561e0fc0e3e85bac79d7e6fce1540aa2c1395d19d479629a61d468d2
                                                                  • Instruction ID: 12645ad0abfcdfc3fb9e7d11201e8cd7e9e6d816681fd7c41ecba09d0d9c61bc
                                                                  • Opcode Fuzzy Hash: 5ce981b7561e0fc0e3e85bac79d7e6fce1540aa2c1395d19d479629a61d468d2
                                                                  • Instruction Fuzzy Hash: 24519162F1469599FF01EFA8E4403AC6B72EB007A8F990235DE1D5BAC9DF789486D310
                                                                  Function 00007FF759147440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 3988782225-1405518554
                                                                  • Opcode ID: ea6d5cef10d377d8c29865afa92fd0f44ff4892c0c6462302a2e263c04c2e362
                                                                  • Instruction ID: a6918f0d3ad819db3e1dc672e36ae9510e96eadead36e2f417ca0822db555f1b
                                                                  • Opcode Fuzzy Hash: ea6d5cef10d377d8c29865afa92fd0f44ff4892c0c6462302a2e263c04c2e362
                                                                  • Instruction Fuzzy Hash: C9512932B09A1189FF51EFA0E4902BCB3B4EF48748F8C4435EA4D6AA99DF38D515D364
                                                                  Function 00007FF75919A4A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                  • String ID: ?
                                                                  • API String ID: 1286766494-1684325040
                                                                  • Opcode ID: 178c9834567cdffd03bac7faf45fa38e90026ec5dba761da37376aa49044c63e
                                                                  • Instruction ID: 2c03e37dd98aaa3ed8fb783e917140018181e953c59e3f899bbc27cc0aa9f16a
                                                                  • Opcode Fuzzy Hash: 178c9834567cdffd03bac7faf45fa38e90026ec5dba761da37376aa49044c63e
                                                                  • Instruction Fuzzy Hash: 6241E422B082A256FF64AF25B41137AE6B2EB80BA4F984235EF5D06AD5DF3CD445C710
                                                                  Function 00007FF759194190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1884659745.00007FF7590F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7590F0000, based on PE: true
                                                                  • Associated: 00000000.00000002.1884628460.00007FF7590F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884772591.00007FF759202000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884876661.00007FF7592D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884906724.00007FF7592D6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1884982232.00007FF7592D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1885013118.00007FF7592DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff7590f0000_zmpZMfK1b4.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastWrite
                                                                  • String ID: U
                                                                  • API String ID: 442123175-4171548499
                                                                  • Opcode ID: 1a35e0ff9681dd9ffee4af38256a35880782598a07eb70b704dcc49749e705a6
                                                                  • Instruction ID: 00cf2027dc933ff85a41ec186fbd978c6c28f277d949ac2258d0a49e193976bb
                                                                  • Opcode Fuzzy Hash: 1a35e0ff9681dd9ffee4af38256a35880782598a07eb70b704dcc49749e705a6
                                                                  • Instruction Fuzzy Hash: D441D222B18A6186EB50AF65F4443AAB7B1FB88784F895131EE4D87788EF3CD441C750